Scribd Logo
Загрузить

Добро пожаловать в Scribd!

  • NASA Office of Inspector General Document On CryptoLocker

    Загружено:

    MotherboardTV
    6K просмотров3 страницы
    This document from the NASA Office of Inspector General details two cases where NASA computers got infected with CryptoLocker, a virus that encrypts a victim's files and holds the data for ransom.

    Оригинальное название

    NASA Office of Inspector General Document on CryptoLocker

    Авторское право

    © © All Rights Reserved

    Доступные форматы

    PDF или читайте онлайн в Scribd

    Этот документ был вам полезен?

    Это неприемлемый материал?

    Пожаловаться на этот документ
    This document from the NASA Office of Inspector General details two cases where NASA computers got infected with CryptoLocker, a virus that encrypts a victim's files and holds the data for ransom.

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PDF или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    6K просмотров3 страницы

    NASA Office of Inspector General Document On CryptoLocker

    Загружено:

    MotherboardTV
    This document from the NASA Office of Inspector General details two cases where NASA computers got infected with CryptoLocker, a virus that encrypts a victim's files and holds the data for ransom.

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PDF или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    из 3
    National Aaronautes and Space Administration Office of inspector General Gis of Investigations C-AR-14-0052-P January 24,2014 Cryptolocker ‘Ames Research Ceater ‘Moffett Field, CA CASE CLOSING: On October 24,2013, the RA was notified by MERRDIIR 17 Secority Group (1186), Ames Research Caner (ARC), tara BA ‘Computer system at ARC was infected by malware known as "Cryptolocke,” resulting inthe loss of acooss to NASA data, This incident was documented ia NASA Security Operations Center (SOC) Incident Management Systom (IMS) Tickot# SOC-20131024-312665, ‘Investigation by incident responders determined the svstem assed I as infoeted at 1013, October 23,2013. Further, |. TTSG-ARC, located the following file (and spawned process) running on tie rece system and identified it as the cause of the beaconing detected by the intusion detection system (DS): ¢: \Users\sjovic\appbata\ Loca! Son ec (on Decent 22015, te coortinted vit pac ecco Narre rrr vom cryolcerincaeas ASA (ert be iden av ARC currently under investigation) stated that there was one addtional Cryptolocker incident at NASA, which occurred at Kennedy Space Center (KSC), FL, and was documented in SOC incident Management System (IMS) Ticket# SOC-20131028-312298. 3st APPR: mm, ‘cassmcaTiOn. WARN ‘his acre te prey ft NASA Off aspera and i on toon yan. Cons my tsb coset any pat eon FOR OFFICIAL USE CN!) The review of SOC-20131028-313299 revealed it was a closed Category 3 (Malware) incident with the following description: Scr TI soning eA ‘malwareftependif dotcom), The beaconing Depan 1025-2013 21:09:20, $0C-20131028-313299 report tht the computer assigned EET nse hundreds of tousands of ntuson Detection System (DS) let ie cay se bps Deseo, ed hal man a te sletswers“ELTROJAN Cpl okt Ramm dekh Mowoter po in-ephinvestiatin nas conducted andthe vcum oem wen simp pul off tensor andre imagod to sinate ay possible fection ‘The reporting person on the incident wos I KSC 11 Security (TS6-KSO), On December 3, 2013, the RA interviewed IRIE regarding SOC IMS Ticket? SOC- 20131028-313299, AIR tyson in NII cso oma KC pve, vss canter managed and owed by Detiware Nort Companies Pars and Ress CONCERN tn te ome ine nt pan on tage dca Jed w DNCPiebemg elven a single NASA IP addres behind which they bave set upa NAC prory. Assueh, when an incident ocours with one of ie DNCPR computers bohind the NASA Te adres, ITSG-KSC cannot svexenteinstend, DNCPR personnel simply take the ated system offine and remediate ia provided the following contact information for NCPR personnel that may be sOTe to ast: (On December 3, 2013, the RA interviewed Delaware North Companies Parks and Resorts (UNCFR), Covoa Beach, Fr, eBAIGINg aly further information in his possession pertinent to this investigation, IIBIBY sta ha erected to incident, but tat standard DNCPR action incase ke ths {oremove the affected system fom te network, wipe -inage and et tt sence, No images ofthe affected system or ther information were availble for review. eee 2, TS

    Вам также может понравиться