Overview of Network Security: Types, Working Mechanism, Threats, Mitigation Tools
VerifiedAdded on  2023/06/08
|9
|1863
|305
AI Summary
This report provides an overview of network security, discussing the types of ransomware, their working mechanism, potential threats, recent attacks, and mitigation tools. It also includes recommendations and preventative measures to combat the threat of ransomware.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: OVERVIEW OF NETWORK SECURITY
OVERVIEW OF NETWORK SECURITY
Name of the University
Name of the student
Author Note
OVERVIEW OF NETWORK SECURITY
Name of the University
Name of the student
Author Note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1OVERVIEW OF NETWORK SECURITY
Table of Contents
Introduction................................................................................................................................2
Variants of ransomware.............................................................................................................2
Working mechanism..................................................................................................................3
Potential threats..........................................................................................................................3
Recent attacks.............................................................................................................................4
Mitigation tools..........................................................................................................................4
Summary....................................................................................................................................6
References..................................................................................................................................7
Table of Contents
Introduction................................................................................................................................2
Variants of ransomware.............................................................................................................2
Working mechanism..................................................................................................................3
Potential threats..........................................................................................................................3
Recent attacks.............................................................................................................................4
Mitigation tools..........................................................................................................................4
Summary....................................................................................................................................6
References..................................................................................................................................7
2OVERVIEW OF NETWORK SECURITY
Introduction
Ransomware is referred as a type of malware that encrypts and attacks a computer as
soon as it attacks the computer and renders the user useless from accessing the system. The
attacker demands a ransom to access the computer which was affected and a key is provided
to the user which is used to decrypt the encrypted file. The motives of these attacks are
generally monetary in particular. Normally, the attacker demands the payment through virtual
currencies (such as Ethereum and Bitcoins).
The following report is focused on providing information about ransomwares and
discusses the different types of the ransomwares. The mitigation strategies are also
highlighted in the following report.
Variants of ransomware
The variants of ransomware can be differentiated into five categories. They are
referred as Gandcrab, Locky, Cryptolocker, Goldeneye and Wannacry. They can be also
differentiated into two main categories namely LOCKER and CRYPTO ramsomwares [5].
Strong encryptions are used in CRYPTO ransomwares that prevents the user from accessing
their own information from the computer and these types of ransomwares work through the
computer silently encrypting the files from valuable locations. A monetary demand is wanted
by the ransomeare which normally comes with a time limit after which the ransom increases.
A virtual currencies
The LOCKER variant of the ransomware is different from the former as instead of
encrypting the sensitive information from the computer it locks the PC where the files can be
accessed from. Most of the times these ransomwares lock the user interface of the computer
and demands a ransom similarly to unlock the computer [6].
Introduction
Ransomware is referred as a type of malware that encrypts and attacks a computer as
soon as it attacks the computer and renders the user useless from accessing the system. The
attacker demands a ransom to access the computer which was affected and a key is provided
to the user which is used to decrypt the encrypted file. The motives of these attacks are
generally monetary in particular. Normally, the attacker demands the payment through virtual
currencies (such as Ethereum and Bitcoins).
The following report is focused on providing information about ransomwares and
discusses the different types of the ransomwares. The mitigation strategies are also
highlighted in the following report.
Variants of ransomware
The variants of ransomware can be differentiated into five categories. They are
referred as Gandcrab, Locky, Cryptolocker, Goldeneye and Wannacry. They can be also
differentiated into two main categories namely LOCKER and CRYPTO ramsomwares [5].
Strong encryptions are used in CRYPTO ransomwares that prevents the user from accessing
their own information from the computer and these types of ransomwares work through the
computer silently encrypting the files from valuable locations. A monetary demand is wanted
by the ransomeare which normally comes with a time limit after which the ransom increases.
A virtual currencies
The LOCKER variant of the ransomware is different from the former as instead of
encrypting the sensitive information from the computer it locks the PC where the files can be
accessed from. Most of the times these ransomwares lock the user interface of the computer
and demands a ransom similarly to unlock the computer [6].
3OVERVIEW OF NETWORK SECURITY
Working mechanism
Certain phases and stages are involved in the working mechanism of a particular
ransomware. In the first phase (infect and exploit), the ransomware needs to be opened by a
user such as an email attachment to activate itself. In this phase, the exploit known as anger is
used by the attackers preferably. In the second phase (delivery), the ransomware executes its
executable in the system which it wants to target. Once the executables are provided, the
persistence mechanisms starts. In the third phase, the ransomware spoils the backups that are
created by the computer. This is a common trait of all ransomwares to attack the backups.
The fourth phase (encryption) starts by encrypting the files. A key is pushed by the
ransomware in the subsequent stages through the help of c2 server or a command prompt [4].
The notifications and messages for ransom demand are posted in the last stage where the
details of the payment are mentioned and the user is given a fixed time to make the payment
or the price of the ransom is increased in the subsequent stages.
Potential threats
The potential threats of the ransomware are millions of personal computers that are
residing in the homes and offices of common people. The ransomware attackers specially
target people who have little knowledge about counterattacking the threat and siphon money
out of them. The high level threats include the government institutions as well as information
related to national security falling into the wrong hands [2]. The ransomwares can be used to
shut down an entire network of a company through continuous DDoS attack and businesses
specially the small scale ones face immense threat from this threat. Sensitive information
related to customers are also under potential threat from these attacks [1].
Working mechanism
Certain phases and stages are involved in the working mechanism of a particular
ransomware. In the first phase (infect and exploit), the ransomware needs to be opened by a
user such as an email attachment to activate itself. In this phase, the exploit known as anger is
used by the attackers preferably. In the second phase (delivery), the ransomware executes its
executable in the system which it wants to target. Once the executables are provided, the
persistence mechanisms starts. In the third phase, the ransomware spoils the backups that are
created by the computer. This is a common trait of all ransomwares to attack the backups.
The fourth phase (encryption) starts by encrypting the files. A key is pushed by the
ransomware in the subsequent stages through the help of c2 server or a command prompt [4].
The notifications and messages for ransom demand are posted in the last stage where the
details of the payment are mentioned and the user is given a fixed time to make the payment
or the price of the ransom is increased in the subsequent stages.
Potential threats
The potential threats of the ransomware are millions of personal computers that are
residing in the homes and offices of common people. The ransomware attackers specially
target people who have little knowledge about counterattacking the threat and siphon money
out of them. The high level threats include the government institutions as well as information
related to national security falling into the wrong hands [2]. The ransomwares can be used to
shut down an entire network of a company through continuous DDoS attack and businesses
specially the small scale ones face immense threat from this threat. Sensitive information
related to customers are also under potential threat from these attacks [1].
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4OVERVIEW OF NETWORK SECURITY
Recent attacks
The Wannacry ransomware is a recent cyber-attack that occurred in that managed to
infect millions of computers around the world. The ransomware encrypted the hard drive of
every PC that it affected and even managed to affect high profile targets such as the national
service of Britain. After investigation, the security department of USA linked the attack to a
company known as Symnatec. Later they dropped the charges and blamed a notorious North
Korean group known as Lazarus. The virus came with an in built tor browser and spread
through a dropper in a self-contained computer [7]. Before announcing it officially, Microsoft
detected the vulnerability one month in advance. The company pushed several patches to
minimise the damages caused by the ransomware along with their vendors such as Adobe.
After investigating, it was found out that the ransomware used an exploit found in Microsoft
computers known as EternalBlue. Microsoft then sued the USA government for keeping the
vulnerability hidden from the general public even after discovering it months in advance. It
was accidentally discovered by a person who was trying to find meaning out of a random
number of codes [3]. The ransomware was then isolated by the researchers and sandboxed in
a virtual environment for further research for properly addressing situations like this.
Mitigation tools
The ransomware can be prevented by adopting some healthy habits on a daily basis.
Special protection softwares such as antiviruses can help. People need to stay careful while
opening an unknown email attachment. They need to realize the threats that are concerned
with malwares present in the attachment and their possible implications on the system [9].
Recent attacks
The Wannacry ransomware is a recent cyber-attack that occurred in that managed to
infect millions of computers around the world. The ransomware encrypted the hard drive of
every PC that it affected and even managed to affect high profile targets such as the national
service of Britain. After investigation, the security department of USA linked the attack to a
company known as Symnatec. Later they dropped the charges and blamed a notorious North
Korean group known as Lazarus. The virus came with an in built tor browser and spread
through a dropper in a self-contained computer [7]. Before announcing it officially, Microsoft
detected the vulnerability one month in advance. The company pushed several patches to
minimise the damages caused by the ransomware along with their vendors such as Adobe.
After investigating, it was found out that the ransomware used an exploit found in Microsoft
computers known as EternalBlue. Microsoft then sued the USA government for keeping the
vulnerability hidden from the general public even after discovering it months in advance. It
was accidentally discovered by a person who was trying to find meaning out of a random
number of codes [3]. The ransomware was then isolated by the researchers and sandboxed in
a virtual environment for further research for properly addressing situations like this.
Mitigation tools
The ransomware can be prevented by adopting some healthy habits on a daily basis.
Special protection softwares such as antiviruses can help. People need to stay careful while
opening an unknown email attachment. They need to realize the threats that are concerned
with malwares present in the attachment and their possible implications on the system [9].
5OVERVIEW OF NETWORK SECURITY
Most of the enterprises nowadays are affected by this common problem where an employee
working in the company opens and activates a malicious code by mistake causing the
company millions of dollars in damage. The user needs to refrain from providing the
necessary demand. The enterprises which handle important and sensitive customer
information need to use strategic and preventative cyber security tactics to address these
situation. Proper backups need to be made [12]. The accessibility of information need to be
checked with limits to prevent the attack from spreading in case of phase 1 infection. The
snapshots of storage needs to be stored in a pool outside the system which will allow to check
whether the saved files and folders have been compromised or not. The domain needs to be
compartmentalized with a number of strategies by the concerned organization.
Steps need to be taken to block the malicious sites and Tor IP addresses which are one
of the main reason for creating the gateway for transaction though the CC server.
Organizations need to define their restriction policies thoroughly to prevent the infected files
from spreading through the whole system. Unwanted wireless network connections such as
from infrared as well as Bluetooth devices need to be shut down as research has shown that
Bluetooth has the capability to compromise certain systems [11]. To prevent the system from
getting hacked, remote services need to be shut down and all the functionalities of the server
needs to be physically present in the organizational infrastructure for robust security. The
popups need to be blocked. Auto play option needs to be shut down and Windows
PowerShell needs to be deactivated which is responsible for automatic task allocation. The
computers can be secured by adding an extra layer of firewall or antivirus solutions [10]. To
prevent remote users from getting snapshots of shadow volume, Vssaexe need to be
deactivated. The system needs to be patched with the recent updates along with the other
third party vendors such as Flash player, Adobe and Java. Anti-spam settings and extension
of files need to be updated from time to time.
Most of the enterprises nowadays are affected by this common problem where an employee
working in the company opens and activates a malicious code by mistake causing the
company millions of dollars in damage. The user needs to refrain from providing the
necessary demand. The enterprises which handle important and sensitive customer
information need to use strategic and preventative cyber security tactics to address these
situation. Proper backups need to be made [12]. The accessibility of information need to be
checked with limits to prevent the attack from spreading in case of phase 1 infection. The
snapshots of storage needs to be stored in a pool outside the system which will allow to check
whether the saved files and folders have been compromised or not. The domain needs to be
compartmentalized with a number of strategies by the concerned organization.
Steps need to be taken to block the malicious sites and Tor IP addresses which are one
of the main reason for creating the gateway for transaction though the CC server.
Organizations need to define their restriction policies thoroughly to prevent the infected files
from spreading through the whole system. Unwanted wireless network connections such as
from infrared as well as Bluetooth devices need to be shut down as research has shown that
Bluetooth has the capability to compromise certain systems [11]. To prevent the system from
getting hacked, remote services need to be shut down and all the functionalities of the server
needs to be physically present in the organizational infrastructure for robust security. The
popups need to be blocked. Auto play option needs to be shut down and Windows
PowerShell needs to be deactivated which is responsible for automatic task allocation. The
computers can be secured by adding an extra layer of firewall or antivirus solutions [10]. To
prevent remote users from getting snapshots of shadow volume, Vssaexe need to be
deactivated. The system needs to be patched with the recent updates along with the other
third party vendors such as Flash player, Adobe and Java. Anti-spam settings and extension
of files need to be updated from time to time.
6OVERVIEW OF NETWORK SECURITY
Summary
To conclude the report, it can be stated that the research topic on ransomware has
been effectively assessed in the discussion section of the report. The different variants of the
ransomwares have been explained conclusively and the working mechanism of the mentioned
threat has been discussed through phases. The impact of the ransomware has been researched
effectively and a real life situation has been provided to assess the report from a practical
point of view. The report concludes by mentioning several recommendations and
preventative measures to combat the threat of ransomwares.
Summary
To conclude the report, it can be stated that the research topic on ransomware has
been effectively assessed in the discussion section of the report. The different variants of the
ransomwares have been explained conclusively and the working mechanism of the mentioned
threat has been discussed through phases. The impact of the ransomware has been researched
effectively and a real life situation has been provided to assess the report from a practical
point of view. The report concludes by mentioning several recommendations and
preventative measures to combat the threat of ransomwares.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
7OVERVIEW OF NETWORK SECURITY
References
[1] A. Dehghantanha, M. Conti, and T. Dargahi, eds. Cyber threat intelligence. Springer
International Publishing, 2018.
[2] M. Young, L. Adam, and M. Yung. "Cryptovirology: The birth, neglect, and explosion of
ransomware." Communications of the ACM 60.7, 2017.
[3] E. Kalita,. "WannaCry Ransomware Attack: Protect yourself from WannaCry
Ransomware Cyber Risk and Cyber War.", 2017.
[4] S. Haber, J. Morey, and B. Hibbert. "Ransomware." Privileged Attack Vectors. Apress,
Berkeley, CA, 2018.
[5] G. Wiener, ed. Cyberterrorism and Ransomware Attacks. Greenhaven Publishing LLC,
2018.
[6] F. Mbol, J.M. Robert, and A. Sadighian. "An efficient approach to detect torrentlocker
ransomware in computer systems." International Conference on Cryptology and Network
Security. Springer, Cham, 2016.
[7] A. Palisse. "Ransomware and the legacy crypto API." International Conference on Risks
and Security of Internet and Systems. Springer, Cham, 2016.
[8] A. Liska, and T. Gallo. Ransomware: Defending against digital extortion. " O'Reilly
Media, Inc.", 2016.
[9] M. Francesco, "Ransomware steals your phone. formal methods rescue it." International
Conference on Formal Techniques for Distributed Objects, Components, and Systems.
Springer, Cham, 2016.
References
[1] A. Dehghantanha, M. Conti, and T. Dargahi, eds. Cyber threat intelligence. Springer
International Publishing, 2018.
[2] M. Young, L. Adam, and M. Yung. "Cryptovirology: The birth, neglect, and explosion of
ransomware." Communications of the ACM 60.7, 2017.
[3] E. Kalita,. "WannaCry Ransomware Attack: Protect yourself from WannaCry
Ransomware Cyber Risk and Cyber War.", 2017.
[4] S. Haber, J. Morey, and B. Hibbert. "Ransomware." Privileged Attack Vectors. Apress,
Berkeley, CA, 2018.
[5] G. Wiener, ed. Cyberterrorism and Ransomware Attacks. Greenhaven Publishing LLC,
2018.
[6] F. Mbol, J.M. Robert, and A. Sadighian. "An efficient approach to detect torrentlocker
ransomware in computer systems." International Conference on Cryptology and Network
Security. Springer, Cham, 2016.
[7] A. Palisse. "Ransomware and the legacy crypto API." International Conference on Risks
and Security of Internet and Systems. Springer, Cham, 2016.
[8] A. Liska, and T. Gallo. Ransomware: Defending against digital extortion. " O'Reilly
Media, Inc.", 2016.
[9] M. Francesco, "Ransomware steals your phone. formal methods rescue it." International
Conference on Formal Techniques for Distributed Objects, Components, and Systems.
Springer, Cham, 2016.
8OVERVIEW OF NETWORK SECURITY
[10] P. Shakir, H. Awni, and A.N. Jaber. "A Short Review for Ransomware: Pros and
Cons." International Conference on P2P, Parallel, Grid, Cloud and Internet Computing.
Springer, Cham, 2017.
[11] L. Gangwar, M. Keertika, S. Mohanty, and A. K. Mohapatra. "Analysis and Detection of
Ransomware Through Its Delivery Methods." International Conference on Recent
Developments in Science, Engineering and Technology. Springer, Singapore, 2017.
[12] R. Goldsborough. "The Increasing Threat of Ransomware." Teacher Librarian 45.1,
2017
[10] P. Shakir, H. Awni, and A.N. Jaber. "A Short Review for Ransomware: Pros and
Cons." International Conference on P2P, Parallel, Grid, Cloud and Internet Computing.
Springer, Cham, 2017.
[11] L. Gangwar, M. Keertika, S. Mohanty, and A. K. Mohapatra. "Analysis and Detection of
Ransomware Through Its Delivery Methods." International Conference on Recent
Developments in Science, Engineering and Technology. Springer, Singapore, 2017.
[12] R. Goldsborough. "The Increasing Threat of Ransomware." Teacher Librarian 45.1,
2017
1 out of 9
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024  |  Zucol Services PVT LTD  |  All rights reserved.