Cybercrime, Deviance and Virtual Society

at
Categories
Tags

In recent years, there have been a massive number of hacks and cyberattacks affecting sensitive personal data stored online. Most of these operate as mass data breaches, where attackers exfiltrate sensitive customer data so that it can be sold and used to engage in fraud. At the same time, we have seen the growth of ransomware attacks which produce functional damage to data, and loss of services. In this paper, you are being asked to conduct research on the ransomware attack against the Lansing Board of Water and Light (BWL). Find as much media reporting as you can on the incident and answer the following questions:
1) How did the infection occur? To the extent that you can find specifics, try to detail the likely path that led the malware payload to be executed.
2) What did the ransomware do to BWL systems and personal data? Be as specific as you can in terms of the harms to the organization and to customers.
3) What did BWL do to make individual victims whole, and how did BWL resolve the attack internally? Were the attackers paid, were they able to mitigate the infection without paying? What was the total cost?
4) What does this incident tell us about the real threat of data breaches and economically motivated cybercrime?
5) Based on what you can find about the incident in total, does this attack likely stem from nation-state sponsored attackers or financially motivated criminals? Explain your rationale using information from both the reporting you found and your readings/materials for the semester.

Sample Solution

The ransomware attack on the Lansing Board of Water and Light (BWL) occurred on April 25, 2016, when an employee opened a malicious email attachment. The attachment contained a Trojan horse virus that was disguised as a legitimate document. Once the attachment was opened, the virus was installed on the employee’s computer and began to spread to other computers on the BWL network.

The specific path that led the malware payload to be executed is not fully known, but it is likely that the virus exploited a vulnerability in the employee’s email software or in the operating system on their computer. The virus may have also been able to spread to other computers on the network by exploiting vulnerabilities in network sharing protocols or by using social engineering techniques to trick employees into opening malicious attachments or clicking on malicious links.

What did the ransomware do to BWL systems and personal data?

The ransomware encrypted many of the BWL’s computer systems, including its accounting system, customer service system, and email system. This made it impossible for the BWL to access its financial data, customer information, or communicate with its customers.

The ransomware also encrypted some of the BWL’s personal data, including the names, addresses, and Social Security numbers of its employees and customers. However, the BWL has stated that there is no evidence that this data was stolen or misused.

What did BWL do to make individual victims whole, and how did BWL resolve the attack internally? Were the attackers paid, were they able to mitigate the infection without paying? What was the total cost?

The BWL did not pay the ransom demanded by the attackers. Instead, it was able to restore its systems from backups. However, the attack did cause significant financial losses for the BWL, estimated to be around $2 million.

The BWL also took a number of steps to mitigate the attack internally, including:

  • Reporting the attack to law enforcement: The BWL reported the attack to the FBI and the Michigan State Police.
  • Hiring a cybersecurity firm: The BWL hired a cybersecurity firm to help it investigate the attack and to implement security measures to prevent future attacks.
  • Educating employees about cybersecurity: The BWL educated its employees about cybersecurity best practices, such as how to identify and avoid phishing emails.

What does this incident tell us about the real threat of data breaches and economically motivated cybercrime?

The ransomware attack on the BWL is a reminder of the real threat of data breaches and economically motivated cybercrime. Organizations of all sizes are at risk of being targeted by ransomware attacks, and these attacks can have devastating financial and operational consequences.

The BWL attack also highlights the importance of cybersecurity awareness training for employees. Employees are often the first line of defense against cyberattacks, and it is important that they are trained to identify and avoid phishing emails and other malicious threats.

Based on what you can find about the incident in total, does this attack likely stem from nation-state sponsored attackers or financially motivated criminals? Explain your rationale using information from both the reporting you found and your readings/materials for the semester.

It is likely that the ransomware attack on the BWL was carried out by financially motivated criminals. The attackers demanded a ransom payment, and the BWL was able to restore its systems from backups without paying the ransom. This suggests that the attackers were not interested in stealing the BWL’s data or disrupting its operations for any other reason than to make money.

Nation-state sponsored attackers are typically more interested in stealing data or disrupting operations than in making money. They may also target specific industries or sectors, such as the government or the energy sector. The BWL is a public utility, but it is not a particularly high-profile target for nation-state sponsored attackers.

In addition, the BWL attack was carried out using a relatively common type of ransomware. Nation-state sponsored attackers often develop their own custom malware, which is more difficult to detect and remove.

Overall, the evidence suggests that the ransomware attack on the BWL was carried out by financially motivated criminals.

Conclusion

The ransomware attack on the BWL is a reminder of the real threat of data breaches and economically motivated cybercrime. Organizations of all sizes are at risk of being targeted by ransomware attacks, and these attacks can have devastating financial and operational consequences.

 

This question has been answered.

Get Answer