Security Posture by Example

Scenario 21 - Ransomware

This scenario was created by looking at the bigger picture (from a security posture attribute viewpoint) of the example in section 7.1 of X.1215 STIX Use Cases

A slip of the thumb on his work phone causes a young account exec at Amalgamated to inadvertently download malware on his work computer. Shades of panic and embarrassment wash over his brain as he remembers the gruesome particulars of the company-wide brief on WannaCry Ransomeware.

Thankfully, Amalgamated's rigorous posture attribution collection and evaluation protocol has already detected suspicious content in an email opened by one of its own employees.

As the attack evolves, "observed-data" STIX objects precede "attack-pattern" and "malware" objects that begin to centralize and coordinate information for a "campaign" STIX object whose end result is a diagnostic that generates possible patch solutions to mitigate the initial malware and prevent further spread.