Project 4‐ Ransomware and Mitigation - benjigifford/SEC-440 GitHub Wiki

Deliverable 1.

A professional demonstration that walks through your malware using a test case against your chosen OS target file-set

Deliverable 2.

A professional demonstration that illustrates how the threat was mitigated. Show recovery from Deliverable 1.

• Both deliverables are available as one video here

Deliverable 3.

Tech Journal

• README.md
• Code

Reflection

1. Encryption Basics

Through this project, I gained a deeper understanding of symmetric and asymmetric encryption methods. I learned how to use the cryptography library in Python to implement AES-CTR encryption for file data and RSA encryption for symmetric key storage.

2. RSA Key Pair Generation and Management

I learned how to generate and manage RSA key pairs, which are essential for securely encrypting and decrypting the symmetric key used for file encryption.

3. File Operations in Python

The project also improved my skills in handling file operations using Python, including reading, writing, and deleting files.

4. Configuration Management

I learned the importance of using a configuration file or dictionary to manage settings and parameters in a script, making it easier to modify the behavior without altering the core code.

5. Ransomware-like Behavior and Mitigation

While the script emulates ransomware behavior, I gained valuable insights into how ransomware operates and the potential devastating impact on data and businesses. This project highlighted the importance of:

a. Regular Backups

Maintaining regular backups of critical data can help restore files without paying a ransom.

b. Up-to-date Security Software

Using updated antivirus and anti-malware software can detect and prevent ransomware attacks.

c. User Education

Educating users about phishing emails, suspicious links, and the dangers of downloading attachments from unknown sources can help prevent ransomware infections.

d. Restricting User Permissions

Limiting user permissions can prevent unauthorized access and reduce the spread of ransomware within a network.

e. Network Segmentation

Segmenting networks and using firewalls can contain ransomware and prevent it from spreading across the entire network.

Conclusion

Overall, this project was an eye-opening experience that deepened my understanding of encryption techniques, file operations, and cybersecurity best practices. It highlighted the importance of proactive measures and user education in mitigating the risks associated with ransomware attacks on Windows systems.