Ransomware Threat Report – Project Brief
What is a Ransomware?
In a Ransomware attack an attacker encrypts and locks the data of the victim, this
includes sensitive and important documents. A Ransomware attack may lock the
authorized user out from the system as well. The attacker then demands for a
payment or ransom to unlock these files or system. These types of attack takes
advantage of software, network, system or human vulnerabilities to encrypt the
device of the victim. These end-point devices can be point-of-sale (POS) terminal,
wearable, smartphones, computer or even a printer.
Conti Ransomware
Conti is an extremely damaging ransomware due to the speed with which encrypts
data and spreads to other systems. In May 2022, the US government offered a
reward of up to $10 million for information on the group.
Project Overview:
In this project you would be required to perform a threat research on a ransomware
group. You can use the websites that have been discussed in the video lectures and
live mentored sessions. You can also use resources available on the internet to
research about the threat group.
The project consists of a total of 30 points.
Project Instructions:
You are a part of SOC (Security Operations Centre) team, and your role is of a threat
researcher. Through the threat intelligence sources, your team has come to know
that your organization faces a probable threat from the Conti ransomware group.
The CISO has asked you to prepare a threat report, specific to this ransomware
group.
You are expected to research and report the following for this group:
1. What is the origin of this group? (4 points)
Hint: Try to determine the first known attack and examine if you can trace that
attack to its originating country or known associates.
2. What is the motivation of the group? (4 points)
Hint: Try to analyse the known attacks by the group to understand what did
the group attain from that attack- was it financial profit or was it to gain
sensitive information or is it nation-state sponsored.
3. Were there any past successful attacks? If yes, name at-least three. (4 points)
4. Submit the MITRE ATT&CK navigator. (Excel format is preferred) (4 points)
Hint: Recall from the learning videos of the first week of the moduleUnderstanding Cyber Attacks
[email protected]
A4YTHD1KUQ
This file is meant for personal use by [email protected] only.
Sharing or publishing the contents in part or full is liable for legal action.
5. What are the IOC’s (Indicators Of Compromise) for this group? Mention atleast 4. (4 points)
6. What are your recommendations to the security team? (4 points)
7. Provide references of the data. It is mandatory to provide the references to
the source of your data. (6 points)
Submission Instructions:
1. Use the submission template PowerPoint document uploaded on Olympus to
submit your research.
2. Answer the above questions in a concise and organized manner.
3. Provide the references to the information you mention in the slides.
References can be added in the speaker notes or can be provided in an
additional slide.
4. Each slide can consist 3 – 6 bullet points. Afterall, we are meant to keep the
report easily understandable for the readers!
5. Make sure you add relevant information only, as the report would be shared
with your organization’s CISO!
6. Along with the PowerPoint presentation slides, please upload the MITRE
ATT&CK navigator in the Excel format to Olympus.
7. In the PowerPoint used for submission, you are free to have multiple slides for
sharing information on any of the elements you are researching about.
Project Support:
Q&A forum for offline support: Discussion board.
You can also post your queries on the discussion forums available on Olympus.
[email protected]
A4YTHD1KUQ
This file is meant for personal use by [email protected] only.
Sharing or publishing the contents in part or full is liable for legal action.