Project 3: Lockdown
In Project 3, your team is focused on preventing future incursions into the network and developing a business continuity plan to be deployed in case a breach occurs. There are 14 steps to be completed by the team, with the project culminating in the production of a video and forensics report that summarizes the lessons learned from the recent network breach. This project will take 14 days to complete. After reading the scenario below, proceed to Step 1 where you will establish your team agreement plan.
Before the summit, each nation set up its own secure comms network. As summit events began, your team responded to anomalous network activity that was detected on your agency’s server.
Now, to make matters worse, the next day you awaken to the news that summit attendees are unable to get access to the confidential summit data needed for the conference. All the computer screens show a pop-up message that says:
“Your Computer has been involved in Computer Fraud Activity!!! and has been locked down by the FBI and the Justice Department. Unless you pay the sum of $500 (FIVE HUNDRED DOLLARS)â€”in Bitcoin you will be arrested immediately! You have 48 hours to pay up via email – firstname.lastname@example.org.”
Your CISO has called an emergency meeting with your team. She begins to speak to the group.
“We’ve just been hit with the Reveton ransom attack, which pretends to be a warning from a country’s law enforcement agency. It locks you out of your PC and threatens criminal proceedings within 48 hours based upon very serious offenses. The message informs you that you can avoid prosecution by paying a fine to the attackers via Bitcoin. Based on the time of the incident, we believe that a single threat actor or group is responsible. This person or group is still unidentified.”
The CISO continues to brief you on the attack, confirming that no further information is known about the file, permissions, or tools used. Currently, systems show no signs of infection or additional malicious indicators.
The attendees at the summit are divided on what should be done. Some of them want to pay the moneyâ€”it’s a small sum contrasted with holding up the proceedings. However, cyber insiders know that once you pay a ransom, you set a precedent for further attacks since you appear vulnerable. Also, there is no certainty that paying the ransom will unlock the system. Hackers are not the most honorable of people.
In addition, you want to know how the attackers were able to infiltrate the system and plant the malware. What current protections are in place for systems at the summit? What methods and procedures are your team employing in response to the current attack? What is the plan if protections fall short? These are the questions pouring in from leadership, down to your CISOâ€”and now, to you.
Your CISO continues: “I need your team to provide a series of reports that will track this incident from start to recovery. Risk management briefings. Forensic reports. Situational reports. I need it all. They’ll all come in handy when it’s time to debrief our nation’s leaders.”
When you submit your project, your work will be evaluated using the competencies listed below. You can use the list below to self-check your work before submission.