Question

Find a current article from 2019 or newer explaining the details of a Ransomware attack. Use a word document to explain the details of the ransomware attack. Include a description of the security breach, the primary reason why the breach occurred, and as a cyber-security professional, how you would advise the client on steps to take to mitigate future breaches like the one you described. The document you create should be professional in nature. Imagine your document was being given to this client.

Discuss your answers in a well-developed reply of five or more sentences.

Answer 1

Let me explain,

Ransomware attack - Ransomware is a type of malicious software that blocks access to a computer system or data, usually by encrypting it, until the victim pays a fee to the attacker. In many cases, the ransom demand comes with a deadline. In many cases, the victim must pay the cybercriminal within a set amount of time or risk losing access forever. And since malware attacks are often deployed by cyberthieves, paying the ransom doesn’t ensure access will be restored. Ransomware holds your personal files hostage, keeping you from your documents, photos, and financial information. Those files are still on your computer, but the malware has encrypted your device, making the data stored on your computer or mobile device inaccessible. Ransomware attacks are all too common these days.

Depending on the type of attack, ransomware removal varies from simple to impossible. But the most common variants, known as filecoders or encryption ransomware, are far scarier: They encrypt your valuable files. Even if you manage to remove the malware itself, you still need to decrypt your data to access it. Ransomware Is a Dangerous Reality. However, the threat of ransom malware, or ransomware, is a real one ravaging the web today. Ransomware is any dangerous virus which can attack and encrypt the files on a PC or within an entire network, transcoding the files so that they become inaccessible to the creators. Once a malicious link is clicked or infected file opened, the ransomware is able to gain a foothold, quickly infiltrating the network and locking up files. In a matter of seconds, malware executables are released into the victim's system where they begin to quickly wreak havoc.

Here are four target groups and how each may be impacted.

- Groups that are perceived as having smaller security teams- Universities fall into this category because they often have less security along with a high level of file-sharing.
- Organizations that can and will pay quickly- Government agencies, banks, medical facilities, and similar groups constitute this group, because they need immediate access to their files — and may be willing to pay quickly to get them.
- Firms that hold sensitive data- Law firms and similar organizations may be targeted, because cybercriminals bank on the legal controversies that could ensue if the data being held for ransom is leaked.
- Businesses in the Western markets- Cybercriminals go for the bigger payouts, which means targeting corporate entities. Part of this involves focusing on the United Kingdom, the United States, and Canada due to greater wealth and personal-computer use.

The presence of ransomware (or any malware) on a covered entity’s or business associate’s computer systems is a security incident under the HIPAA Security Rule. A security incident is defined as the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system. Cybercriminals are now using hacking attacks and insider attacks to gain access to endpoints and extract data from within the organisations network , resulting in a security breach. Ransomware generally restricts access to the data on infected machines until the ransom is paid. A data breach however is a security incident in which sensitive or confidential data is copied and stolen from the organisation, it can then be used in a number of ways both for financial gain and to cause harm.

November 25, 2019 – New York Police Department fingerprint database was taken offline due to ransomware.

- A contractor working in the environment plugged in an infected NUC computer

- The infection spread to 23 other computers

- These were connected to the fingerprint scanning system

The malware was introduced to the police network via a contractor who was installing a digital display.

The New York Police Department’s database of fingerprints was knocked offline over the weekend thanks to a ransomware scare, according to reports.

The malware was introduced to the network via a contractor who was installing a digital display, according to an article in the New York Post. To do the install, the person (the company has not been identified) plugged a NUC mini-PC into the network, which turned out to be infected with the malware. The installer was questioned but not charged with any crime – suggesting that the incident was inadvertent.

From there, the ransomware rapidly proliferated to 23 other machines connected to the LiveScan fingerprint-tracking system, the NYPD told the Post.