This glossary is from Learning Ransomware Response & Recovery by W. Curtis Preston and Dr. Mike Saylor. Browse all letters of the glossary or get the book.
Eamfo – Specialized malware designed to steal credentials from Veeam backup software to enable data exfiltration through backup systems.
EDR (Endpoint Detection and Response) – Security software that monitors endpoints for suspicious behavior and can automatically isolate infected systems.
EFI System Partition (ESP) – A special partition on modern computers containing boot loaders; can harbor malware that loads before the operating system.
Emotet – A botnet malware frequently used by ransomware groups as an initial entry point into victim networks.
EnCase – Enterprise-grade digital forensics software for evidence collection and analysis.
Encryption – The process of converting data into coded form to prevent unauthorized access.
Encryption at Rest – Data encryption applied to stored data on disk or other media.
Encryption in Transit – Data encryption applied while data is being transmitted over networks.
Endpoint – Any device that connects to a network, including workstations, laptops, smartphones, and IoT devices.
Endpoint Detection and Response (EDR) – Security software that monitors endpoints for malicious activity and enables rapid response to threats.
Entra ID (formerly Azure AD) – Microsoft’s cloud-based identity and access management service.
Epoch Date – The number of seconds since January 1, 1970, used in Unix-based systems for timestamp calculations.
EPP (Endpoint Protection Platform) – Traditional antivirus/anti-malware software that prevents known threats.
Eradication – The phase of incident response focused on permanently removing every trace of ransomware and attacker tools from infected systems.
ERP (Enterprise Resource Planning) – Integrated software systems managing core business processes like finance, HR, and manufacturing.
Evidence Preservation – The process of protecting and documenting digital evidence from tampering or destruction during incident response.
ExMatter – A data exfiltration tool used by ransomware groups to steal sensitive information before encryption for double extortion attacks.
Extended Detection and Response (XDR) – An integrated security platform that provides unified visibility and response across endpoints, networks, and cloud services, correlating threats with automated response capabilities.