Ransomware: A Growing Threat
VerifiedAdded on 2020/03/23
|11
|2690
|51
AI Summary
This assignment delves into the escalating issue of ransomware attacks. It examines how these attacks function, their consequences across diverse industries like healthcare and critical infrastructure, and the evolving tactics employed by attackers. The document emphasizes the importance of robust cybersecurity measures to counter this growing threat. Moreover, it discusses strategies for prevention, detection, and response to ransomware incidents, highlighting best practices for organizations.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: IT SECURITY
IT SECURITY
Name of the Student
Name of the University
Author Note
IT SECURITY
Name of the Student
Name of the University
Author Note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
2IT SECURITY
Table of Contents
Introduction................................................................................................................................3
Background................................................................................................................................3
Risk and security concerns of Ransomware...............................................................................3
Risk factors.............................................................................................................................3
Security factors.......................................................................................................................4
Strategies for Addressing them..................................................................................................4
Conclusion..................................................................................................................................5
Future trend................................................................................................................................5
References..................................................................................................................................7
Table of Contents
Introduction................................................................................................................................3
Background................................................................................................................................3
Risk and security concerns of Ransomware...............................................................................3
Risk factors.............................................................................................................................3
Security factors.......................................................................................................................4
Strategies for Addressing them..................................................................................................4
Conclusion..................................................................................................................................5
Future trend................................................................................................................................5
References..................................................................................................................................7
3IT SECURITY
Introduction
Ransomware can be considered as one of the malware that have the main intension of
restricting the user from accessing their system. This is mainly achieved either by locking the
system’s screen or locking the users file unless a ransom is paid on behalf of it. Modernized
ransomware families which can be collectively be termed as crypto – ransomware, encrypt
certain types of files on the system which is infected and forces the user to pay a certain sum
of money through the use of certain online payment methods in order to get the decrypt key
(Kruse et al., 2017). The ransom price very much vary which depends on the ransomware
variant and the price or the rate of exchange of the digital currency.
This report puts direct emphasis on the terminology and states its risk and security
concerns and the strategies that can be used to address them.
Background
The ransomware can be considered as one of the most promising threats which can be
related to enterprises, individuals and SMBs since the mid-2000. In fact, it can be stated that
there are more than 7600 ransom attacks reported to the internet crime complaint centre (IC3)
between the tenure of 2005 march till date and which is still counting.
Risk and security concerns of Ransomware
Risk factors
In the ransomware attack the hackers mainly exploit the flaws which are there in the
operating system which is mainly the in the windows oriented framework. The affect is
mainly concerned with those people who do not update the features by the use of patches
which are available through the vendor itself. As of now the concerned event have generated
a lot of claims. the risk associated with the attack can be stated as below:
Introduction
Ransomware can be considered as one of the malware that have the main intension of
restricting the user from accessing their system. This is mainly achieved either by locking the
system’s screen or locking the users file unless a ransom is paid on behalf of it. Modernized
ransomware families which can be collectively be termed as crypto – ransomware, encrypt
certain types of files on the system which is infected and forces the user to pay a certain sum
of money through the use of certain online payment methods in order to get the decrypt key
(Kruse et al., 2017). The ransom price very much vary which depends on the ransomware
variant and the price or the rate of exchange of the digital currency.
This report puts direct emphasis on the terminology and states its risk and security
concerns and the strategies that can be used to address them.
Background
The ransomware can be considered as one of the most promising threats which can be
related to enterprises, individuals and SMBs since the mid-2000. In fact, it can be stated that
there are more than 7600 ransom attacks reported to the internet crime complaint centre (IC3)
between the tenure of 2005 march till date and which is still counting.
Risk and security concerns of Ransomware
Risk factors
In the ransomware attack the hackers mainly exploit the flaws which are there in the
operating system which is mainly the in the windows oriented framework. The affect is
mainly concerned with those people who do not update the features by the use of patches
which are available through the vendor itself. As of now the concerned event have generated
a lot of claims. the risk associated with the attack can be stated as below:
4IT SECURITY
1. Extortion cover: There are mainly two types of key which are used in common
programming language first is the encryption key which is mainly used to hid the
messages and on the other hand is the decryption key which helps in retrieving the
original content of the file (Simms, 2016). extortion cover is mainly expected from the
cost which is related to the decrypted key which is used to regain the original message
from the encryption format. The key is generally provided from the hacker’s side.
2. Business interruption cover: The main goal of the hacker is pointing towards running
business orientation in order to gain the overall access of the data. It can be stated here
that the data which is hacked by the hackers are sometimes so much vital from the
organisations point of view that it would tend to a huge loss if the data are lost or could
not be received.
3. Data restoration covers: the data in many situations can include information which are
related to customer which are of high importance to them for example credit card number,
bank details etc. If these details ones reach the hand of the hackers it could lead to 2 types
of problem.
One of the problem is that the hacker can take the information and use it for their
own benefit
One the other hand they can ask from ransom in order to receive the information.
(Smith, M. (2016).
Security factors
The security factors that can be involved in the ransomware attack are as follows:
1. Stop. Scolding doesn’t help
The information and the operation are very much aware of the core fundamentals and
the security aspect which are involved with it. For example, disaster recovery, patch,
1. Extortion cover: There are mainly two types of key which are used in common
programming language first is the encryption key which is mainly used to hid the
messages and on the other hand is the decryption key which helps in retrieving the
original content of the file (Simms, 2016). extortion cover is mainly expected from the
cost which is related to the decrypted key which is used to regain the original message
from the encryption format. The key is generally provided from the hacker’s side.
2. Business interruption cover: The main goal of the hacker is pointing towards running
business orientation in order to gain the overall access of the data. It can be stated here
that the data which is hacked by the hackers are sometimes so much vital from the
organisations point of view that it would tend to a huge loss if the data are lost or could
not be received.
3. Data restoration covers: the data in many situations can include information which are
related to customer which are of high importance to them for example credit card number,
bank details etc. If these details ones reach the hand of the hackers it could lead to 2 types
of problem.
One of the problem is that the hacker can take the information and use it for their
own benefit
One the other hand they can ask from ransom in order to receive the information.
(Smith, M. (2016).
Security factors
The security factors that can be involved in the ransomware attack are as follows:
1. Stop. Scolding doesn’t help
The information and the operation are very much aware of the core fundamentals and
the security aspect which are involved with it. For example, disaster recovery, patch,
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
5IT SECURITY
management, regular backup and business continuity, this factors are very much important in
order to protect the network and the user from the damage which can be made by the hackers
(Shukla Mondal & Lodha, 2016). The Act of that the concerned people are irresponsible or
incompetent for being behind the patching which are available for ensure security and
ignoring the challenges that they could face if the attack is initiated are one of the security
issue that can be involved in the ransomware attack. It can be stated that in most of the cases
the undisputed reality is that the systems are vulnerable and mainly running on software’s
that is out dated or just unpatched (Brewer, 2016).
2. Understanding of the challenges
The information technology does not always have the access to the system’s which are
on the overall area of the networks. When patching system can avoid the warranty or the term
of the license then staying on the top of the updates is not merely an option (Valach, 2016).
Or when relating to a manufacturing plant where the computers are plugged into a machine in
order for the proper working may be considered as a part of the machinery and not fall under
the infrastructure of the information technology. The issue is among the most widespread
aspect among different organisations which can be considered as an aspect which is below
the security line. This issue can be considered as avital security issue which makes the system
very much vulnerable to the attack (Mohurle & Patil, 2017).
3. Organisational constraints
This can be considered as one of the most vital security issue which can be directly related to
the attack. The main security concerns in such an aspect is that the legislative rules and the
spending cuts design rein the government from spending money on the information
technology infrastructure (Lee et al., 2016)
management, regular backup and business continuity, this factors are very much important in
order to protect the network and the user from the damage which can be made by the hackers
(Shukla Mondal & Lodha, 2016). The Act of that the concerned people are irresponsible or
incompetent for being behind the patching which are available for ensure security and
ignoring the challenges that they could face if the attack is initiated are one of the security
issue that can be involved in the ransomware attack. It can be stated that in most of the cases
the undisputed reality is that the systems are vulnerable and mainly running on software’s
that is out dated or just unpatched (Brewer, 2016).
2. Understanding of the challenges
The information technology does not always have the access to the system’s which are
on the overall area of the networks. When patching system can avoid the warranty or the term
of the license then staying on the top of the updates is not merely an option (Valach, 2016).
Or when relating to a manufacturing plant where the computers are plugged into a machine in
order for the proper working may be considered as a part of the machinery and not fall under
the infrastructure of the information technology. The issue is among the most widespread
aspect among different organisations which can be considered as an aspect which is below
the security line. This issue can be considered as avital security issue which makes the system
very much vulnerable to the attack (Mohurle & Patil, 2017).
3. Organisational constraints
This can be considered as one of the most vital security issue which can be directly related to
the attack. The main security concerns in such an aspect is that the legislative rules and the
spending cuts design rein the government from spending money on the information
technology infrastructure (Lee et al., 2016)
6IT SECURITY
Strategies for Addressing them
it was seen that after several hours after an attack was initiated while initiating the
amount of attack and the harm it has produced a researcher by the name of MalwareTech
discovered the amount of kill switch which was injected in the system. The main strategy
which could be implemented according to him was that a domain name should be registered
in accordance to the DNS sinkhole (Chinthapalli, 2017). This resulted in the spreading of the
worm which mainly created the attack. This was taken into account due to the fact that the
ransom’s main aim was to encrypt the computer files if and only if it could not connect to the
domain. The lead to a widespread of the attack because most of the system’s website were
not registered and it was open towards the attack. Taking into concern about the system
which were already infected by the infection, it helped in slowing down the initial infection
and overall expanded the time which was needed to deploy a protective measure towards it
(Simmonds, 2017).
It was mainly noticed that the window encrypted APIs which were mainly used by the
wannaCry may not even completely clear the prime number used in order to generate the
payload’s private key from within the memory. This potentially made it possible to retrieve
the key if they were not cleared or overwritten from the resident memory. This behaviour of
the system was used by a French researcher who developed a tool which was known as
wannakey (Pope, 2016). The key role of the wannakey was to automate the process on the
windows XP systems. (the windows XP system is highline because of the factor that the
infection on the window XP system where the maximum) (Pathak & Nanded, 2016). After
this approach a second tool was build which was named as wanakiwi which was mainly
tested on the window 7 and the server 2008 R2 as well. The scale of the attack was so huge
that it intended windows to launch a new security update which was designed for older
versions of the windows. In this contact the cyber defines operational of the Microsoft stated
Strategies for Addressing them
it was seen that after several hours after an attack was initiated while initiating the
amount of attack and the harm it has produced a researcher by the name of MalwareTech
discovered the amount of kill switch which was injected in the system. The main strategy
which could be implemented according to him was that a domain name should be registered
in accordance to the DNS sinkhole (Chinthapalli, 2017). This resulted in the spreading of the
worm which mainly created the attack. This was taken into account due to the fact that the
ransom’s main aim was to encrypt the computer files if and only if it could not connect to the
domain. The lead to a widespread of the attack because most of the system’s website were
not registered and it was open towards the attack. Taking into concern about the system
which were already infected by the infection, it helped in slowing down the initial infection
and overall expanded the time which was needed to deploy a protective measure towards it
(Simmonds, 2017).
It was mainly noticed that the window encrypted APIs which were mainly used by the
wannaCry may not even completely clear the prime number used in order to generate the
payload’s private key from within the memory. This potentially made it possible to retrieve
the key if they were not cleared or overwritten from the resident memory. This behaviour of
the system was used by a French researcher who developed a tool which was known as
wannakey (Pope, 2016). The key role of the wannakey was to automate the process on the
windows XP systems. (the windows XP system is highline because of the factor that the
infection on the window XP system where the maximum) (Pathak & Nanded, 2016). After
this approach a second tool was build which was named as wanakiwi which was mainly
tested on the window 7 and the server 2008 R2 as well. The scale of the attack was so huge
that it intended windows to launch a new security update which was designed for older
versions of the windows. In this contact the cyber defines operational of the Microsoft stated
7IT SECURITY
that the factor of elevated risk for the cyber-attacks which is termed destructive at the present
time, the company had taken many actions in order to provide the customers full protection
from the event and so that no harm can be done on any system (Russell, 2016).
Conclusion
The report can be concluded on the fact that the ransomware attacks have the ability
to gain a huge point of interest in the near future. The main point of emphasis is that small
security measures can be incorporate into the information technology framework which can
be directly beneficial in stopping the attacks privilege on a system.
Future trend
1. Ransomware would become just another tool in the hacker’s belt
The attack is already changing its basic framework and continuing its process in
evolving. Ransomware would eventually sit in the arsenal with regards to the attackers on a
wide range of options. On the other hand, the advanced hacking groups need money and the
concept of the attack can be proven a very much easy way to gain the money in the future.
2. Designing of more attacks
The impact of news which many dwelled when an attack it made it made the interest
of the small hackers more towards this sort of attack. So it can have estimated that in the near
future there can be many more such types of attack which can be termed as copycat attacks.
The system which can be targeted in the future attacks are:
Bank ATMs
System which are related to self-checkout at the grocery store
Billboards which are computerized.
3. Ransomware using no executable as a mere mean of evading detection
that the factor of elevated risk for the cyber-attacks which is termed destructive at the present
time, the company had taken many actions in order to provide the customers full protection
from the event and so that no harm can be done on any system (Russell, 2016).
Conclusion
The report can be concluded on the fact that the ransomware attacks have the ability
to gain a huge point of interest in the near future. The main point of emphasis is that small
security measures can be incorporate into the information technology framework which can
be directly beneficial in stopping the attacks privilege on a system.
Future trend
1. Ransomware would become just another tool in the hacker’s belt
The attack is already changing its basic framework and continuing its process in
evolving. Ransomware would eventually sit in the arsenal with regards to the attackers on a
wide range of options. On the other hand, the advanced hacking groups need money and the
concept of the attack can be proven a very much easy way to gain the money in the future.
2. Designing of more attacks
The impact of news which many dwelled when an attack it made it made the interest
of the small hackers more towards this sort of attack. So it can have estimated that in the near
future there can be many more such types of attack which can be termed as copycat attacks.
The system which can be targeted in the future attacks are:
Bank ATMs
System which are related to self-checkout at the grocery store
Billboards which are computerized.
3. Ransomware using no executable as a mere mean of evading detection
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
8IT SECURITY
This can be directly being related something which is already done with Ransom32
which was entirely build on JavaScript and power ware (developed in PowerShell) and this
trend can be followed in the near future.
This type of ransomware attack mainly uses a combination of language which are
mainly scripting languages and Microsoft API which is used to encrypt the files on the
machine of the victim. Within the executable file the encryption, the note which is related to
the ransom and the call out of the command and the control server are completed.
4. Target the security of the providers of webmail’s
The spam campaigns right now are losing the battle against the consumer webmail
providers for example yahoo!, google and Microsoft. This services have mainly bugged up in
detecting the mails which are related to the attack and remedy of which have been set by
sending the mails to the spam. This have resulted in the increase of the activity along the year
2016. The spam detection system in many organisations are very much less effective or non-
existing than those which are involved in the webmail providers. This is one of the main
reason why the attackers behind the attack have mainly focused their main area of concern
towards the corporate agencies.
5. No ransomware activity on IoT
The Iot devices always sinks with the cloud server and it can be very much easy to
wipe and replace them, so there is no such compiling reason behind which the attacks can be
initiated within such framework. On the other hand, when initiated on LINUX, UNIX that
actually play a vital role in the day to day life it can be somewhat obstructive. But the target
which are discussed here are not in the to do list of the hackers as they are indeed very much
complicate in bypassing and creating an aspect of the attack. Even if the user accidentally
installs the infection on the system it would not produce any sort of harm to the system. The
This can be directly being related something which is already done with Ransom32
which was entirely build on JavaScript and power ware (developed in PowerShell) and this
trend can be followed in the near future.
This type of ransomware attack mainly uses a combination of language which are
mainly scripting languages and Microsoft API which is used to encrypt the files on the
machine of the victim. Within the executable file the encryption, the note which is related to
the ransom and the call out of the command and the control server are completed.
4. Target the security of the providers of webmail’s
The spam campaigns right now are losing the battle against the consumer webmail
providers for example yahoo!, google and Microsoft. This services have mainly bugged up in
detecting the mails which are related to the attack and remedy of which have been set by
sending the mails to the spam. This have resulted in the increase of the activity along the year
2016. The spam detection system in many organisations are very much less effective or non-
existing than those which are involved in the webmail providers. This is one of the main
reason why the attackers behind the attack have mainly focused their main area of concern
towards the corporate agencies.
5. No ransomware activity on IoT
The Iot devices always sinks with the cloud server and it can be very much easy to
wipe and replace them, so there is no such compiling reason behind which the attacks can be
initiated within such framework. On the other hand, when initiated on LINUX, UNIX that
actually play a vital role in the day to day life it can be somewhat obstructive. But the target
which are discussed here are not in the to do list of the hackers as they are indeed very much
complicate in bypassing and creating an aspect of the attack. Even if the user accidentally
installs the infection on the system it would not produce any sort of harm to the system. The
9IT SECURITY
attackers have to be very much professional in order to do so, they need to have a victim who
is already logged in which can be considered as the root of the attacker to the package an
escalation with the ransomware which is a set of a whole new problem set). In the near future
the target of the hackers can be in these sort of machines due to the factor that rest of the
machines would be having enough of security measure sin order to stop the attack and the
attack would be eventually being a loss from the point of view of the hackers.
attackers have to be very much professional in order to do so, they need to have a victim who
is already logged in which can be considered as the root of the attacker to the package an
escalation with the ransomware which is a set of a whole new problem set). In the near future
the target of the hackers can be in these sort of machines due to the factor that rest of the
machines would be having enough of security measure sin order to stop the attack and the
attack would be eventually being a loss from the point of view of the hackers.
10IT SECURITY
References
Brewer, R. (2016). Ransomware attacks: detection, prevention and cure. Network Security,
2016(9), 5-9.
Chinthapalli, K. (2017). The hackers holding hospitals to ransom. BMJ, 357, j2214.
Hayes, J. (2017). Pay up-or else [ransomware attacks on industrial infrastructure].
Engineering & Technology, 12(4), 48-51.
Kruse, C. S., Frederick, B., Jacobson, T., & Monticone, D. K. (2017). Cybersecurity in
healthcare: A systematic review of modern threats and trends. Technology and Health
Care, 25(1), 1-10.
Lee, J. K., Moon, S. Y., & Park, J. H. (2017). CloudRPS: a cloud analysis based enhanced
ransomware prevention system. The Journal of Supercomputing, 73(7), 3065-3084.
Martin, G., Kinross, J., & Hankin, C. (2017). Effective cybersecurity is fundamental to
patient safety.
Mohurle, S., & Patil, M. (2017). A brief study of Wannacry Threat: Ransomware Attack
2017. International Journal, 8(5).
Pathak, D. P., & Nanded, Y. M. (2016). A dangerous trend of cybercrime: ransomware
growing challenge. International Journal of Advanced Research in Computer
Engineering & Technology (IJARCET) Volume, 5.
Pope, J. (2016). Ransomware: Minimizing the Risks. Innovations in clinical neuroscience,
13(11-12), 37.
Richardson, R., & North, M. (2017). Ransomware: Evolution, Mitigation and Prevention.
International Management Review, 13(1), 10.
References
Brewer, R. (2016). Ransomware attacks: detection, prevention and cure. Network Security,
2016(9), 5-9.
Chinthapalli, K. (2017). The hackers holding hospitals to ransom. BMJ, 357, j2214.
Hayes, J. (2017). Pay up-or else [ransomware attacks on industrial infrastructure].
Engineering & Technology, 12(4), 48-51.
Kruse, C. S., Frederick, B., Jacobson, T., & Monticone, D. K. (2017). Cybersecurity in
healthcare: A systematic review of modern threats and trends. Technology and Health
Care, 25(1), 1-10.
Lee, J. K., Moon, S. Y., & Park, J. H. (2017). CloudRPS: a cloud analysis based enhanced
ransomware prevention system. The Journal of Supercomputing, 73(7), 3065-3084.
Martin, G., Kinross, J., & Hankin, C. (2017). Effective cybersecurity is fundamental to
patient safety.
Mohurle, S., & Patil, M. (2017). A brief study of Wannacry Threat: Ransomware Attack
2017. International Journal, 8(5).
Pathak, D. P., & Nanded, Y. M. (2016). A dangerous trend of cybercrime: ransomware
growing challenge. International Journal of Advanced Research in Computer
Engineering & Technology (IJARCET) Volume, 5.
Pope, J. (2016). Ransomware: Minimizing the Risks. Innovations in clinical neuroscience,
13(11-12), 37.
Richardson, R., & North, M. (2017). Ransomware: Evolution, Mitigation and Prevention.
International Management Review, 13(1), 10.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
11IT SECURITY
Russell, R. (2016). A layered approach: integrating email security with document
management processes. Computer Fraud & Security, 2016(12), 14-18.
Shukla, M., Mondal, S., & Lodha, S. (2016, October). POSTER: Locally Virtualized
Environment for Mitigating Ransomware Threat. In Proceedings of the 2016 ACM
SIGSAC Conference on Computer and Communications Security (pp. 1784-1786).
ACM.
Simmonds, M. (2017). How businesses can navigate the growing tide of ransomware attacks.
Computer Fraud & Security, 2017(3), 9-12.
Simms, C. (2016). A Matter of Survival. ITNOW, 58(4), 30-31.
Smith, M. (2016). Ransomware attack forces Michigan utility to shut dow n systems, phone
lines, email. Network World.
Valach, A. P. (2016). What to Do After a Ransomware Attack. Risk Management, 63(5), 12.
Russell, R. (2016). A layered approach: integrating email security with document
management processes. Computer Fraud & Security, 2016(12), 14-18.
Shukla, M., Mondal, S., & Lodha, S. (2016, October). POSTER: Locally Virtualized
Environment for Mitigating Ransomware Threat. In Proceedings of the 2016 ACM
SIGSAC Conference on Computer and Communications Security (pp. 1784-1786).
ACM.
Simmonds, M. (2017). How businesses can navigate the growing tide of ransomware attacks.
Computer Fraud & Security, 2017(3), 9-12.
Simms, C. (2016). A Matter of Survival. ITNOW, 58(4), 30-31.
Smith, M. (2016). Ransomware attack forces Michigan utility to shut dow n systems, phone
lines, email. Network World.
Valach, A. P. (2016). What to Do After a Ransomware Attack. Risk Management, 63(5), 12.
1 out of 11
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.