正解:B
Ransomware is a type of cyberattack where malicious software encrypts an organization's data, making it inaccessible until a ransom is paid to the attacker. This aligns with the question's scenario, where denial-of- service is caused by malicious data encryption.
Let's analyze the options:
* A. Phishing:
* Phishing is a social engineering attack that tricks individuals into providing sensitive information, such as usernames, passwords, or credit card numbers. It does not involve encryption or direct denial-of-service.
* B. Ransomware (# Correct Answer):
* Ransomware encrypts critical data and demands a ransom for its release, effectively causing a denial-of-service scenario since the victim cannot access their own systems.
* Some well-known ransomware attacks include WannaCry and NotPetya.
* C. Hacking:
* Hacking is a broad term for unauthorized access to systems but does not specifically refer to denial-of-service through encryption. Ransomware is a specific type of hacking attack.
* D. Malware:
* Malware (malicious software) is a general category that includes viruses, trojans, worms, spyware, and ransomware. While ransomware is a type of malware, not all malware encrypts data to demand ransom.
* IIA Global Technology Audit Guide (GTAG) - Auditing Cybersecurity Risks - Discusses various cyber threats, including ransomware.
* NIST Cybersecurity Framework (CSF) - Defines ransomware as a major threat that disrupts business continuity.
* COBIT Framework (Control Objectives for Information and Related Technologies) - Addresses risks associated with ransomware and how internal auditors should assess controls.
* ISO/IEC 27001 - Information Security Management Systems (ISMS) - Identifies the importance of cybersecurity measures to prevent ransomware attacks.
IIA References: