This glossary is from Learning Ransomware Response & Recovery by W. Curtis Preston and Dr. Mike Saylor. Browse all letters of the glossary or get the book.
B
Backdoor – Hidden methods attackers use to maintain access to compromised systems even after initial vulnerabilities are patched.
Backup – A copy of data stored separately from the original that can be used to restore the original if it becomes damaged, corrupted, or lost.
Backup Window – The time period during which backup operations can or do run, typically chosen to minimize impact on production systems.
Bad Sectors – Areas of a storage device that have failed or been marked as unusable; malware can hide in falsely-marked bad sectors to avoid detection.
BazarLoader – A malware loader often delivered by TrickBot that serves as a pathway for ransomware deployment.
Beaconing – When malware periodically “phones home” to command and control servers at regular intervals to receive instructions or report status.
Bitcoin – A cryptocurrency commonly demanded by ransomware attackers for ransom payments due to its perceived anonymity.
BitLocker – Microsoft’s full-disk encryption feature for Windows operating systems.
Blast Radius – The extent of damage or impact that a security incident can cause within an organization’s systems and data.
Blockchain-based Logging – A tamper-evident logging system that uses blockchain technology to ensure log integrity.
Block Storage – Storage that organizes data into fixed-size blocks, typically used for disk drives and SAN systems.
Block-level Incremental Backup – A backup method that only copies the specific blocks or bytes that have changed since the last backup, rather than entire files.
Blue Team – Cybersecurity professionals responsible for defending systems and responding to attacks (as opposed to red teams who simulate attacks).
Boot Sector – The first sector of a storage device containing code that loads the operating system; a common hiding place for persistent malware.
Break-glass Procedure – Emergency access procedures that allow bypassing normal security controls in crisis situations, typically with extensive logging and oversight.
Brute Force Attack – An attack method that attempts to guess passwords or encryption keys by systematically trying all possible combinations.
Burn Rate – The rate at which an organization loses money during downtime, typically calculated per hour.
Business Continuity Coordinator – The role responsible for maintaining business operations during a crisis, working parallel to the technical incident response leader.
Business Continuity Plan (BCP) – A comprehensive plan for maintaining business operations during and after disruptions or disasters.