Defending Against CryptoLocker: Network Security and Incident Analysis

Verified

Added on 2021/06/14

AI Summary

This assignment delves into the intricacies of the CryptoLocker ransomware, elucidating its infection mechanisms within a Microsoft Windows environment. It outlines the ransomware's mode of operation, including how it infiltrates systems through various means such as email or exploiting network vulnerabilities, encrypts data using the RSA algorithm, and demands ransom for decryption. The assignment then transitions to a network security perspective, proposing best practices to defend corporate resources from CryptoLocker infections. This includes proactive measures such as user awareness, reinforcement strategies, and the implementation of robust security suites, including firewalls and anti-malware software. Finally, it addresses incident response, detailing the steps a security analyst should take upon detecting an infected machine. This involves containing the threat, mitigating its effects through network access restrictions, assessing the breach's scope, and implementing post-incident actions to prevent future occurrences. The assignment emphasizes the importance of patching software, maintaining a comprehensive backup system, and conducting thorough security training.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

1. How does CryptoLocker infect a machine on the network?
Answer – Cryptolocker is a ransomware trojan that gains admittance to a Microsoft
windows working framework. Ransomware programming is malignant programming
that gets into the client PC through email or some system related means and scrambles
the information or unendingly pieces access to it and requests that the client pay
payment to decode it. Cryptolocker is a progress ransomware which enters the
casualty's PC through covering up in email or finding a secondary passage to PC, at
that point it begins tainting the casualty's PC without telling the PC. It addresses its
focal server and begins scrambling the principle framework information utilizing RSA
calculation (called open key cryptography) and locks it. (Ducklin, 2013, p.4) The
aggressor holds the private key in their control server and without it client won't have
the capacity to get to the PC. At that point show message comes which offers to
unscramble the information if a payment is paid to them inside the stipulated time.
They undermines if cash isn't paid they will release the information or erase the
private key. Infact paying does not ensure the decoding procedure. Furthermore, if the
cash isn't paid them, they erase the key. At that point the best way to decode the
information is by online specialist organization which will cost them considerably
more in higher bitcoins. (Wikipedia, 2018, p.4).
(Anonymous, 2015).
2. From a network security perspective, what is the best approach in defending
your corporate network resources from CryptoLocker infections? Detail out the
machines and/or software resources that you would need to defend.
Answer – On the off chance that Cyrptolocker ransomware hits one PC, it begins to
collect as much as information to the end purpose of the PC. In corporate system there

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

are numerous PCs associated by means of Ethernet or remotely, this malware figures
out how to different PCs and taints them too and the other way around. The best way
to deal with keep the pernicious exercises is to make awareness about how the
Cryptolocker attacks the PC. Putting a little manual in each work area or making a
screen capture of manual in representatives work area will likewise help them to take
out the danger of malware assaults. There are numerous more methodologies which
will put down the danger of assaults. They are:
a. Creating a reinforcement framework which isn't mapped to the working PC and
following a general reinforcement plan. (Myers, 2013, p.4)
b. Updating or patching the software will help to install latest security updates.
c. It is good to have security suite such as firewall, anti-malware software installed
in your network. It will enable us to recognize dangers or suspicious conduct.
Malware creators oftentimes convey new variations, to attempt to stay away from
location, so this is the reason it is vital to have the two layers of security. On the
off chance that you keep running over a ransomware variation that is new to the
point that it moves beyond hostile to malware programming, it might at present be
gotten by a firewall when it endeavours to interface with its Command and
Control (C&C) server to get directions for encoding your documents.
We need to defend Microsoft based windows operating system. As of now it’s the
only one which is vulnerable to the attack. Generally the older versions of
windows operating system are prone to attack. (Ganorkar & Kandasamy, 2017,
p.4).
3. If upon detecting an infected machine an alarm is raised in the corporation's IT
department. As a security analyst, what will your approach be for containing the
threat, mitigating its effect and post-incident action?
Answer – As a security analyst understanding my business is casualty to a
ransomware assault I would stop network access of my computer to further spreading
to other computers. Crippling system access for PCs known to be contaminated by
viruses or other malware (so they can be isolated) and obstructing the records of
clients that may have been engaged with bad behaviour.
Finding a way to review or erase data, for example, reviewing messages, requesting
that unintended beneficiaries pulverize duplicates or debilitating connections that
have been erroneously posted. Survey the degree and seriousness of the break. The

outcomes will manage the consequent strides of your reaction. A careful evaluation
includes:
 Distinguishing who and what has been influenced. On the off chance that it's
unrealistic to tell precisely what information has been traded off, it might be
shrewd to adopt a moderate strategy to estimation.
 Evaluating how the information could be utilized against the casualties. On the
off chance that the information contains data that could be utilized for fraud or
other criminal action, (for example, names, dates of birth and Mastercard
numbers) or that could be touchy, (for example, restorative records), the
rupture ought to be dealt with as more serious. On the off chance that the
information has been encoded or anonymised, there is a lower danger of
mischief.
After break these activity ought to be taken after to avoid future ruptures:
 Quickly curing any distinguished security defects – changes ought to be
reflected in information security approaches and preparing reports (and if such
records don't exist, makes them.)
 Taking off preparing to important work force to guarantee that everybody is
up to speed on the most recent practices. (Lim & Swinson, 2015, p.4).
 Exploring game plans with other specialisst co-ops to guarantee that they are
liable to fitting information security commitments (and, if not as of now the
situation, make information security consistence a key rule connected in the
obtainment procedure).

References
Ducklin, P. (2013).CryptoLocker ransomware – see how it works, learn about prevention,
cleanup and recovery. [Online]. Available on:
https://nakedsecurity.sophos.com/2013/10/18/cryptolocker-ransomware-see-how-
it-works-learn-about-prevention-cleanup-and-recovery/ [Accessed: 06 March,
2018].
Wikipedia, (2018). CryptoLocker. [Online]. Available
on:.https://en.wikipedia.org/wiki/CryptoLocker [Accessed: 06 March, 2018].
Myers, L. (2013). 11 things you can do to protect against ransomware, including
Cryptolocker. [Online]. Available
on:https://www.welivesecurity.com/2013/12/12/11-things-you-can-do-to-protect-
against-ransomware-including-cryptolocker/ [Accessed: 06 March, 2018].
Ganorkar, S. S., & Kandasamy, K. (2017). Understanding and defending crypto-
ransomware. ARPN Journal of Engineering and Applied Sciences, 12, 3920-3925.
Lim, C. and Swinson, M. (2015). 5 steps to respond to a security breach. [Online]. Available
on:https://www.cio.com.au/article/580908/5-steps-respond-security-breach/
[Accessed: 06 March, 2018].
Anonymous,( 2015).What is CryptoLocker and What it Does to Your Computer?. [Online].
Available on:
https://vcompremium.com/what-is-cryptolocker-and-what-it-does-to-your-computer/
[Accessed: 06 March, 2018].

1 out of 4

Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support