The Red Team continues to encrypt malicious data. They entered sensitive IT systems and upgraded privileges along the way before extracting sensitive company data and emails. The attack team decided not to do any interruption because they did not want to be regarded as terrorists or treated terrorists – they made strict money, trying to blackmail Springfield County water treatment to reach a price of £20 million.
Meanwhile, in the Blue Team, the incident response begins when the defender develops plans to try to control the attack and restore the affected system.
During this stage of the exercise, the Blue Team received a call from the legal department, suggesting that they inform the UK National Cybersecurity Centre and regulators about the attack, warning that the failure could lead to fines or liability issues. Notifying partners and introducing expertise from external incident response experts has become the main focus of the game-stage defender.
