Ransomware Threats and Mitigation Strategies
VerifiedAdded on 2020/03/23
|11
|2440
|125
AI Summary
The assignment delves into the growing threat of ransomware, exploring its various types, attack vectors, and the motivations behind these cyberattacks. It examines case studies and real-world examples to illustrate the impact of ransomware on individuals and organizations. Furthermore, the document outlines practical mitigation strategies, including security awareness training, robust data backup practices, and the implementation of advanced security measures to prevent and respond to ransomware threats.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: IT
Assignment Week
Name of Student
Name of Institute
Assignment Week
Name of Student
Name of Institute
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
2
IT Security
Table of Contents
Introduction..............................................................................................................................3
Background - Ransomware.....................................................................................................4
Risk and Security concerns of Ransomware.........................................................................5
Strategies for addressing them................................................................................................7
Conclusion and Future Trends...............................................................................................9
Reference.................................................................................................................................10
IT Security
Table of Contents
Introduction..............................................................................................................................3
Background - Ransomware.....................................................................................................4
Risk and Security concerns of Ransomware.........................................................................5
Strategies for addressing them................................................................................................7
Conclusion and Future Trends...............................................................................................9
Reference.................................................................................................................................10
3
IT Security
Introduction
IT security is a practice of preventing unauthorized access to organization’s server,
files or individual PCs. The attackers or hackers have attacked the system through different
types of malware and virus which have affected the organizations data. The attacker of
hackers can gain the access through malware, which includes virus, spyware, worms and
others. These code are installed in the system to steam information, access files and block
them till the time an amount is paid to recover the encryption key. The first attack happened
in 1988 to healthcare industry and till today healthcare industry is one main targeted industry.
Organizations are taking several steps to protect their system and server from the malware
attacks. A huge amount of money is been spent every year to protect their systems and files.
Each anti-virus needs to be update every year to add the details of extension of new virus and
malware which are been identified by the IT security specialists. This report focuses about
the ransom ware background and their attack history. This report also focuses on the fact that
why Information security is important and how effectively it can be done.
In recent times, there has been an increase in the number of ransom ware attacks that
happens in the world. It is important that different stakeholders must join hands so that the
ransom ware attacks can be managed. It can be said that one of the major threat to the large
IT systems is the threat from ransomware. The large IT systems like ERP systems should be
protected from any external attack. This paper would discuss the background of ransomware
and the strategies that should be used to manage the attack of ransomware. It would be
correct to say that the proactive ways of protection is better than the reactive way of
protection in case of ransomware.
IT Security
Introduction
IT security is a practice of preventing unauthorized access to organization’s server,
files or individual PCs. The attackers or hackers have attacked the system through different
types of malware and virus which have affected the organizations data. The attacker of
hackers can gain the access through malware, which includes virus, spyware, worms and
others. These code are installed in the system to steam information, access files and block
them till the time an amount is paid to recover the encryption key. The first attack happened
in 1988 to healthcare industry and till today healthcare industry is one main targeted industry.
Organizations are taking several steps to protect their system and server from the malware
attacks. A huge amount of money is been spent every year to protect their systems and files.
Each anti-virus needs to be update every year to add the details of extension of new virus and
malware which are been identified by the IT security specialists. This report focuses about
the ransom ware background and their attack history. This report also focuses on the fact that
why Information security is important and how effectively it can be done.
In recent times, there has been an increase in the number of ransom ware attacks that
happens in the world. It is important that different stakeholders must join hands so that the
ransom ware attacks can be managed. It can be said that one of the major threat to the large
IT systems is the threat from ransomware. The large IT systems like ERP systems should be
protected from any external attack. This paper would discuss the background of ransomware
and the strategies that should be used to manage the attack of ransomware. It would be
correct to say that the proactive ways of protection is better than the reactive way of
protection in case of ransomware.
4
IT Security
Background - Ransom ware
Ransom ware can be defined as a type of malware, which prevents the access of their
system either by locking the system screen or by locking the user files unless a ransom is
paid. Generally ransom ware families are categorized as crypto-ransom ware, the virus
encrypt few file types on infected system and compel the user to pay the some amount
through online payment to decrypt the files.
The price of ransom vary on the variant of ransomware, the very common specify
ransom payment is usually. During the recent attack of ransom ware there were some
alternative payment options as well such as iTunes and Amazon gift cards etc. In some case,
the decryption key or unlock tool is not ensure even after getting the desired ransom. Since
2000s, ransomware has been a threat to enterprises, server message blocks (SMBs) and
individuals. More than 7600 ransomware attacks has been reported to Internet Crime
Complaints between 2005 to March 2016. It was reported that in 2015, more than 2453
ransomware complaints have been received and costed over $1.6 million to its victims. The
actual number might be more be much higher than actually reported. In 1989 first
ransomware attack occurred targeting the healthcare industry. Since then, healthcare is one of
the top target industries for ransomware attack (Savage, Coogan, & Lau, 2015). Early malware
developer used to write their own encryption code but today’s attackers are relying on “off
the shelf libraries that significantly become harder to crack”. Some attackers develop the
toolkit that can be downloaded and deployed by the developer with less technical skills. In
2011, a ransomware was introduced that imitate the windows product activation which made
more difficult for the user to de-code the genuine notification from threats (Kharraz,
Robertson, Balzarotti, Bilge, & Kirda, 2015).
IT Security
Background - Ransom ware
Ransom ware can be defined as a type of malware, which prevents the access of their
system either by locking the system screen or by locking the user files unless a ransom is
paid. Generally ransom ware families are categorized as crypto-ransom ware, the virus
encrypt few file types on infected system and compel the user to pay the some amount
through online payment to decrypt the files.
The price of ransom vary on the variant of ransomware, the very common specify
ransom payment is usually. During the recent attack of ransom ware there were some
alternative payment options as well such as iTunes and Amazon gift cards etc. In some case,
the decryption key or unlock tool is not ensure even after getting the desired ransom. Since
2000s, ransomware has been a threat to enterprises, server message blocks (SMBs) and
individuals. More than 7600 ransomware attacks has been reported to Internet Crime
Complaints between 2005 to March 2016. It was reported that in 2015, more than 2453
ransomware complaints have been received and costed over $1.6 million to its victims. The
actual number might be more be much higher than actually reported. In 1989 first
ransomware attack occurred targeting the healthcare industry. Since then, healthcare is one of
the top target industries for ransomware attack (Savage, Coogan, & Lau, 2015). Early malware
developer used to write their own encryption code but today’s attackers are relying on “off
the shelf libraries that significantly become harder to crack”. Some attackers develop the
toolkit that can be downloaded and deployed by the developer with less technical skills. In
2011, a ransomware was introduced that imitate the windows product activation which made
more difficult for the user to de-code the genuine notification from threats (Kharraz,
Robertson, Balzarotti, Bilge, & Kirda, 2015).
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
5
IT Security
Risk and Security concerns of Ransomware
Across industry, there is heightened concern about this malware due to few cases
which illustrate that ransomware isn’t only a threat to the individual consumers as well as to
the enterprises. Ransomware attackers are usually motivated with the leverage of profits,
there are no specific reasons that why would attackers attack certain organization or industry.
There are certain risk associated with the increasing threat with the type of malware attacks.
Risk is a actually a combination of probability and impact (Singh, Jeong, & Park, 2016)
Picture source: Microsoft blog for understanding the risk
The above picture will help the security team of organization to understand and
prioritize the risk according to their past behavior. According to the data from Microsoft
security intelligence report, ransomware encounter less frequently that other type of
malwares. The encounter rate for malware is the percentage of computers running the real
tine Microsoft security software that can help in directly detecting malware or any other
unwanted software. These security software have reported to block different malware from
Well- formed Risk Statement
Impact
(What is the impact to
the Business?)
Assest
(What are you
trying to
protect?)
Threat
(What are you
afraid of
happening?)
Probability
(How likely is the
threat given the
control)?
Vulnerability
(How could the
threat occur)?
Mitigation
(What is
currently
reducing the
risk?)
IT Security
Risk and Security concerns of Ransomware
Across industry, there is heightened concern about this malware due to few cases
which illustrate that ransomware isn’t only a threat to the individual consumers as well as to
the enterprises. Ransomware attackers are usually motivated with the leverage of profits,
there are no specific reasons that why would attackers attack certain organization or industry.
There are certain risk associated with the increasing threat with the type of malware attacks.
Risk is a actually a combination of probability and impact (Singh, Jeong, & Park, 2016)
Picture source: Microsoft blog for understanding the risk
The above picture will help the security team of organization to understand and
prioritize the risk according to their past behavior. According to the data from Microsoft
security intelligence report, ransomware encounter less frequently that other type of
malwares. The encounter rate for malware is the percentage of computers running the real
tine Microsoft security software that can help in directly detecting malware or any other
unwanted software. These security software have reported to block different malware from
Well- formed Risk Statement
Impact
(What is the impact to
the Business?)
Assest
(What are you
trying to
protect?)
Threat
(What are you
afraid of
happening?)
Probability
(How likely is the
threat given the
control)?
Vulnerability
(How could the
threat occur)?
Mitigation
(What is
currently
reducing the
risk?)
6
IT Security
installing them into PCs. Encountered rate can also be differentiated according to locations,
such as the probability of encountering ransomware may be higher in some location then
other. For example, the encountered rate in Mexico is higher than other location by 5 times.
France and Canada has 4.4 time more than worldwide. The encountered rate indicates the
probability of risk as per the location and their virus types.
Ransomware aren’t very established as of this moment, but this doesn’t make it less
agonizing to protect the organization system from these attacks. There are several anti-virus
software are been introduced to protect the system from the malware attacks. These anti-virus
systems needs to be updated every year to ensure all the new extension of virus are been
added to the system list. These anti-viruses help the system to protect through recognizing the
malware and block it by installing in the systems (Gupta, 2008). It would be correct to say
that organizations must have the policy to manage the internal and external risks associated
with ransomware.
IT Security
installing them into PCs. Encountered rate can also be differentiated according to locations,
such as the probability of encountering ransomware may be higher in some location then
other. For example, the encountered rate in Mexico is higher than other location by 5 times.
France and Canada has 4.4 time more than worldwide. The encountered rate indicates the
probability of risk as per the location and their virus types.
Ransomware aren’t very established as of this moment, but this doesn’t make it less
agonizing to protect the organization system from these attacks. There are several anti-virus
software are been introduced to protect the system from the malware attacks. These anti-virus
systems needs to be updated every year to ensure all the new extension of virus are been
added to the system list. These anti-viruses help the system to protect through recognizing the
malware and block it by installing in the systems (Gupta, 2008). It would be correct to say
that organizations must have the policy to manage the internal and external risks associated
with ransomware.
7
IT Security
Strategies for addressing them
Ransomware is one most dangerous virus that is targeting different vertical of people
such as small medium business and individuals. The attackers have been attacking industry in
no particular pattern rather healthcare industry being on their most targeted industry. These
malware could be address into certain ways such as SMBs could ensure that they have
created a remote backup of their data. The backup could be taken on cloud as mounted drives
is also one target of attacker and are often not effective against ransomware. The basic IT
protection could also be taken for the files which are shared within the network, including the
basic VPN setup for the employees who work from home. Basic education could be given to
the employees about email phishing and cyber threats and their different ways of addressing
them. If in case, virus has attacked any system, then in that case the system should be isolated
ensuring that it doesn’t spread around the network. It is important that this isolation should
happen as soon as possible. The early isolation would minimize the chances of spread of
ransomware.
In the case of SMBs, the upper management is aware about the threats and wants to
be protected by it, but not much steps are taken by them to protect their system from the
attack well in advance.
Ransom ware is one of the fastest growing classes of malicious software and from
past few years the attack has evolved from simple screen blocking to demanding payments to
something more dangerous. Ransom ware can be categorized into two classes: scare ware and
lockers. Scare ware is a social engineering attack that shows an official notice of fine. A
locking or encrypted attack encrypts the file, operating system kernel or master boot and
reveals the encryption key once the ransom amount has been recovered.
IT Security
Strategies for addressing them
Ransomware is one most dangerous virus that is targeting different vertical of people
such as small medium business and individuals. The attackers have been attacking industry in
no particular pattern rather healthcare industry being on their most targeted industry. These
malware could be address into certain ways such as SMBs could ensure that they have
created a remote backup of their data. The backup could be taken on cloud as mounted drives
is also one target of attacker and are often not effective against ransomware. The basic IT
protection could also be taken for the files which are shared within the network, including the
basic VPN setup for the employees who work from home. Basic education could be given to
the employees about email phishing and cyber threats and their different ways of addressing
them. If in case, virus has attacked any system, then in that case the system should be isolated
ensuring that it doesn’t spread around the network. It is important that this isolation should
happen as soon as possible. The early isolation would minimize the chances of spread of
ransomware.
In the case of SMBs, the upper management is aware about the threats and wants to
be protected by it, but not much steps are taken by them to protect their system from the
attack well in advance.
Ransom ware is one of the fastest growing classes of malicious software and from
past few years the attack has evolved from simple screen blocking to demanding payments to
something more dangerous. Ransom ware can be categorized into two classes: scare ware and
lockers. Scare ware is a social engineering attack that shows an official notice of fine. A
locking or encrypted attack encrypts the file, operating system kernel or master boot and
reveals the encryption key once the ransom amount has been recovered.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
8
IT Security
There are certain other ways through which organization could protect their system from this
malware.
Ransom ware is one most dangerous attack and can be launched through email
phishing, fake downloads and malicious URLs, which are related to crime, ware tools
and exploits any one to install these malwares. For example: In June 2014, a ransom
ware was discovered known as CTB Locker, Onion which was distributed by
Andromeda bot which first infected the PCs through an email worm called Jolee
which was a designed to send spam e-mail to download the attack codes. Similarly,
Crypto locker was pushed to PCs which was infected by a game named Zeus. At first,
attacker used Zeus to hack all the financial information and later encrypted the hard
drive for ransom amount (Scaife, Carter, Traynor, & Butler, 2016,).
Attackers are not only attacking PCs and server but they have also started to attacked
android devices. To avoid these types of attacks, the individual should ensure that
their device are using anti-malware tools. For example, Svpeng Trojan is one of the
malware which is affecting android devices. These virus steal the credentials of
mobile banking apps and then lock the device to demand the ransome (Andronio,
Zanero, & Maggi, 2015).
To protect the system from ransom ware, one of the best way to fight against is to
lock down all the servers or other systems to maintain the backup offsite. Many cloud
services such as Dropbox allows to access the storage directly from user’s file. Most
of the companies create their back up of corporate data to an offsite location, but
these location could be easily accessible from its origin system. Therefore, these files
not only should be stored offline but also made unaccessible from the originating
system (Mercaldo, Nardone, Santone, & Visaggio, 2016).
IT Security
There are certain other ways through which organization could protect their system from this
malware.
Ransom ware is one most dangerous attack and can be launched through email
phishing, fake downloads and malicious URLs, which are related to crime, ware tools
and exploits any one to install these malwares. For example: In June 2014, a ransom
ware was discovered known as CTB Locker, Onion which was distributed by
Andromeda bot which first infected the PCs through an email worm called Jolee
which was a designed to send spam e-mail to download the attack codes. Similarly,
Crypto locker was pushed to PCs which was infected by a game named Zeus. At first,
attacker used Zeus to hack all the financial information and later encrypted the hard
drive for ransom amount (Scaife, Carter, Traynor, & Butler, 2016,).
Attackers are not only attacking PCs and server but they have also started to attacked
android devices. To avoid these types of attacks, the individual should ensure that
their device are using anti-malware tools. For example, Svpeng Trojan is one of the
malware which is affecting android devices. These virus steal the credentials of
mobile banking apps and then lock the device to demand the ransome (Andronio,
Zanero, & Maggi, 2015).
To protect the system from ransom ware, one of the best way to fight against is to
lock down all the servers or other systems to maintain the backup offsite. Many cloud
services such as Dropbox allows to access the storage directly from user’s file. Most
of the companies create their back up of corporate data to an offsite location, but
these location could be easily accessible from its origin system. Therefore, these files
not only should be stored offline but also made unaccessible from the originating
system (Mercaldo, Nardone, Santone, & Visaggio, 2016).
9
IT Security
It is important for the organization to understand and calculate the risk and plan the
security as per the set priority. It is said that information security can be improved not
by throwing the technical solution at the problem but also by creating the awareness
at the same time (Luo & Liao, 2007).
Conclusion and Future Trends
According to the security experts, expect ransom ware will continue to loom large as
a threat to endpoint machines. Other than ransom ware advance persistent threat (APT)
attacks will appear to major threat in future. Through this malware, the attackers gain access
to the network and lays low for a long period to pilfer data. These are associated with nation-
state threat group. APT attackers would be mostly targeted to large organizations and usually
use social engineering through emails to attract user by giving them the access via clicking or
by downloading the attachment. The attackers may spoof the emails and make it look like a
LinkedIn request and by clicking on it the user may download the malware code into the user
system. In past 10years, the rate of these attacks have immensely increased and will keep
growing. With time, there will many new form of malware that will be introduced and the
threat to these malware would also be innovative each time. It is important to secure the
systems not only individual but also of the organization. There are certain ways through
which the system can be secured such as by creating the awareness about these attacks to the
organization’s employees, backing up the data offline, which will help during recovering of
data (Police, 2006).
IT Security
It is important for the organization to understand and calculate the risk and plan the
security as per the set priority. It is said that information security can be improved not
by throwing the technical solution at the problem but also by creating the awareness
at the same time (Luo & Liao, 2007).
Conclusion and Future Trends
According to the security experts, expect ransom ware will continue to loom large as
a threat to endpoint machines. Other than ransom ware advance persistent threat (APT)
attacks will appear to major threat in future. Through this malware, the attackers gain access
to the network and lays low for a long period to pilfer data. These are associated with nation-
state threat group. APT attackers would be mostly targeted to large organizations and usually
use social engineering through emails to attract user by giving them the access via clicking or
by downloading the attachment. The attackers may spoof the emails and make it look like a
LinkedIn request and by clicking on it the user may download the malware code into the user
system. In past 10years, the rate of these attacks have immensely increased and will keep
growing. With time, there will many new form of malware that will be introduced and the
threat to these malware would also be innovative each time. It is important to secure the
systems not only individual but also of the organization. There are certain ways through
which the system can be secured such as by creating the awareness about these attacks to the
organization’s employees, backing up the data offline, which will help during recovering of
data (Police, 2006).
10
IT Security
Reference
Andronio, N., Zanero, S. and Maggi, F., 2015, November. Heldroid: Dissecting and detecting
mobile ransomware. In International Workshop on Recent Advances in Intrusion
Detection (pp. 382-404). Springer International Publishing.
Gupta, J.N. ed., 2008. Handbook of research on information security and assurance. IGI
Global.
Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L. and Kirda, E., 2015, July. Cutting the
gordian knot: A look under the hood of ransomware attacks. In International
Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
(pp. 3-24). Springer, Cham.
Luo, X. and Liao, Q., 2007. Awareness education as the key to ransomware prevention.
Information Systems Security, 16(4), pp.195-202.
Mercaldo, F., Nardone, V., Santone, A. and Visaggio, C.A., 2016, June. Ransomware steals
your phone. formal methods rescue it. In International Conference on Formal
Techniques for Distributed Objects, Components, and Systems (pp. 212-221).
Springer, Cham.
Police, R.C.M., 2006. Future Trends in Malicious Code–2006 Report. Information
Technology Security Report Lead Agency Publication R2, 2.
Savage, K., Coogan, P. and Lau, H., 2015. The evolution of ransomware. Symantec,
Mountain View.
IT Security
Reference
Andronio, N., Zanero, S. and Maggi, F., 2015, November. Heldroid: Dissecting and detecting
mobile ransomware. In International Workshop on Recent Advances in Intrusion
Detection (pp. 382-404). Springer International Publishing.
Gupta, J.N. ed., 2008. Handbook of research on information security and assurance. IGI
Global.
Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L. and Kirda, E., 2015, July. Cutting the
gordian knot: A look under the hood of ransomware attacks. In International
Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
(pp. 3-24). Springer, Cham.
Luo, X. and Liao, Q., 2007. Awareness education as the key to ransomware prevention.
Information Systems Security, 16(4), pp.195-202.
Mercaldo, F., Nardone, V., Santone, A. and Visaggio, C.A., 2016, June. Ransomware steals
your phone. formal methods rescue it. In International Conference on Formal
Techniques for Distributed Objects, Components, and Systems (pp. 212-221).
Springer, Cham.
Police, R.C.M., 2006. Future Trends in Malicious Code–2006 Report. Information
Technology Security Report Lead Agency Publication R2, 2.
Savage, K., Coogan, P. and Lau, H., 2015. The evolution of ransomware. Symantec,
Mountain View.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
11
IT Security
Scaife, N., Carter, H., Traynor, P. and Butler, K.R., 2016, June. Cryptolock (and drop it):
stopping ransomware attacks on user data. In Distributed Computing Systems
(ICDCS), 2016 IEEE 36th International Conference on (pp. 303-312). IEEE.
Singh, S., Jeong, Y.S. and Park, J.H., 2016. A survey on cloud computing security: Issues,
threats, and solutions. Journal of Network and Computer Applications, 75, pp.200-
222.
IT Security
Scaife, N., Carter, H., Traynor, P. and Butler, K.R., 2016, June. Cryptolock (and drop it):
stopping ransomware attacks on user data. In Distributed Computing Systems
(ICDCS), 2016 IEEE 36th International Conference on (pp. 303-312). IEEE.
Singh, S., Jeong, Y.S. and Park, J.H., 2016. A survey on cloud computing security: Issues,
threats, and solutions. Journal of Network and Computer Applications, 75, pp.200-
222.
1 out of 11
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.