Assignment 2

Cyber Security

Submitted by-
Aniket Sharma
D3CSA1
1805159
Aim: Case study on recovery from information loss.

Direct-mail printing service

A few years later, in 2017, another of Macias' clients -- the owner of a direct-mail printing
service called to report he couldn't access his server. Macias logged into the network through a
remote desktop and saw someone had broken through the firewall. “I told the client, run as fast
as you can and unplug all the computers in the network,” he said. This short-circuited the attack,
but the hacker still managed to encrypt the server, five out of 15 workstations and the local
backup.

"What made this ransomware attack so bad was that it attacked the private partition that lets you
restore the operating system," Macias added. Although the ransom demanded was again only
$800, he advised against paying, since attackers often leave backdoors in a network and can
return to steal data or demand more money.

Fortunately, Macias had a full image-based backup of the client's network saved to a cloud
service. Even so, recovery was expensive, tedious and time-consuming. He had to reformat the
hard drive manually, rebuild the server from scratch and reinstall every single network device.
The process took about a week and a half and cost $15,000. "The client was just incredibly
grateful that all their data was intact," Macias said.

Although pleased the client's data loss was negligible, Macias wanted to find a more efficient,
less painful disaster recovery strategy. Shortly after the second ransomware incident, he learned
about a company called NeuShield, which promised one-click backup restoration. He bought the
technology for his own network and also sold it to the client that had been attacked. According to
NeuShield, its Data Sentinel technology works by showing an attacker a mirror image of a
computer's data, thus protecting the original files and maintaining access to them even if
encryption takes place.
California University

The University of California, based in San Francisco, suffered a ransomware attack that led to

hackers demanding a payment of $3 million on June 1, 2020. The university’s system was
targeted by malware that could encrypt various servers and steal and encrypt critical data. The
university negotiated and paid a ransom fee of $1.14 million but later revealed no data had been
compromised. 

Steps to recover from a cyber-attack

1. Determine what was lost

“The first step you should do after a cyber-attack is the most important, and also by far the most
overlooked. Sometimes it is pure laziness and other times companies don’t want to face reality,
but if you are the subject of a cyber-attack you need to determine exactly what information was
stolen. The reason for this is because the information stolen directly determines what your next
step is.

Think of it as one of those spider charts you see on a detective’s wall when they’re trying to pin
down a murder. They’re trying to make a connection with lines and pictures of people. You need
to make a similar chart after a cyber-attack. You start with whatever was stolen and then make
connections and steps from that information. If email addresses were stolen, your flow chart of
next steps is going to look extraordinarily different than if social security numbers were stolen.”

2. Replace the old with the new

Replaced every piece of security technology with new technology and added tools where it was
needed to create defense in depth. We concentrated on making the solutions highly integrated,
creating wide-ranging viability and alerting, and took advantage of automation. We consciously
balanced preventive tools with detective capabilities instead of one or the other.

3. Stop everything to find the virus

“One of my previous employers experienced a cyber-attack and they sprang into action right
away. The course of action was to find the virus that someone had downloaded from
a phishing email. Every computer was scanned and the internet was shut off all week to ensure
the virus didn’t spread or any other malicious emails were sent.

The following week, they were able to get all the computers cleaned so the internet was turned
back on. Following the attack, precautions were taken so that no outside emails were allowed in
the company's Outlook email server. If any were to come through they would immediately be
blocked. The company then made sure to conduct phishing training with mock scams sent to
people to teach them not to open unauthorized messages.”

4. Invest in proper software

“Preparing for an attack starts with assuming an employee will introduce malware into the
network and taking steps to prevent its spread when that happens. It's incredibly hard to prevent
employees from making mistakes, which is why organizations need security technologies that
prevent ransomware and spyware from spreading once the inevitable happens.”

5. Make the most of your backups

“A few years ago, I fought off a ransomware attack. An email came in to my customer’s

employee, claiming to come from a trusted source. The employee opened the attachment and
unwittingly launched a malicious program that scrambled many of the organization’s files.

This happens to people every day and the recovery process doesn’t have to be anything heroic. In
this case, I recovered all my customer's scrambled files from the previous day's backups and life
went on. Thankfully, they only lost one day of productivity, and so what could have been a
disaster turned into an inconvenience. We had a long talk with the employee about the dangers of
opening email attachments after that, and reminded everyone else to be careful.”

6. Keep the virus from spreading

“Due to the advancement of technology the cyber-attack is the most common thing occurring in
our day-to-day life. One must take some of the steps once the cyber-attack has been performed.
The first thing is to disconnect the internet, remove remote access, change the settings for
the firewall, and update the credentials of the affected system/account which may prevent future
attacks.
It’s also important to keep an eye on the affected system and make sure that it doesn't continue
spreading. When it is affected by the commercial level, notify all your staff and customers about
the attack and help them to take the necessary measures which can save them for the cyber
attack. You can take legal action towards the attack by reporting to the cybercrime department.”

7. Secure your passwords

“My company recently encountered an unusual scam with a hacker. We offer payouts to our
customers and send checks to them, and the hackers were using customer information to set up
accounts on eTrade and other online investment websites. They were also sending almost $5,000
at a time to their accounts.

The first step we did to stop the hackers and rectify the situation was, not only work with Bank
of America to reverse the charges, but also set up multi-factor authentication and use an
extremely secure and strong password. As an additional defense, we are using LastPass to keep
internal passwords private.”