Assignment: Information Security Incident Research Scenario
ABC Services Ltd (‘ABC') is a global financial services provider. To comply with local regulatory frameworks, they operate offices around the world, most of which have a legal requirement to store their Know Your Customer (‘KYC') information in on-site servers.
One of these servers, located in Lebanon, was recently infected with a variation of malware called ransomware, which has prevented ABC from accessing their local KYC data by encrypting it with a secret key. The threat actor behind the attack left behind a file on the server that demands a ransom for the return/decryption of this data.
Once they became aware of this incident, they instructed their local IT team to bring the server offline to mitigate the risk of the malware spreading across their network. They also activated their business continuity plans to minimize disruption to their core business, which involved recreating the servers from backups taken over a month ago.
ABC approached YOU to help them answer several questions, specifically:
1) What type of ransomware was used?
2) How is the ransomware typically delivered?
3) What is the likely profile of the original developers of the ransomware?
4) What is the likely profile of a threat actor using this ransomware?
5) Are there any known methods of decrypting the data encrypted by the ransomware?
6) What is the likelihood that the ransomware has exfiltrated data?
7) What additional information would you require to investigate whether the threat actor has exfiltrated KYC data?
Task
Research and prepare a written summary of findings to answer ABC's questions in an MS Word report. While you will certainly have to make assumptions about the situation, we will expect you to be able to explain and answer above questions at a high level about some of the key technical concepts involved in your findings.
Examples of topics you may consider including in the report are:
RDP, asymmetric encryption, brute forcing, and phishing. Be sure to capture the key findings from your research into the malware as well as the potential implications of this incident for ABC.
Format your assignment according to the following formatting requirements:
(1) The answer should be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides.
(2) The response also includes a cover page containing the title of the assignment, the student's name, the course title, and the date. The cover page is not included in the required page length.
(3) Also include a reference page. The Citations and references should follow APA format. The reference page is not included in the required page length.