Ransomware: Variants, Working Mechanism, Potential Threats, Mitigation Tools and Recent Attack

Verified

Added on  2023/06/08

|9
|2142
|102
AI Summary
This report discusses the variants, working mechanism, potential threats, mitigation tools and recent attack of ransomware. It also highlights the impact of ransomware on society.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
RANSOMWARE

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
Contents
Introduction.................................................................................................................................................2
Introduction about ransomware.............................................................................................................2
Impact of ransomware on the society.....................................................................................................2
Outline of Report.....................................................................................................................................2
Variants of Ransomware.............................................................................................................................2
Draw taxonomy & its discussion..............................................................................................................2
Working Mechanism...................................................................................................................................3
Discuss the working mechanism..............................................................................................................3
Potential Threats.........................................................................................................................................4
System lockup..........................................................................................................................................4
File Encryption and Deletion....................................................................................................................5
Recent Attack..............................................................................................................................................6
Mitigation Tools...........................................................................................................................................7
Discuss any two mitigation tools.............................................................................................................7
Effectiveness of selected mitigation tools...............................................................................................7
Summary.....................................................................................................................................................8
References...................................................................................................................................................8
Document Page
Introduction
Introduction about ransomware
Ransomware is one of the malicious software that has a problem with the locking of the data in the
system. Here, the ransom is paid for unlocking it. This is one of the new malware which was found in
2013 and there are programs that are generally seen to be infected through it and through the internal
network setup. It has been seen that the attackers are able to encrypt it in the system where there is a
proper holding of the keys of decryption and then holding the data which includes the kidnapping as
well. There are programs which are based on identifying the technical industry development with attack
problems solving. There are victims that mainly comply to hold the demands depending upon how the
cyberhackers are reviewing it, with validation and then handling the safety of the system along with its
confidentiality.
Impact of ransomware on the society
With the changing times, the major concern has been about handling the system infiltration and easy
touch for the system which includes the data changes as well. There are certain perceptions which are
related to how the blackmailing is done for the ransom so that the data is recorded through intervention
of certain company professionals. The loss generally has issues with the cybercrime with locking the
program files as well depending upon the demands that are made with unique decryption keys. They are
created and then stored with the server of hacker. The computer is infected through ransomware with
real loss of the valuable data that affects the system productivity and then there is a need of protecting
the data as well.
Outline of Report
The report will highlight about the changes and the discussions of ransomware with its impacts or the
threats on the system. It will also discuss about the recent incidents that the people have faced.
Variants of Ransomware
Draw taxonomy & its discussion
a. Crypto locker
Document Page
This ransomware has spread through different attachments and is mainly setting up the messages
spamming for the RSA public key encryptions. It leads to the sealing of the user files as well. There are
problems where people demand money for decryption.
b. TeslaCrypt:
The target of the files are focusing on associating with the video games with the other content that has
been downloaded to it. The consistency is to match with improving the creators with handling the
restoring of impossibilities as well [1].
c. Simple Locker
Android is one of the platform where the system tends to attack, and it is seen that certain infections are
there with the fourfold. Hence, there are blockers who attack the file with making it difficult to access it
or preventing the users to access it as well.
d. WannaCry
This is working with taking advantage of the different defective systems where there are issues related
to the system security on a large scale.
e. NotPetya:
The focus is on handling the problems related to monitoring the on-premise factors with assurance
related to monitoring the setup of cloud infrastructure.
Working Mechanism
Discuss the working mechanism
It has been seen that the ransomware completely takes the system access, where there are issues
related to handling the phishing or the spamming of emails as well. Once, the email is downloaded and
then opening it can lead to problems with social engineering tools. It leads to problems of security rules
as well, where the statistical analysis and the signature-based approaches are defined for relying on the
dataset measures which holds certain signatures. The approach is to work on the malware detection and
then determining about how one can detect the different threats which are related to the obfuscation.
The speed certainty needs certain new strains that are developed based on the methods and then
handling the malware to stop as well [4]. The system functioning is based on properly monitoring and

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
then detecting the issues which are related to file associations which can be quarantined as well. the
challenges are determined through detecting the behavioral indicators which does not include any
reliable information or identification process as well. Hence, there is also a major need to avoid the false
alternatives and the positives with establishing a better connection to analyze different events.
Potential Threats
System lockup
The ransomware is about handling the system lockup for the PC where there is a problem related to the
scareware with locking screen virus as well as the other stuff [2].
Scareware:
There are problems with the attacking of ransomware which leads to locking up of the system and there
are alerts or the pop ups as well. It leads to the prevention of the program to be running on the system
at any cost.
Lock Screen Virus:
Document Page
The focus is on ransomware where there is computer locking. Here the display is done through full size
setup with proper logo coming from FBI that certainly leads to problem and mishandling of law.
The Locky is worst encryption which can lead to the problems with the personal files as well as there is
no access to it, till there is a certain ransom paid for it.
File Encryption and Deletion
There has been focus on encryption of system with properly handling the system files as well. Here, the
data is seen to be deleted or hidden where the files also tend to go encrypted with changing the
extension for the files in ransomware. Here, there is a need to purchase or focus on system getting a
proper access as well [5]. The methods are defined for handling the file recovery where the encryption is
set to work with crack fixing and handling license activation problems as well. The invoice which is fake,
or the order receipts could have other issues which can be seen through that includes the malicious files
uploading in different websites. The victims are then seen to be looking forward for the downloading
Document Page
and then end up holding data encryption for carrying out certain legitimacy for the attachment of emails
as well.
The encryption forms includes the issues related to the virus problems. It needs to be checked with
encountering the problems related to it. The payload and the malicious files set are mainly for handling
the files which are easy to be executed. There are detection through researching with the %AppData%
Recent Attack
WannaCry Ransomware attack has been one of the major attacks which are seen to be causing the
issues related to the targeting of the computer systems. It includes the problems which works with the
payments and the Bitcoin currency. The direct impact is about the propagation which leads to the
exploitation of the system as well. The Windows Server Message Block (SMB) protocol is about the
handling of the events with reporting about the message to inform users with encryption and handling

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
the demands of payment [3]. The attack generally comes with infecting the vulnerability systems as well.
WannaCry has taken advantage for the proper installation of Backdoors which are in the patches of the
system. The organizations are also working with handling the no security patches and so for that there
are Kaspersky Lab study for detecting about the different responses that are defined. It includes the
problems which are related to the companies of cybersecurity and the allegations that are related to it.
the evidences and the transport code is to scan the vulnerability system with properly using the Eternal
Blue and then making a proper gain in access for the system as well. There are DNS sinkhole services
where the companies are seen to be working on certain allegations like the links that are related to
handle evidences. It includes the discovery through the potential attacking for the same types with
major target that is defined on the critical infrastructural patterns.
Mitigation Tools
Discuss any two mitigation tools
a. Process Monitoring: This tool is mainly for handling the system advancement where there are
certain real time functions and the file systems to handle the processing. It works with focusing
on Regmon that is for enhancement and working on sessions. The full threading stacks with
proper supporting and symbol integration includes different operational setups that are defined
with handling system log files [6].
b. SSDT: The other tool is for core utility management of the system styles where there is a proper
storage of the information which is then seen to be deleted when there is any process which is
killed. The block leads to the calling of the vssadmin.exe that leads to certain preventions of the
snapshots as well. Hence, for this, the solutions are mainly to combine and then work towards
the restoration of the file system encryption process.
Effectiveness of selected mitigation tools
Procmon tool is about properly focusing on monitoring the processes with handling the system
capabilities to take hold of filter. The system includes the proper capturing of the data and the
operations are defined through input and the output setup. There are non-distributive filters as well that
help in setting the filter without any loss of data. It includes the proper configuration where the events
are related to handle different files for the data that includes columns as well. The logging architecture
are set with capturing of events and then there is a proper setup which is done for the processing of the
tree tool which shows about the relationship as well.
Document Page
The response is determined through SSDT (SQL Server Data Tool) which is for maintaining the database
development and then work on handling the system debugging functions. It is then able to manage the
database projects that are for handling team-based environment.
Summary
Ransomware has been a malware which needs to be efficiently be taken care of. Here, the focus has to
be on network segmentation where the major goal is to completely handle the setup of IT infrastructure
as well. The whitelisting generally includes the defined working and the system standards as well, which
includes the processing set for malicious processes. the higher volumes of the new and the slight
modified variations are seen to be not important for the threats in cybercrime.
References
[1.] Barak, Gil. "System and methods thereof for preventing ransomware from encrypting data
elements stored in a memory of a computer-based system." U.S. Patent Application 15/492,338,
filed October 26, 2017.
[2.] Takeuchi, Yuki, Kazuya Sakai, and Satoshi Fukumoto. "Detecting Ransomware using Support
Vector Machines." In Proceedings of the 47th International Conference on Parallel Processing
Companion, p. 1. ACM, 2018.
[3.] Allen, J. "Surviving ransomware." American Journal of Family Law 31, no. 2 (2017): 65-68.
[4.] Richardson, Ronny, and Max North. "Ransomware: Evolution, mitigation and
prevention." International Management Review13, no. 1 (2017): 10-21.
[5.] Wolf, Daniel G., and Donald L. Goff. "A ransomware research framework: poster." In Proceedings
of the 5th Annual Symposium and Bootcamp on Hot Topics in the Science of Security, p. 26.
ACM, 2018.
[6.] Kolodenker, Eugene, William Koch, Gianluca Stringhini, and Manuel Egele. "PayBreak: defense
against cryptographic ransomware." In Proceedings of the 2017 ACM on Asia Conference on
Computer and Communications Security, pp. 599-611. ACM, 2017.
1 out of 9
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]