Ransomware Attacks and Data Security: Risks, Security and Prevention

Verified

Added on 2021/10/19

AI Summary

This report delves into the critical issue of ransomware attacks and their impact on data security. It begins by defining ransomware and exploring its various attack methods, including malspam, social engineering, and the use of Trojans. The report highlights the growing threat posed by ransomware, particularly targeting social media platforms, and outlines the steps involved in a typical attack, from initial infection to ransom demands. It then identifies key data security issues arising from ransomware, such as the unknown location of data, loss of confidentiality, integrity, and availability, along with issues like outsourcing responsibility and fragmented policies. Furthermore, the report discusses the importance of securing systems and networks, including implementing incident response plans, utilizing backup systems, and employing anti-spam and antivirus solutions. It also emphasizes the significance of network segmentation and applying the principle of least privilege. The report concludes by presenting effective mitigation mechanisms to combat ransomware attacks, offering valuable insights into safeguarding data in an increasingly vulnerable digital landscape.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: RANSOMWARE ATTACKS AND DATA SECURITY
Ransomware Attacks and Data Security
Name of the Student
Name of the University
Author’s Note:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1
RANSOMWARE ATTACKS AND DATA SECURITY
Table of Contents
Introduction.................................................................................................2
Research Objectives....................................................................................2
Discussion...................................................................................................2
Ransomware Attacks................................................................................2
Security of Data due to Ransomware.......................................................4
Mitigation of Ransomware Attacks for Data Security...............................6
Conclusion...................................................................................................9
References................................................................................................10

2
RANSOMWARE ATTACKS AND DATA SECURITY
Introduction
Ransomware is the kind of the malicious software, which is
responsible for threatening to publish the confidential data of the victim
and even to block the access to that specific data unless and until a
ransom is being paid (Kharraz et al. 2015). In the properly deployed attack
of cryptoviral extortion, the file recovery is an extremely significant
problem without the specific decryption key. Hence, it becomes extremely
difficult to trace the attackers. Moreover, he uses digital currencies like
Ukash as well as crypto currencies like Bitcoin for ransom and thus
making tracing or prosecuting becomes quite difficult for the attackers
(Scaife et al. 2016).
The following research report will be outlining a brief discussion on
the topic of ransomware in in today’s world. The ransomware attacks have
spread in the technological world drastically and hence there is a major
question of data security. In recent days, it is being notified that the
ransomware attacks are becoming quite threatening for the users and this
report will be providing various relevant details regarding it.
Research Objectives
The important research objectives of this research report are as
follows:
i) To understand the entire concept of ransomware that is discussed
in the media in recent times.
ii) To find out the data security issues for the ransomware for
securing data.
iii) To search for suitable prevention techniques of ransomware
attacks.
Discussion
Ransomware Attacks
The ransomware or ransom malware is the kind of malware, which
could prevent the users from getting access to the personal files or

3
RANSOMWARE ATTACKS AND DATA SECURITY
systems and also demands the ransom payment for regaining the access
(Andronio, Zanero and Maggi 2015). The ransom is paid or is sent through
credit card or crypto currencies. There are various methods, which could
allow ransomware to infect the system or computer. The most common
method of the ransomware is by the mal spam or malicious spam that is
unsolicited electronic mails for delivering the malware. This ransomware
even comprises of links for the malicious web sites. The mal spam utilizes
the social engineering for tricking the people for opening the attachments
and clicking on the links by properly appearing as legal (Kharraz et al.
2016). The cyber criminals utilize the social engineering within other kinds
of ransomware attacks for locking the files and paying ransom.
The ransomware attacks could be carrying out with the help of
Trojan, which is subsequently disguised as the legitimate file (Mercaldo et
al. 2016). The victim is then tricked into opening or downloading the file
as soon as it arrives as any electronic mail attachment. The most
significant example of the ransomware is the Wanna Cry worm and this
worm travels within the several computer systems without any type of
user’s interaction automatically (Continella et al. 2016). Another popular
example of this ransomware attack is the Crypto Locker. It is a specific
Trojan horse, which remains active on the Internet. The kits of
ransomware on the deep web have eventually allowed the cyber criminals
for purchasing as well as utilizing a typical software tool and creating the
ransomware with proper capabilities (Brewer 2016).
The various web sites of social media are the major victims of these
types of ransomware attacks (Song, Kim and Lee 2016). The main reason
for this vulnerability is that there are various users of social media and it
is extremely easy to target these sites. According to a survey, more than
70% of the scams of social media are being shared manually by the
people. These types of ransomware attacks could be completed by
undertaking some of the steps (Pathak and Nanded 2016). The victim
would eventually download as well as run the executable files or folders
from several links. The second step of this attack is that the files are kept

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4
RANSOMWARE ATTACKS AND DATA SECURITY
in the encrypted version and could only be opened after decryption
technique. In this particular step, the cloud storage is also affected and
hence the users gets no idea about the attack (Yang et al. 2015). The final
step of these ransomware attacks in the media asking for ransom
payments to the administrator of the social media web site.
Since, the confidential information of billions of uses are at stake,
the respective administrator is bound to pay the ransom to the attacker
and get the decryption code (Everett 2016). Apart from these
vulnerabilities, another important issue that occurs in these attacks is that
the information of the billions of users could be leaked easily in front of
the public and these users would be facing several problems related to
confidentiality and data integrity (Cabaj et al. 2015). This type of attack
also targets the businesses of all sizes. The first and the foremost
requirement of any organization is to recognize the attack, whenever they
are being attacked by the ransomware malware. Furthermore, they should
even ensure that significant tools regarding the anti malware or anti virus
is being implemented within the systems (Cabaj and Mazurczyk 2016).
Security of Data due to Ransomware
The ransomware attacks in the technological world have become
extremely common and significant for the users and thus they should be
avoided on an urgent basis (Sgandurra et al. 2016). The major affected
persons in these attacks are the users of the media web sites or social
media web sites. The data of these users are at stake and these issues
related to data security is quite problematic. The major issues of data
security for the ransomware in the media are as follows:
i) Location of Data Unknown: The first and the most important
issue of data security that is common for these types of ransomware
attacks in the world is that the intended or authenticated users does not
have any idea about the location of the data (Richardson and North 2017).
The attacker of the ransomware attack encrypts the data and keeps them
in any secret location. This location is not easily or promptly accessed by

5
RANSOMWARE ATTACKS AND DATA SECURITY
the users and hence they do not get access to the data (Bhardwaj et al.
2016).
ii) Losing of Data Confidentiality: The second important and
significant issue that is being faced in these types of ransomware attacks
in the technical world is the loss of the data confidentiality (Hampton and
Baig 2015). The data no longer remains confidential for the users and
hence the attacker does not maintain the confidentiality if he does not get
the ransom within time.
iii) Losing of Data Integrity: Another specific and noteworthy
issue of the data security, which often becomes threatening for the users
is the loss of data integrity (Mansfield-Devine 2016). The attacker breaks
the data integrity and the attacker could even change the data. This
losing of data integrity should be stopped on the immediate basis by
undertaking proper and relevant precautions.
iv) Losing of Data Availability: Data security is also threatened
when the user does not get the data properly and hence loses the overall
availability. The confidential data of the users are also quite vulnerable for
the attackers and hence if the data is not available for the users, these
users could be facing significant problems (Mohurle and Patil 2017). The
loss of data confidentiality is extremely common for the ransomware
attacks for the users and has come into account recently.
v) Outsourcing Responsibility: This is yet another significant
issue of data security for ransomware attacks for the respective users
(Moore 2016). The privacy regulations as well as data protection
regulations majorly state that the organization should not share the
specific risk of compliance. This solely refers to the fact that when the
outsourcing partner of this company is failing to protect the confidential
data of their business, the web site is at fault and thus is liable to all sorts
of legal actions or associated penalties (Andronio, Zanero and Maggi
2015). This type of data security issue could only be avoided by
undertaking validated legal actions.

6
RANSOMWARE ATTACKS AND DATA SECURITY
vi) Fragmented Policies and Processes: The various web sites
should comprise of various processes as well as policies for the proper
security of the sensitive data. However, when fragmented policies and
processes are present within the world, the attackers get a chance of
spreading ransomware malware and hence encrypting the data for
ransom payments (Song, Kim and Lee 2016). Thus, the security of data of
the users are kept at stake due to these fragmented policies or processes.
vii) Lack of Retaining Sensitive Data: The seventh subsequent
issue of data security that could be extremely problematic for the
authenticated users is the lack of retaining the sensitive or confidential
data or information (Continella et al. 2016). If the user does not pay the
ransom there is a high chance that the data would be lost forever and
could not be retrieved at any cost.
Mitigation of Ransomware Attacks for Data Security
Although, some of the simplified ransomware could lock the
respective system in any specified method that is much easier for the
knowledgeable individual to reverse; most of the advanced malware
utilizes the technique known as cryptoviral extortion (Pathak and Nanded
2016). With this particular technique, the attacker encrypts the files of the
victim and make completely inaccessible. Finally, he demands for a huge
ransom payment to decrypt all the files and provide access to the victim.
The major objective of the ransomware attack is always monetary and
similar to other kinds of attacks, attackers notify the victim after
exploiting the data or files. These attackers then demand for payment in
any virtual currency like Bitcoin with the core purpose that the identity of
the cyber criminal is not made public (Cabaj and Mazurczyk 2016). The
ransomware malware could be eventually spread by the malicious email
attachment, infected external storage device, infected software
applications or even compromised web sites.
In spite of having the above mentioned vulnerabilities, these could
be solved by undertaking some of the major and important steps of
mitigation (Richardson and North 2017). The three distinct mitigation

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7
RANSOMWARE ATTACKS AND DATA SECURITY
mechanisms for securing the data and stopping the ransomware attacks
are as follows:
i) Securing the Systems and Networks: The most effective and
efficient technique of mitigating the various ransomware attacks is by
securing the systems as well as networks (Hampton and Baig 2015). For
this purpose, the first criteria is to have the incident response plan. This
type of planning involves the requirement that is to be done in the
ransomware events. Moreover, utilization of backup system is yet another
important and significant technique to mitigate these attacks. It enables
several iterations of the backups and it requires infected or encrypted
files. The regular check ups for the data integrity and ensuring it to be
operational is also required here (Mansfield-Devine 2016). Another
effective and efficient method of mitigating the ransomware attacks and
securing the networks or systems is by using the anti-spam or antivirus
solutions.
The regular systems hence could be enabled and the network
scanning could be done easily. The macros scripts should be disabled and
Microsoft Office files should be transmitted (Mohurle and Patil 2017). The
systems should also be patched and the mobile devices, hardware,
applications, software and operating systems should be upgraded in a
periodical manner. The respective internet access should be restricted
with the help of a proxy server and the ad-blocking software should be
considered properly. The next important and significant technique of
mitigation for ransomware attacks is the application of principles for the
lesser privilege as well as network segmentation (Cabaj and Mazurczyk
2016). The organizational values could be categorized or separated
regarding data and the virtual environments should be implemented
properly. The logical or the physical network and data separation should
be checked properly and this would be helpful for reducing the
complexities regarding data security. The third parties should be
monitored and these third parties comprise of the remote access to the
respective organizational network. It helps to ensure that they are diligent

8
RANSOMWARE ATTACKS AND DATA SECURITY
with the best practices of cyber security (Song, Kim and Lee 2016). The
employees of the organization should participate in the programs of cyber
security information sharing such as InfraGard and MS ISAC.
ii) Securing the Specified End User: The security of the end user
is also extremely important and noteworthy for the proper mitigation of
ransomware attacks (Kharraz et al. 2015). Since, the data belongs to the
end users, it is also important to reduce the issues effectively. The social
engineering or phishing training should be provided to the respective
employees and urge them not to open any suspicious emails and not to
click on the links for opening the attachments contained within the emails
and even to be cautious before visiting the unknown web sites. These end
users should also close their browsers when these are not in use
(Mercaldo et al. 2016). A reporting plan should be present for all the
organizations for ensuring that the employees knows and learns about the
suspicious activities. These would help in securing the end users.
iii) Responding to the Attack: The third mitigation technique for
removing the ransomware attacks and securing data is by responding to
the ransomware attacks (Continella et al. 2016). The infected system
should be immediately disconnected from the network and infection
propagation should also be prevented. The affected data should be
determined and additional reporting should be protected properly. The
decryptor should be available so that if any such issue arises, it could be
solved easily and promptly. Backups should also be maintained for
restoring the confidential files or data. Moreover, the infection should be
reported immediately and it is highly recommended that the government
agencies should report these incidents with legal actions (Yang et al.
2015). The targeted victims would not be affected anymore and they
could deal with these ransomware attacks properly and the data would be
secured eventually.
Conclusion
Therefore, from the above discussion, it can be concluded that
ransomware is the subset of malware, where the confidential data within

9
RANSOMWARE ATTACKS AND DATA SECURITY
the victim’s system is locked by encryption technology and then payment
is demanded even before the respective ransomed data could be
decrypted and the access is returned to the specific victim. The growing
number of attacks have substantially utilized the remote desktop
protocols and all other approaches, which do not rely on the form of user’s
interactions. Moreover, this malware could also change the login
credentials of the victim for the computing devices and within the data
kidnapping attacks, this malware might even encrypt the files in the
infected devices or any other linked network device. The above research
report has clearly described about the effect of ransomware in the
technological world with relevant details. This type of attack could bring
major issues for the several users and thus security of data is also
affected and these are mentioned in this research report.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

10
RANSOMWARE ATTACKS AND DATA SECURITY
References
Andronio, N., Zanero, S. and Maggi, F., 2015, November. Heldroid:
Dissecting and detecting mobile ransomware. In International Workshop
on Recent Advances in Intrusion Detection (pp. 382-404). Springer, Cham.
Bhardwaj, A., Avasthi, V., Sastry, H. and Subrahmanyam, G.V.B., 2016.
Ransomware digital extortion: a rising new age threat. Indian Journal of
Science and Technology, 9(14), pp.1-5.
Brewer, R., 2016. Ransomware attacks: detection, prevention and
cure. Network Security, 2016(9), pp.5-9.
Cabaj, K. and Mazurczyk, W., 2016. Using software-defined networking for
ransomware mitigation: the case of cryptowall. IEEE Network, 30(6),
pp.14-20.
Cabaj, K., Gawkowski, P., Grochowski, K. and Osojca, D., 2015. Network
activity analysis of CryptoWall ransomware. Przeglad
Elektrotechniczny, 91(11), pp.201-204.
Continella, A., Guagnelli, A., Zingaro, G., De Pasquale, G., Barenghi, A.,
Zanero, S. and Maggi, F., 2016, December. ShieldFS: a self-healing,
ransomware-aware filesystem. In Proceedings of the 32nd Annual
Conference on Computer Security Applications (pp. 336-347). ACM.
Everett, C., 2016. Ransomware: to pay or not to pay?. Computer Fraud &
Security, 2016(4), pp.8-12.
Hampton, N. and Baig, Z.A., 2015. Ransomware: Emergence of the cyber-
extortion menace.
Kharraz, A., Arshad, S., Mulliner, C., Robertson, W.K. and Kirda, E., 2016,
August. UNVEIL: A Large-Scale, Automated Approach to Detecting
Ransomware. In USENIX Security Symposium (pp. 757-772).
Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L. and Kirda, E., 2015,
July. Cutting the gordian knot: A look under the hood of ransomware

11
RANSOMWARE ATTACKS AND DATA SECURITY
attacks. In International Conference on Detection of Intrusions and
Malware, and Vulnerability Assessment (pp. 3-24). Springer, Cham.
Mansfield-Devine, S., 2016. Ransomware: taking businesses
hostage. Network Security, 2016(10), pp.8-17.
Mercaldo, F., Nardone, V., Santone, A. and Visaggio, C.A., 2016, June.
Ransomware steals your phone. formal methods rescue it. In International
Conference on Formal Techniques for Distributed Objects, Components,
and Systems (pp. 212-221). Springer, Cham.
Mohurle, S. and Patil, M., 2017. A brief study of wannacry threat:
Ransomware attack 2017. International Journal of Advanced Research in
Computer Science, 8(5).
Moore, C., 2016, August. Detecting ransomware with honeypot
techniques. In Cybersecurity and Cyberforensics Conference (CCC),
2016 (pp. 77-81). IEEE.
Pathak, P.B. and Nanded, Y.M., 2016. A dangerous trend of cybercrime:
ransomware growing challenge. International Journal of Advanced
Research in Computer Engineering & Technology (IJARCET) Volume, 5.
Richardson, R. and North, M., 2017. Ransomware: Evolution, mitigation
and prevention. International Management Review, 13(1), pp.10-21.
Scaife, N., Carter, H., Traynor, P. and Butler, K.R., 2016, June. Cryptolock
(and drop it): stopping ransomware attacks on user data. In Distributed
Computing Systems (ICDCS), 2016 IEEE 36th International Conference
on (pp. 303-312). IEEE.
Sgandurra, D., Muñoz-González, L., Mohsen, R. and Lupu, E.C., 2016.
Automated dynamic analysis of ransomware: Benefits, limitations and use
for detection. arXiv preprint arXiv:1609.03020.
Song, S., Kim, B. and Lee, S., 2016. The effective ransomware prevention
technique using process monitoring on android platform. Mobile
Information Systems, 2016.

12
RANSOMWARE ATTACKS AND DATA SECURITY
Yang, T., Yang, Y., Qian, K., Lo, D.C.T., Qian, Y. and Tao, L., 2015, August.
Automated detection and analysis for android ransomware. In High
Performance Computing and Communications (HPCC), 2015 IEEE 7th
International Symposium on Cyberspace Safety and Security (CSS), 2015
IEEE 12th International Conferen on Embedded Software and Systems
(ICESS), 2015 IEEE 17th International Conference on (pp. 1338-1343).
IEEE.