WannaCry Ransomware Incident Analysis in Casino

This case study details the investigation conducted by the CYREBRO Digital Forensics and Incident Response (DFIR) team regarding a WannaCry ransomware attack on a North American casino. The investigation was initiated after unusual network traffic was detected, indicating potential exploitation of vulnerable point of sale machines. The attacker utilized the EternalBlue exploit to gain access to a Windows 7 machine, leading to the deployment of ransomware and lateral movement across the network. The case study outlines the consequences of the attack, including financial losses, operational downtime, and the spread of infection due to unsecure configurations. Additionally, the DFIR team successfully eradicated the malware and provided recommendations for improving the casino's security posture, such as limiting external access, supervising third-party vendors, updating legacy systems, and deploying endpoint detection and response solutions. These measures aim to enhance the overall security framework and prevent future incidents.