Module Code & Module Title

CC4004NI Cybersecurity Fundamentals

Assessment Weightage & Type

50% Individual Coursework

Year and Semester

2021-22 Autumn
Student Name: Aanand Kumar Yadav
Group: N2
London Met ID: 21039814
College ID: np01nt4a210012@
Assignment Due Date:8th May 2022
Assignment Submission Date: 8th May 2022
Wordcount = 2418

I confirm that I understand my coursework needs to be submitted online via Google Classroom under the
relevant module page before the deadline in order for my assignment to be accepted and marked. I am fully
aware that late submissions will be treated as non-submission and a marks of zero will be awarded
Table of Contents
1. Introduction ................................................................................................................. 1

➢ Ransomware attack on Travelex in 2020 ........................................................... 2

➢ Aim and Objectives of this coursework .............................................................. 3

2. Section 1: .................................................................................................................... 3

Theft of Personal Data .................................................................................................... 3

1. How do customers get affected? ........................................................................ 4

2. Travelex flaw which resulted in a ransomware attack.............................................. 5

3. Section 2: .................................................................................................................... 6

Personal data loss in a cyber-attack ............................................................................... 6

The full version of the seven principles gives more detail about the principles and their
application. .................................................................................................................. 7

4. Section 3: .................................................................................................................... 8

Chief Information Security Officer ................................................................................... 8

5. Conclusion ................................................................................................................ 10

6. References................................................................................................................ 11

7. Appendix ......................................................................Error! Bookmark not defined.

Table of Figures
Figure 1: Ransomware Attacking Phases ....................................................................... 1
Figure 2: Ransomware attack......................................................................................... 2
Figure 3: Phishing and Scamming ................................................................................... 4
Figure 4: Data Breach ..................................................................................................... 5
Figure 5: GDPR ............................................................................................................... 8
Figure 6: CISO ................................................................................................................ 9
CC4004NI Cybersecurity Fundamentals

1. Introduction
Cybersecurity risk has come to the top of enterprises' priority list as they embrace digital
transformation and deploy new technology solutions to promote corporate development and
efficiency. Furthermore, many companies are growing more reliant on third-party services or
apps. While these tools may aid your company's success and growth, they also introduce new
threats and expand your attack surface.
Ransomware is a type of malicious virus that threatens to make data or a computer system public
unless the victim pays a ransom. A deadline is typically attached to the ransom demand. The
data will be permanently wiped or the price will be hiked if the victim does not pay the ransom in
a timely way.

When a cybercriminal wants to earn quick cash, he infects a computer and uses Ransomware to
encrypt all of the data on the hard drive. The malicious program notifies the user that unless they
pay a ransom, their files would be permanently destroyed. As ransom, criminals demanded cash
or money orders sent to post office boxes. This didn't always last, though, because post office
boxes may be traced back to an individual. The ransom is nearly often paid in Bitcoin, an
untraceable and anonymous digital currency. Ransomware attacks have increased dramatically
as ransoms may now be paid anonymously.

Figure 1: Ransomware Attacking Phases

1
Aanand Kumar yadav
CC4004NI Cybersecurity Fundamentals

➢ Ransomware attack on Travelex in 2020

Many Travelex employees started the year without access to computers, relying on pen and
paper to get by. Cyber hackers have sought a £4.6 million ransom after accessing the foreign
currency exchange firm's network and encrypting it with malware. Travelex was forced to take
down its websites after a New Year's Eve cyber-attack threatened to expose customers' personal
information, including dates of birth and credit card numbers. Foreign currency concerns have
arisen as a result of the Travelex hack at a number of companies, including Barclays, HSBC,
First Direct, Sainsbury's Bank, and Virgin Money. Sodinokibi, or REvil, are the assailants.
Travelex is the sole company that offers foreign exchange services.

Figure 2: Ransomware attack

2
Aanand Kumar yadav
CC4004NI Cybersecurity Fundamentals

➢ Aim and Objectives of this coursework

The main aim of this coursework is to research about “Ransomeware attack on Travelex in 2020”
are as follows : -
The objectives are as follows:
➢ To find out that whatever sort of malware hit the New Delhi company.
➢ To restore access to the data, the attackers demand a ransom, which is usually
paid in cryptocurrency.
➢ In the case of a cyber-attack, take every possible action to minimize the effects.
➢ To learn more about how the government and professional organizations react
when a business is targeted.
➢ To plan and prepare for a cyber assault ahead of time.

The impact of ransomware on the Travelex system, as well as when and how it happened, will
be described in this report. What rules and procedures must an organization follow when
registered with national and international regulatory bodies? What should be considered when
consumer information is compromised? What permitted the attackers to get access to the
organization's network. What role does a Chief Information Security Officer play in the fight
against cyber-attacks?

2. Section 1:

Theft of Personal Data

When hackers or scammers steal your personal information and use it to impersonate you, this
is known as identity theft. Your passwords might be used to get access to your bank accounts,
social media accounts, and credit card information, among other things. Theft of digital
information from an unknown victim's computers, servers, or other devices in order to jeopardize
privacy or get personal information is known as data theft. Any information that may be used to
identify a live person is considered personal data. When put together, personal data is made up
of several bits of information that may be used to identify a specific individual.

3
Aanand Kumar yadav
CC4004NI Cybersecurity Fundamentals

1. How do customers get affected?

➢ Phishing and Scamming

Phishing is a sort of social engineering assault designed to get sensitive information from
customers, such as login passwords and credit card details. Phishing occurs when a
hacker poses as a trustworthy entity and gets a victim to open an email, instant message,
or text message. The receiver is subsequently tricked into clicking on a malicious link,
which can result in malware installation, system lockdown as part of a ransomware
assault, or the disclosure of sensitive information.

A scam is any unethical enterprise or activity that victimizes an unwary victim of

money or other items. Online fraud has become more common as the globe has
gotten more connected thanks to the Internet, and it's sometimes up to you to keep
people secure online.

Figure 3: Phishing and Scamming

4
Aanand Kumar yadav
CC4004NI Cybersecurity Fundamentals

➢ Data breach
A data breach occurs when information is stolen or removed from a system without the
owner's knowledge or authorization. A data breach might happen to a small business or
a major corporation. Credit card numbers, client information, proprietary information, and
national security information are just some of the critical, proprietary, or private data that
might be exposed.

Figure 4: Data Breach

2. Travelex flaw which resulted in a ransomware attack

Travelex has verified that it is recovering from the Sodinokibi ransomware attack, which
caused the company's systems to be down for more than a week. On Monday, the currency
exchange business said that the Sodinokibi (also known as 'REvil') ransomware outbreak had
been effectively contained. Travelex took down its systems after the New Year's Eve incident to
prevent the virus from spreading further. Sodinokibi has been used by cybercriminals to grab
data and encrypt it before threatening to reveal it unless the victims pay up. The virus is linked
to the concept of ransomware-as-a-service (RaaS), which implies that no single entity profits
5
Aanand Kumar yadav
CC4004NI Cybersecurity Fundamentals

disproportionately from the outbreak. John Leyden 08 January 2020 at 14:30 UTC
Updated: 13 May 2020 at 05:27 UTC

3. Section 2:
Personal data loss in a cyber-attack
When vital or sensitive data on a computer is lost due to theft, human mistake, viruses, malware,
or a power outage, data loss happens. Structure damage, mechanical failure, and gadget failure
might all be causes. If this happens and the breach puts an individual's rights and freedoms in
danger, your company/organization must notify the supervisory authority as soon as possible, no
later than 72 hours after detecting the breach. If your firm or organization is a data processor,
every data breach must be disclosed to the controller.
Servers can also suffer from data loss, just like individual computers and devices can.
➢ Data loss occurs when vital or sensitive information saved on a computer or network is
lost.
➢ External factors such as a power outage, theft, or a large-scale phishing effort might
cause data loss.
➢ Human mistake can result in data loss when a person reads a virus-infected email, when
antivirus software expires, or when a person drops or spills liquid on a computer.

➢ Companies may protect themselves by putting data loss prevention methods into
software and setting staff guidelines that allow them to interact with and distribute
company documents safely.

➢ Individuals may protect themselves by keeping their virus and malware protection up to
date and avoids opening strange emails.
A data breach occurs when sensitive, protected, or confidential information is duplicated, shared,
seen, taken, or exploited by someone who is not authorized. Lack of complete exposure, data
leak, information leakage, and data spill are some more terms. All UK organizations must disclose
certain personal data breaches to the relevant regulatory agency under the GDPR. You should
act as soon as you uncover the vulnerability.
The General Data Protection Policy (GDPR) of the European Union is an international data
protection and security regulation commonly recognized as one of the strictest in the world. On
6
Aanand Kumar yadav
CC4004NI Cybersecurity Fundamentals

May 25, 2018, it will take effect. The GDPR lays out seven guidelines for properly handling
personal data. Processing includes collecting, organizing, storing, changing, consulting, utilizing,
transmitting, merging, limiting, deleting, and destroying personal data. The following are the
seven principles:

➢ Lawfulness, fairness and transparency: -The first three principles are legality, fairness, and
transparency. It requires that personal data be managed in a lawful, fair, and transparent
manner for data subjects.
➢ Purpose limitation: - In different countries, the word "purpose limitation" is defined differently.
Purpose limitation, for example, is a requirement under the General Data Protection
Regulation (GDPR) that personal data be acquired for specific, specified, and authorized
purposes and not used in ways that are incompatible with those aims.
➢ Data minimization: - According to the concept of data minimisation, data should only be
obtained and processed for purposes that have been explicitly acknowledged in advance.
The General Data Protection Regulation (GDPR) defines this as data that is:

• Adequate
• Relevant
• Limited to what is necessary for the purposes for which they are processed

➢ Accuracy: - Low accuracy causes a difference between the result and the real value, which
ISO refers to as trueness.
➢ Storage limitation: - According to Article of the General Data Protection Regulation, the fifth
principle of personal data processing is accuracy (GDPR).
➢ Integrity and confidentiality (security)
➢ Accountability

The full version of the seven principles gives more detail about the principles and their
application.
• Personal data shall be:
✓ Handled properly, honestly, and openly in relation to people ('lawfulness, fairness,
and transparency');

7
Aanand Kumar yadav
CC4004NI Cybersecurity Fundamentals

✓ Additional processing for public-interest archiving, scientific or historical research,

or statistical reasons must not be considered incompatible with the original goals
('purpose limitation').
✓ suitable, useful, and restricted to what is required to meet processing goals ('data
minimization');

GDPR outlines not just how corporations should protect personal data, but also what they
should do if such data is compromised as a result of a security breach. A data breach must be
reported to a Data Protection Officer (DPO) in their region within 72 hours, and in some cases,
everybody whose information was exposed must be contacted. The consequences of violating
the GDPR are severe.

Figure 5: GDPR

4. Section 3:
Chief Information Security Officer

8
Aanand Kumar yadav
CC4004NI Cybersecurity Fundamentals

The chief information security officer (CISO) is a senior executive who is responsible for
developing and implementing an information security program that includes processes and
policies to protect corporate communications, systems, and assets from internal and external
threats. The CISO may engage with the chief information officer on disaster recovery and
business continuity strategy in addition to procuring cybersecurity goods and services. The CIO
is responsible for the strategic planning of the organization's information technology activities,
whereas the CISO is a senior executive in charge of data and information security.

The chief information security officer may also be referred to as the chief security architect,
security manager, corporate security officer, or information security manager, depending on the
company's structure and present titles. The chief information security officer (CISO) is in charge
of the company's total corporate security, which includes its employees and facilities (CSO).

Figure 6: CISO

This is the type of CISO are as follows: -

• Transformational CISO. Forrester described the transformational CISO as energetic,

extroverted, dynamic and outspoken.
9
Aanand Kumar yadav
CC4004NI Cybersecurity Fundamentals

• Post-breach CISO.
• Tactical and operational expert CISO.
• Compliance and risk guru CISO.
• Steady-state CISO.
• Customer-facing evangelist CISO.

If I were the Chief Information Security Officer of the Travelex Organization, I would prioritize
correcting the problems with these services before moving ahead. Travelex was targeted by
ransomware, but it didn't care about the security flaws discovered in its Secure VPN and
Windows systems as a result of the attack. These vulnerabilities have now come to light.

5. Conclusion

In conclusion ransomware attacks, has proved that their impact can be devastating to small
business owners and organization. After researching a ransomware on Travelex in 2020, I got to
know many new technical terms and findings such as What is the hacking group's strategy before
targeting a cooperative network like Travelex ransomware 2020. I come all over a number of key
international regulatory authorities, including the General Data Protection Regulation (GDPR),
one of the most powerful authorities that takes data theft seriously and assists in data breach
investigations. Ransomware may affect individuals as well as small companies and
organizations. According to a public service request report, the FBI advises anybody who has
been infected with ransomware to never pay a ransom since it helps criminals enhance their
operations and catch more victims.
During my research, the cost of millions of ransomware attacks is calculated in this study.
Financial loss is one of the issues with ransomware. Financial losses can occur from missed
productivity, increased IT expenditures as a result of lost systems and devices, the necessity for
network upgrades, and the purchasing of new goods and services.

10
Aanand Kumar yadav
CC4004NI Cybersecurity Fundamentals

6. References
Data Breach: -

https://www.trendmicro.com/vinfo/us/security/definition/data-breach

Sodinokibi ransomware attack: -

https://portswigger.net/daily-swig/travelex-ransomware-attack-pulse-secure-vpn-flaw-
implicated-in-security-incident
. John Leyden 08 January 2020 at 14:30 UTC
Updated: 13 May 2020 at 05:27 UTC

Personal data loss in a cyber-attack: -

https://www.investopedia.com/terms/d/data-loss.asp

CISO: -
https://www.techtarget.com/searchsecurity/definition/CISO-chief-information-security-officer

Phishing and scam: -

https://www.imperva.com/learn/application-security/phishing-attack-scam/

https://www.computerhope.com/jargon/s/scam.htm

7. Appendix

11
Aanand Kumar yadav
CC4004NI Cybersecurity Fundamentals

Types of ransomware and families

1.(CGR)Cryptographic Ransomware: -
Cryptographic ransomware is a type of computer virus that encrypts data and demands a ransom
payment in return for access. It mostly targets Microsoft Windows PCs, while newer variants
have appeared that target Apple's OSX. Two well-known Crypto-ransomware viruses are
CryptoLocker and CryptoWall.

12
Aanand Kumar yadav