A successful phishing campaign leads to encrypted files and a ransom request.
In this scenario, the system sends an email infected with ransomware.
The email poses as legitimate email with a Word attachment.
After an unsuspecting employee opens the document, the files on the system are encrypted and the employee is asked to pay a ransom to receive the decryption key.
The trainee is trained to detect and analyze the attack and how to respond to it. How to investigate an image of the CNC server and use the revealed information to solve the case.