This glossary is from Learning Ransomware Response & Recovery by W. Curtis Preston and Dr. Mike Saylor. Browse all letters of the glossary or get the book.
Dark Web – Encrypted networks (like Tor) accessible only through specialized software, often used for illicit activities including selling stolen data and hosting ransomware leak sites.
DarkOwl – A threat intelligence platform that monitors dark web activity for stolen data and ransomware leak sites.
Data Exfiltration – The unauthorized transfer of data from a computer or network, often preceding ransomware encryption in double extortion attacks.
Data Loss Prevention (DLP) – Technologies and processes designed to detect and prevent unauthorized data transfers.
DBAN (Darik’s Boot and Nuke) – A free tool that performs complete zero-fill wiping of entire drives, including boot sectors and hidden areas.
Decompiling – The process of converting executable code back into a more readable format for analysis.
Decryption Key – The cryptographic key needed to unlock files encrypted by ransomware.
Decryption Tool/Decryptor – Software provided by attackers (or sometimes security researchers) to decrypt ransomware-encrypted files.
Deduplication – Technology that eliminates duplicate copies of data, storing each unique data segment only once to reduce storage requirements (source-side or target-side); changes in deduplication ratios can indicate ransomware.
Deep Packet Inspection – Advanced network analysis that examines the full content of data packets, not just headers.
Degraded Operations – Running business functions at reduced capacity using manual workarounds during system outages.
Digital Forensics – The process of collecting, analyzing, and preserving digital evidence from compromised systems.
Disassembling – Converting machine code into assembly language for analysis during reverse engineering.
Disaster Recovery (DR) – The process and systems for restoring IT operations after a major disruption or disaster.
Disaster Recovery Plan (DRP) – A documented strategy for recovering IT systems and data after disasters or major incidents.
DNS Filtering – Security service that blocks malicious domain name lookups before connections are established, preventing communication with known threat infrastructure.
Domain Controllers – Servers that manage user authentication and access permissions across a network; prime targets for attackers seeking to spread ransomware.
Double Extortion – Ransomware attack technique where attackers both encrypt data and threaten to leak stolen information if ransom isn’t paid.
Drive-by Download – Malware automatically downloaded to a system when visiting a compromised website, without user interaction.
Dropper – Malware designed to install or “drop” additional malicious payloads onto infected systems.
DLP (Data Loss Prevention) – Security controls designed to detect and prevent unauthorized data exfiltration attempts.
DumpIt – A free tool for capturing memory dumps from Windows systems for forensic analysis.
Dwell Time – The time period between initial system compromise and discovery of the infection; longer dwell time means more potential backup contamination. Averages over 180 days.Dynamic Analysis – Security analysis that examines what files do when executed, versus static analysis which only examines files at rest.