Question

In: Computer Science

Wana Decryptor Attack Case Study - Part 1 Scenario: You are employed at a bank of...

Wana Decryptor Attack Case Study - Part 1

Scenario:

You are employed at a bank of medium size, worth 5 billion dollars. The IT Director reports to the CIO – both the CIO and CISO report to the COO. At 11:00 A.M. on a Monday morning, the IT Help Desk receives a call from a user in the Wire Transfer Department. He reports that his computer is frozen, and appears to have a message that some type of ransom is requested to free the files up from a type of encryption.

What should your help desk do next? Consider the following:

  • What is your response plan to this incident?
  • How would you escalate this situation?
  • Who would you notify?
  • What is your customer notification plan?
  • What is the relevant regulatory requirement?

Let’s identify the most probable sequence of events. Select One:

  1. The Help Desk opens a ticket, assigns it to a technician to respond to the user’s workstation, to inspect and determine what the actual problem is and whether it is a virus or a computer issue that could be resolved by the IT team.
  2. The Help Desk instructs the user to unplug his computer from the network, proceeds to open a ticket and assigns an IT tech to inspect the user’s computer for an analysis and a possible solution.
  3. The Help Desk simultaneously proceeds to notify the IT Director of the issue, dispatches a technician and awaits feedback.
  4. In addition to #3, the Help Desk proceeds to inform the CISO of the occurrence.
  5. The Help Desk instructs the user to shut down and restart his computer to see if the problem has been remedied before taking any action.
  6. Any other actions that are not listed above?

As you reflect on what to do and what may happen, the IT Technician arrives:

  • The technician immediately determined and reported that the computer was infected with Ransomware.
  • He states that there is no way to remove the malware other than disconnecting it from the network and re-imagine it.
  • The other option is to pay the ransom of $300.00.

What now? Post your primary thoughts on the scenario, considerations on the most probable next steps, and what you would do after learning the new information from the IT technician's report then find commonalities and differences in your thoughts and approaches and discuss as a class.

Solutions

Expert Solution

Solution : Being the IT Help desk as i received call from a user that his computer is frozen and appears to have been attacked by cyber attackers.

Things that i would recommend: Right off the bat never pay the payoff, A full framework restore may be all together , have a go at running a sweep from a bootable CD or USB drive ,f you notice your framework easing back down for apparently no explanation, closed it down and disengage it from the Internet. On the off chance that, when you boot up again the malware is as yet dynamic, it won't have the option to send or get directions from the order and control worker. That implies without a key or approach to separate installment, the malware may remain idle. At that point, download and introduce a security item and run a full output.

Response plan to the incident :Seclude influenced framework ,Quarantine the malware- If the malware is as yet running, memory dumps ought to be made before isolate to make a full record of any malignant cycles that are running. The memory dump may contain the key material that was utilized to encode the documents, which can possibly be removed and used to assist casualties with unscrambling records without paying the ransom, Identify and explore tolerant zero-Identifying quiet zero (for example the wellspring of the disease) is pivotal for seeing how assailants accessed the framework, what different moves they made while they were on the organization and the degree of the contamination. Identifying the wellspring of the disease is valuable for settling the flow episode, yet can likewise assist associations with tending to weaknesses and lessen the danger of future trade off.

How to escalate this situation:

Step1 : Unplug influenced PCs, PCs and different gadgets from the organization – yet DO NOT close them down.

Stage 2: Make a call. Try not to send an email alert about the assault (you should be disconnected); rather telephone your outside network safety uphold or capable inner asset.

step3 : Carry out a first-level criminological examination to discover the degree of the danger. Which area? What ransomware would you say you are confronting? What network components are influenced? This is the reason you have to keep your workstations pursuing you've unplugged them from the organization.

stage 4 :Protect what is as yet sheltered. It is a slip-up to zero in on rebuilding at this stage. Rather, you have to stop the ransomware spreading before you start to reestablish your workstations. How? Close down the organization component.

stage 5: Clean your IT element, Don't neglect to address your lord pictures before doing a full reestablish of the PCs.

Step 6: Begin restoration, each PC in turn.

How would you notify:

Make a call. Try not to send an email alert about the assault (you should be disconnected); rather telephone your outside network safety uphold or capable inner asset.

Customer notification plan: It's currently simpler than any time in recent memory to examine being proactive about online protection with clients. Practically consistently, there's a story in the report about another information penetrate affecting an organization's client base. Utilizing notable models can help you with suggesting the topic of attack with clients.

Relevant regulatory requirement -

Contact cyber crime office , cyber crime is extensively separated into two classifications dependent on use of PCs as

1. Target (model, Hacking, Virus Attack)

2.  Weapon (model, digital psychological warfare, IPR infringement, erotic entertainment).

When the technican immediately determined the malware then the above steps as described for things that IT help desk would recommed should be done.


Related Solutions

(ONLY NEED ANSWER FOR PART 4 OF THIS CASE STUDY) Wana Decryptor Attack Case Study -...
(ONLY NEED ANSWER FOR PART 4 OF THIS CASE STUDY) Wana Decryptor Attack Case Study - Part 1 Scenario: You are employed at a bank of medium size, worth 5 billion dollars. The IT Director reports to the CIO – both the CIO and CISO report to the COO. At 11:00 A.M. on a Monday morning, the IT Help Desk receives a call from a user in the Wire Transfer Department. He reports that his computer is frozen and appears...
PART 3 – MARK ANGELO CASE STUDY You are a business development officer of ABC bank....
PART 3 – MARK ANGELO CASE STUDY You are a business development officer of ABC bank. An existing client of yours told you about Mr Mark Angelo who is presently banking with MMM bank. You were told that Mr Angelo is a very rich and influential client who could be approached to move his business to your bank should you be able to offer him favourable rates. During your initial contact with Mr Angelo he indicated that he is not...
Part 1: Case study analysis These questions relate to the case study and should be answered...
Part 1: Case study analysis These questions relate to the case study and should be answered in the context of the information provided. Case 1: A midsized biopharmaceutical (ALFA) company with hundreds of employees worldwide recently faced a crossroads. The company was growing rapidly, but its internal contract management process wasn’t equipped to keep up with the demands of a larger company. Because the company relied on paper-based manual processes, it encountered inefficiency across departments. End users submitted paper forms...
Case Study - Part 1 of 3 You are the newly hired HR Manager for a...
Case Study - Part 1 of 3 You are the newly hired HR Manager for a small chain of locally owned coffee shops that has grown from 4 shops a year ago to now operating 10 stores across Calgary as well as a main central office for administration (accounting, marketing, legal, supply chain, IT and HR functions). As your first objective, the owner has indicated that they want you to review the current compensation program to ensure that it is...
Case Study: To recall or not to recall? That is the question You are part of...
Case Study: To recall or not to recall? That is the question You are part of the executive team of Nature Only, LLC, a small business that manufactures wholesome organic snacks, such as granola bars, trail mix, and popcorn. One of your suppliers sent an email to your CEO stating that the last stock of oats sent to Nature Only may have been contaminated with Listeria, which can either be completely harmless or cause serious and sometimes fatal infections in...
Develop a 1- to 2-page case study analysis in which you: Based on the scenario. Explain...
Develop a 1- to 2-page case study analysis in which you: Based on the scenario. Explain why you think the patient presented the symptoms described. Identify the genes that may be associated with the development of the disease. Explain the process of immunosuppression and the effect it has on body systems. Scenario 3: A 34-year-old Hispanic-American male with end-stage renal disease received a kidney transplant from a cadaver donor, as no one in his family was a good match. His...
Case 3 Antiock Hardware: An Inventory Case Study This case study presents a scenario where an...
Case 3 Antiock Hardware: An Inventory Case Study This case study presents a scenario where an error in the inventory valuation, that may prove to be significant, was found by the external auditor of a large wholesale hardware distributor during the course of their audit. Since the objective of all audit clients is to obtain an unqualified opinion, the case focuses on the ability of the client to correct the error to the extent possible and the procedures the external...
Case Study #2 Part 1. Make a case study (written by medical professionals for medical professionals)...
Case Study #2 Part 1. Make a case study (written by medical professionals for medical professionals) using 10 words in list below. 1)     Chancre 2)     Coitus 3)     Potency 4)     Urethritis 5)     Vasectomy and/or Vasovasostomy 6)     Sterile and/or Sterilization 7)     Amenorrhea and/or Dysmenorrhea and/or Menorrhea 8)     Dyspareunia 9)     Hysterosalpingography 10)   Culdocentesis 11)    Menarche 12)   Menorrhagia 13)   Puerperium 14)   Anovulatory 15)   Gravida 1 Part 2. define the words listed within the context they are used in the case study you just made Define all the words in the list above
Case Study- Read the case study scenario, answer the questions below, and explain the rationale for...
Case Study- Read the case study scenario, answer the questions below, and explain the rationale for your answer. Glenna, age 38, lost leg function during a motor vehicle accident at age 16. She plays basketball at the community center and teaches aerobic classes for wheelchair-bound people three times a week. She manages a medical equipment rental business since her husband died. Business is not profitable. A physician’s referral was made to the public health department for a developmental assessment. A...
Case Study- Read the case study scenario, answer the questions below, and explain the rationale for...
Case Study- Read the case study scenario, answer the questions below, and explain the rationale for your answer. Glenna, age 38, lost leg function during a motor vehicle accident at age 16. She plays basketball at the community center and teaches aerobic classes for wheelchair-bound people three times a week. She manages a medical equipment rental business since her husband died. Business is not profitable. A physician’s referral was made to the public health department for a developmental assessment. A...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT