AARP Info Security Board Meeting

A&F Committee Meeting - December 4, 2020

Employee Is Misled And Clicks On A Link Within A Phishing Email 1

Your les are now encrypted!

--------- BEGIN PERSONAL IDENTIFIER --------(redacted)

--------- END PERSONAL IDENTIFIER ---------

All your les have been encrypted due to a security problem with your PC.

RANSOMWARE

All your les have been encrypted due to a security problem with your PC.

Now you should send us email with your personal identi er. This email will be as con rmation you are ready to payfor decryption key. You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your les.

Ransomware Infects Computer And Rapidly Encrypts Data Files

sec

2

hr 1 hr 5 3

Infected Computers Communicate To The Attacker And The SOC Detects Ransomware And Suspicious Behavior AARP Security Operations Center (SOC) 4

Computer Emergency Response Team Begins Isolating RP Systems To Prevent Further Spread 5

The

SOC Uses Forensics To Identify Ransomware

6

Mandiant

ITS Attempts To Restore Previous Version Of A ected Files To Avoid Paying The Ransom 1100010101 00011101010101010 0101010101001101010 7

Information Security

8

Enforcement

of Treasury

Insurance Provider 9

Notify External Parties As Required Law

Department

Cyber

10

Ransom Payment Is Made In Exchange For The Decryption Key

11

Post-Event Closeout Includes Updating Preventative Controls, Improved Threat Hunting, and Implementing After-Action Report

12

Turn static files into dynamic content formats.

Create a flipbook

Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.