Home > Courses > FOR528: Ransomware and Cyber Extortion

FOR528: Ransomware and Cyber Extortion

Training Provider: SANS TRAINING SINGAPORE PTE. LTD.
Course Reference: TGS-2024051246
S$4,450
Original: S$8,900
Save S$4,450

About This Course

FOR528: Ransomware for Incident Responders provides the hands-on training required for those who may need to respond to ransomware incidents. The term "Ransomware" no longer refers to a simple encryptor that locks down resources. The advent of Human-Operated Ransomware (HumOR) along with the evolution of Ransomware-as-a-Service (RaaS) have created an entire ecosystem that thrives on hands-on the keyboard, well-planned attack campaigns. Our course uses deftly devised, real-world attacks and their subsequent forensic artifacts to provide you, the analyst, with all that you need to respond when the threat become a reality.

What You'll Learn

The FOR528: Ransomware and Cyber Extortion course teaches students how to deal with the specifics of ransomware to prepare for, detect, hunt, respond to, and address the aftermath of these attacks. The course features a hands-on approach to learning using real-world data and includes a full day capture the flag (CTF) challenge to help students solidify their learning. The four-day class teaches students what artifacts to collect, how to collect them, how to scale collection efforts, how to parse the data, and how to review the parsed results in aggregate.

The course also provides in-depth details and detection methods for each phase of the ransomware and cyber extortion attack lifecycle. These phases include Initial Access, Execution, Defense Evasion, Persistence, Attacks on Active Directory (AD), Privilege Escalation, Credential Access, Lateral Movement, Data Access, Data Exfiltration, and Payload Deployment.

Unfortunately, many businesses will find themselves falling victims to ransomware attacks because they feel they are not in danger. Regardless of whether your organization is small, medium, or large, every internet-connected network is at risk... and the threat is not going away any time soon.

Entry Requirements

A background in Incident Response (IR) is suggested. This course is aimed toward the incident responder who needs to respond to ransomware attacks. Thus, IR experience or at least alert triage experience such as one acquired within a SOC or CIRT is recommended. Additional recommended experience includes Windows artifact identification and analysis, such as one learns in FOR500: Windows Forensic Analysis. Finally, we recommend familiarity with regular expressions (regex) along with general SIEM use. All these items are covered in the course, but the general idea is to have experience working incidents. Participants should be proficient in written and spoken English. There are no minimum entry requirements for years of experience in the domain, education level or age group; but participants should possess the relevant prerequisite skills mentioned above before taking the course.

Course Details

Duration 34 hours
Language English
Training Commitment Part Time
Total Enrolled New course
Back to All Courses
Note: To apply for this course, visit the SkillsFuture website or contact the training provider directly.

More Courses from SANS TRAINING SINGAPORE PTE. LTD.

FOR500: Windows Forensic Analysis

FOR500 builds in-depth and comprehensive digital forensics knowledge of Microsoft Windows operating ...
Duration 50 hours
Fee After Subsidy S$5,550
View Details

FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics

Threat hunting and Incident response tactics and procedures have evolved rapidly over the past sever...
Duration 50 hours
Fee After Subsidy S$5,550
View Details

FOR509: Enterprise Cloud Forensics and Incident Response

The world is changing and so is the data we need to conduct our investigations. Cloud platforms chan...
Duration 50 hours
Fee After Subsidy S$5,550
View Details