ABC Services Ltd (‘ABC’) is a global financial services provider. To comply with local regulatory frameworks, they operate offices around the world, most of which have a legal requirement to store their Know Your Customer (‘KYC’) information in on-site servers.
One of these servers, located in Lebanon, was recently infected with a variation of malware called ransomware, which has prevented ABC from accessing their local KYC data by encrypting it with a secret key. The threat actor behind the attack left behind a file on the server that demands a ransom for the return/decryption of this data.
Once they became aware of this incident, they instructed their local IT team to bring the server offline to mitigate the risk of the malware spreading across their network. They also activated their business continuity plans to minimize disruption to their core business, which involved recreating the servers from backups taken over a month ago.
ABC approached YOU to help them answer several questions, specifically:
What type of ransomware was used?
How is the ransomware typically delivered?
What is the likely profile of the original developers of the ransomware?
What is the likely profile of a threat actor using this ransomware?
Are there any known methods of decrypting the data encrypted by the ransomware?
What is the likelihood that the ransomware has exfiltrated data?
What additional information would you require to investigate whether the threat actor has exfiltrated KYC data?
They have provided you with a sample of the ransomware and asked you to carry out a preliminary investigation. The sample they provided contains the following key information:
Info.exe (the ‘executable’) – this is the file name of the ransomware that was used to encrypt ABC’s data.
[email protected] and [email protected] – these email addresses are provided in the ransom note left as a text file on the client’s systems, as a means of contacting the threat actor.
.no_more_ransom – this file name suffix is present on files encrypted by the ransomware that affected your systems and data.
Please research and prepare a written summary of findings to answer ABC’s questions in an MS Word report. While you will certainly have to make assumptions about the situation, we will expect you to be able to explain and answer above questions at a high level about some of the key technical concepts involved in your findings.
Examples of topics you may consider including in the report are:
RDP, asymmetric encryption, brute forcing, and phishing. Please be sure to capture the key findings from your research into the malware as well as the potential implications of this incident for ABC.
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.Read more
Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.Read more
Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.Read more
Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.Read more
By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.Read more