ランサムウェアLockBitの脅威に立ち向かった大学の闘いの記録 Locked Up : Cybersecurity Threat Mitigation Lessons from A Real-World LockBit Ransomware Response

著者名：Lewis, Zachary

Wiley（2025/12/16発売）

• 言語：ENG
• ISBN：9781394357048
• eISBN：9781394357055

Description

A gripping true story about one ransomware attack and the hands-on lessons you can learn from it

In Locked Up: Lessons Learned from A Real-World LockBit Ransomware Response, veteran IT and cybersecurity executive Zachary Lewis, delivers a gripping, first-person account of how a major university squared off against one of the world's most infamous ransomware groups: LockBit. He walks you through his personal experience battling – and negotiating with – LockBit, as well as the strategies, tools, and approaches he used in resolving the crisis.

The book is a detailed, darkly funny, and behind-the-scenes account of an increasingly common and feared event for organizations of all types and sizes. It offers up-to-date advice for people tasked with preventing, responding to, and recovering from ransomware attacks. You'll find:

• Insightful crisis management lessons applicable to both technical and business leaders
• Hands-on technical solutions you can apply to prevent catastrophic data loss during a ransomware event
• Techniques to manage the intense operational, emotional, and interpersonal challenges that arise in the midst of an unexpected crisis

Perfect for IT professionals, cybersecurity leaders, and business decision-makers in higher education, healthcare, government, and nonprofit organizations, Locked Up is also a must-read for business continuity planners, legal counsel, and anyone else with an interest in real-world cybersecurity.

Table of Contents

Foreword xv

Introduction: The Attack xix

Part I: Leading to the Attack 1

Chapter 1: A New Breed of Criminals 3

A History of Encryption 4

A Perfect Storm 5

Ransomware-as-a-Service (RaaS) 7

The Rise of LockBit 9

LockBit Begins 10

LockBit 2.0 12

Pitch Black: LockBit 3.0 14

A Bug’s Life 16

Cybercrime Inc. 17

A Series of Unfortunate Exploits 20

CyberCon Air 21

The Silicon Giant 21

Big Trouble in Little China 22

You’ve Got Royal Mail 22

The Bank Job 23

The FBI Strikes Back 23

LockBit: Resurrections 25

LockBit: Endgame 27

References 28

Chapter 2: Easy Prey 31

Higher Ed and the Internet 31

From Openness to Exposure 34

Special Challenges of Higher Ed 34

Creative Solutions 35

Changing the Culture 37

Case in Point: Michigan Medicine 38

Digital Museums 39

Data Goldmines 43

The PII Pipeline 43

Prime Data, Prime Targets 44

A Sector Under Siege 46

When Learning Gets Locked Down 47

References 49

Chapter 3: Cybersecurity at UHSP 51

Infrastructure Background 52

Into the Cloud 55

A Crisis of Connectivity 55

Securing Email 56

Attack Preparedness 57

Bringing Leadership into the Fold 58

Assessing Our Risks 59

The Attack 60

From Outage to Incident 61

Turning to Incident Response 63

Calling in the Experts 64

Iron Sharpens Iron 65

Into the Fire 66

Contents xi

Part II: Responding to the Attack 67

Chapter 4: The Leadership Response 69

Dialing into Disaster 70

Working the Night Shift 74

Assembling the War Room 75

Digging for Answers 78

April’s Fool 82

Chapter 5: The War Room 85

The Files We Forgot 88

A Last Hope 90

Active Recovery 92

Getting to Work 95

Public Relations 97

Chapter 6: Countdown to the Data Dump 101

Breaking News Kind Of 103

We Scheduled This Chaos, Actually 108

Ransom, Now 50 Percent Off 110

The Data Drops 111

Part III: Recovering From the Attack 115

Chapter 7: The Data Dump 117

Reviewing the Files 117

Million-Dollar Bargain Bin 120

Notifying the Impacted Parties 122

Location, Location, Legislation 127

Looking Back and Forward 130

Chapter 8: Strengthening Security Post-Attack 133

The MOVEit Cybersecurity Crisis: Breached by Association 133

Transparency at the Top 136

Recognizing Our Failures and Weaknesses 137

Identifying Our Successes 137

Security Posture and Progress 138

Graded on a Curve 142

Making Friends in Federal Places 144

Lessons You Only Learn the Hard Way 147

Chapter 9: Reflections and Lessons Learned 151

Backups 152

Incident Response Planning and Tabletop Exercises 154

Cyber Insurance 155

Communication 156

Third-Party and Supply Chain Vulnerabilities 160

Passwords and Credentials 161

Wrapping Up 162

Part IV: What Organizations Can Do 165

Chapter 10: Building a Resilient Cybersecurity Program 167

Knowing What You Have 169

Mapping Applications and Vendor Access 170

Why All This Matters 171

Picking a Framework 172

Implementation Groups (IGs) 173

Control Categories 173

Understanding the Business 174

Get Executive Buy-In 176

Shaping Policy and Culture 178

Documenting Everything 180

Processes and How-Tos 180

Incident Response Plan 181

Backup and Recovery Plan 181

Cybersecurity Strategy 182

Environment and Infrastructure 183

Handling Regulation Concerns 183

Enlisting Outside Help 185

Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) 186

Government Resources 186

InfraGard Membership 187

Contents xiii

Industry Conferences and Local Groups 187

Insurance 187

What’s Next 189

Reference 192

Chapter 11: Implementing Strong Technical Controls 193

Multifactor Authentication (MFA) 195

Endpoint Detection and Response (EDR) 198

Backups 199

Patching 201

Email Protection 202

Encryption 204

Security Information and Event Management (SIEM) 205

Microsoft 207

What I Didn’t Cover 209

References 213

Chapter 12: Responding to a Cyberattack 215

The First 24 Hours 217

Negotiation and Law Enforcement Involvement 219

Reputational Implications 221

Negotiating 222

Forensic and Root Cause Analysis 223

Regulatory Reporting and Legal Considerations 225

Public Relations and Rebuilding Trust 228

Long-Term Recovery and Continuous Improvement 230

References 235

Epilogue: The Calm We Earned 237

Appendix: Cybersecurity Onboarding Checklist: A 30–60–90–120-Day Plan 241

Acknowledgments 243

About the Author 245

Index 247