Locked Up
An unknown attacker successfully breached the defenses of your organization, gaining unauthorized access to your domain. The intruder managed to distribute a potent strain of ransomware across the entire network. The impact has been swift and severe – all users are reporting an inability to access crucial files, and the administrative team is grappling with a critical issue: the ransomware has blocked access to the backup server.
The security team conducted an initial investigation and identified some unusual network activity. A scan of DNS traffic flagged a high-risk domain: anydeskhelp.com. These connections were not known to be malicious at the time of compromise and were not blocked. Using this information, analyze the intrusion and determine whether the organization can recover without paying the ransom.
The events in your SIEM can be found in the following timespan: 24 Feb - 26 Feb 2024.
Analyst
$17.49
/mo
Explore realistic pre-recorded attacks
Master full-featured defensive platforms
Browser-based challenges and modules
Extended attack videos
Grants access to Analyst content. You can cancel any time by returning to this page and following the cancellation steps.
Defender
$44.49
/mo
Instant fully interactive labs
Hands-on prevention and detection
Master offensive techniques
Security engineering exercises
Highly realistic and dynamic scenarios
Access to all Analyst-level content
Grants access to all Defender content, Analyst content and interactive lab environments. You can cancel any time by returning to this page and following the cancellation steps.