Ransomware Attack Briefing Presidents Leadership Council October - - PowerPoint PPT Presentation

▶

May 17, 2023 161 likes •333 views

Ransomware Attack Briefing Presidents Leadership Council October 21, 2019 August 8 Cyberattack Summary : The attack was severe and sophisticated; categorized as a catastrophic attack. It was highly strategic with regard to timing

SLIDE 1

Ransomware Attack Briefing

President’s Leadership Council October 21, 2019

SLIDE 2

August 8 Cyberattack Summary:

The attack was severe and sophisticated; categorized as a “catastrophic” attack.
It was highly strategic with regard to timing with a university as the target.
There were three main elements:
1. Phishing / account compromise, iteratively escalated
2. Command‐and‐control (C2)
3. Cryptoware / malicious data encryption
Ransom negotiation was sought; we did not engage or pay a ransom.

SLIDE 3

Timeline:

August 8:

Attack begins in early hours; users begin reporting encryption.
Cyber Incident Response Protocol is immediately initiated.
On‐premise systems are intentionally taken down.
Cybersecurity partner is engaged through Stevens cyber liability insurance.
EMT implementation is requested and Stevens declares Level 3 Emergency.
Business Continuity is initiated, and areas prepare for coordination.
Containment and remediation continues overnight.

SLIDE 4

Timeline, continued:

August 9:

Re‐attack is immediate, and live / operational systems are hit in real‐time.
All systems and networks are downed; all accounts are reset.
Internet connectivity is disabled.
By mid‐day, the decision is made to abandon the legacy Stevens network and

construct a new, secure, segmented network.

Planning and execution begin on the new network.

SLIDE 5

Timeline, continued:

August 10‐11: New network is engineered, and implementation begins. BC operations

center is established.

August 13: User authentication re‐enabled, Skyline WiFi implemented, cloud services

become available.

August 16‐17: Access to O365 email restored, international student processing

brought online.

August 19: Student information system and ancillary systems brought online.
August 20‐22: Financial Aid, Student Accounts brought online.
August 23‐25: Students enrolled; course schedules completed.
August 26: Fall 2019 classes begin on time. Recovery of >75 systems continues.

SLIDE 6

SLIDE 7

SLIDE 8

A large number of old, abandoned, unmanaged, and/or unprotected systems across campus, including “shadow systems” had been compromised; it was a practical impossibility to find and eliminate them.

Old PCs become weapons that are used against us.

SLIDE 9

SLIDE 10

SLIDE 11

SLIDE 12

SLIDE 13

SLIDE 14

SLIDE 15

SLIDE 16