Scenario
A ransomware investigation contains artifacts from initial targeting through final impact. Match each observed activity to the most appropriate phase.
Your task: Review the evidence and select the best analyst response for each field.
| Evidence | Details |
|---|---|
| Attack theme | Targeted phishing leads to ransomware |
| Remote control | Malware contacts an Internet host |
| Impact | Files are encrypted and a ransom demand appears |
Analyst Decisions
Instructor Answer
- Phishing is the targeting path in this scenario, while the executable is the weaponized payload.
- A malicious link delivers the payload, and a drive-by-download represents exploitation.
- The Internet host is used for command and control.
- Ransomware and encryption represent the attacker reaching the final objective.