You have been the Information Security Manager at ABC Manufacturing for six mont

Question

You have been the Information Security Manager at ABC Manufacturing for six months and have a semi-proficient CIRT. Today, Marcus, who works at one of the internal clients shown in Figure 2-2 of the textbook reports to the IT help desk that his computer is inaccessible and the screen prompt is demanding $300 to unlock the computer. Explain the following in your post:

What type of attack is Marcus experiencing?

What actions does the CIRT take in handling the incident?

What is the impact and priority of the incident?

Explanation / Answer

Answer)

CIRT is Computer Incident Response Team which is responsible for handling security problems and security breaches and attacks on the computers.

Marcus' computer has been inaccessible and the screen prompt is demanding $300 to unlock the computer. This is an example of Ransomware attack where the PC is attacked and locked out by an attacker, and then the attacker asks for a ransom, which given, he promises to unlock the computer.

The CIRT will take in the computer, analyze how the computer was attacked and try to restore the computer to a working state by overthrowing the Ransomware that the attacker installed and infected the computer. The CIRT has to find and remove the ransomware. Boot in safe mode. Install and update anti-malware and antivirus software. Restoring the computer to a previous working state is also another option. Thus all these actions have to be taken by the CIRT to resolve this issue and make the PC infections free.

This is a high impact and high priority incident as Marcus would not be able to use his PC and his PC is totally infected by the attacker. The PC is locked out by the attacker using the ransomware and until fixed all data and everything contained in it will be unusable.

Related Questions

Navigate

• Browse (All)
• Browse Y
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.