Information Security Technologies: Ransomware Risks and Future Trends

Verified

Added on 2020/03/28

AI Summary

This report provides a comprehensive analysis of information security technologies, specifically focusing on the growing threat of ransomware. It begins with an introduction to information security and the nature of ransomware, highlighting recent attacks such as WannaCry and their impact on organizations like the UK's National Health Service and the Russian Interior Ministry. The report delves into the background of ransomware, explaining how it operates, its various forms (including encryption and lock screen ransomware), and the methods used by attackers to deploy it, such as spam emails, security exploits, and botnets. The core of the report explores the risks and security concerns associated with ransomware, including the infection vectors, targeting of vulnerable systems, and the challenges of data decryption. It also addresses the security concerns related to outdated systems, untrained staff, and the spread of infections across networks. Furthermore, the report outlines various strategies for addressing these risks and concerns, such as updating systems, using antivirus software, backing up important files, configuring email servers, avoiding suspicious emails, disconnecting from the internet during suspicious activities, utilizing Windows features like Volume Shadow Copy Service, and employing firewalls. The report concludes by emphasizing the importance of staying updated and implementing preventative measures, while also discussing future trends in ransomware and related attacks.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: INFORMATION SECURITY TECHNOLOGIES
Information Security Technologies
Name of the Student
Name of the University
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1
INFORMATION SECURITY TECHNOLOGIES
Table of Contents
1. Introduction......................................................................................................................2
2. Background......................................................................................................................2
3. Risk and Security Concerns of Ransomware...................................................................5
3.1 Risks..........................................................................................................................5
3.2 Security Concerns......................................................................................................6
3.3 Strategies for addressing the risks and security concerns..........................................6
4. Conclusion.......................................................................................................................8
5. Future Trends...................................................................................................................9
6. References......................................................................................................................10

2
INFORMATION SECURITY TECHNOLOGIES
1. Introduction
Information security is a process and action to ensure the protection of information and
preventing the unauthorized use of confidential and private information, especially electronic
data. Information security ensures different measures in achieving the correct security standards
for particular information (Peltier, 2013). There are different risk agents that can launch an attack
on the information system in with an aim of data theft and corrupting the data. One of the major
threat agents is ransomware, which is a type of malicious software, typically designed to block
the access of data or the whole computer system, until a sum of money is paid to the attacker
(Brewer, 2016). The recent cases of ransomware attack include the attack on UK’s National
Health Service, Russia’s Interior Ministry and staffers at selected offices of FedEx. The global
ransomware attack on this organization has resulted in the disruption of normal services loss of
confidential data. The increasing attack of ransomware is alarming as many organizations and
computer system are targeted by these attacks to fetch a huge sum of money from the user
(Mansfield-Devine, 2016). The background, risks and security concerns along with the future
trends in relation to such ransomware attacks are elaborated in the following paragraphs.
2. Background
A worldwide cyber attack by Wanna Cry ransomware, as it is called has potentially put
many lives at risk by paralyzing the computer systems of National Health Service, UK. The
attack paralyzed thousands of appointments and emergency operations of the hospital as the
ransomware attack threatened to delete crucial files unless an amount of $300 is paid (Collier,
2017). The ransomware was capable enough to break into the robust cyber security measures
taken by the hospital in protection of data. However, the attack were mainly laid on the systems,

3
INFORMATION SECURITY TECHNOLOGIES
that were using Windows XP and the malware managed to jump from computer to computer by
targeting the weakness of the this older version of windows operating system (Clarke &
Youngstein, 2017). Only the windows XP were targeted as Microsoft had stopped supporting it
in the year 2014, and the computers that were still operating on windows XP did not install the
patch (Mattei, 2017).
A similar cyber attack was led on Interior ministry of Russia, by making a use of hacking
tools created by U.S National Security Agency. The attack was launched on more than 100
countries and locking the files and data of different computers demanding a payment of $300 for
restoring the access (Mohurle & Patil, 2017). According to the cyber extortionists, the attackers
have used the stolen NSA hacking tools for sending spam emails with the ransomware attached
in form of invoices, job offers, security warnings and other legitimate files. Once the user opens
that files, the malware gets installed into the computer and encrypts all the files present in the
computer (Mattei, 2017). The files can only be decrypted after paying a certain amount of money
in form of bit coins as demanded by the attackers. Furthermore, if the amount is not paid within 7
days, the files are permanently deleted from the system and thus, the user has no choice apart
from paying the attacker.
Even the staffers of FedEx offices were attacked by this ransomware. Security software
makers of Avast said that they have observed of about 57000 infections in 99 countries and the
top target of this attack was Russia, Ukraine and Taiwan (Mohurle & Patil, 2017).
One of the most dangerous features of ransomware is that the ransomware-encrypted files
cannot be decrypted that easily. Furthermore, the malware has the ability to scramble the files
names, so that it remains undetected or becomes very difficult to detect. After locking the

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4
INFORMATION SECURITY TECHNOLOGIES
crucial files, the ransomware displays a message asking for a specific sum of money in order to
decrypt the files. One of the major concerns about the ransomware is that, it targets the infected
machines into botnets so that the future attacks become easier to conduct. After infecting a single
computer, the ransomware can easily spread to other computers connected in a local network
(Rajput, 2017).
Ransomware generally has data infiltration capabilities and includes geographical
targeting as well. This indicates that the ransom note is generally translated into victim’s
language, thus increasing the chances of ransom to be paid. The most common methods that are
generally used by the attackers in launching and executing a ransomware attack are listed below
(Mansfield-Devine, 2013)-
 sending spam email campaigns that contains malicious links and attachments
 security exploits in different vulnerable software
 injecting malicious codes in legitimate websites
 creating Botnets
The above-discussed processes are the most common technique of ransomware attack.
However, there are many different processes of launching ransomware attacks as well.
Ransomware attack mainly uses complex set of different evasion techniques that generally go
unnoticed by traditional antivirus. The different types of ransomware includes encryption
ransomware, lock screen ransomware and master boot record ransomware (Sittig & Singh,
2016). The attacks cited above are mainly encryption ransomware attack, which is also known as
file encryptor ransomware. The risks and security concerns associated with ransomware are
elaborated in the next section.

5
INFORMATION SECURITY TECHNOLOGIES
3. Risk and Security Concerns of Ransomware
The different risks and security concerns associated with ransomware are elaborated in
the following paragraphs (Akkas, Chachamis & Fetahu, 2017)-
3.1 Risks
The risks associated with the ransomware are listed below-
1) Ransomware is an infection vectors that are propagated with the user-initiated actions,
which include, clicking some malicious links obtained from spam email or visiting any malicious
websites. Therefore, it becomes almost impossible to detect a ransomware before it actually
launches the attack.
2) The major target of a ransomware attack includes mobile devices, weak operating
systems, software and cloud based applications and resources.
3) All the crucial files are locked by the ransomware paralyzing the entire system. The
files cannot be decrypted by any means without paying the amount as demanded by the attacker
and therefore it becomes very difficult or impossible to access the files without paying the
attackers (Mohurle & Patil, 2017).
4) As an effect of ransomware attack, different process within an organization may come
to a hault, risking even people’s life as happened with the case of National Health Service in UK.
There are other risks associated with a ransomware attack as well, which includes loss of
confidential data, stealing of data and so on. The security concerns associated with a ransomware
attack are elaborated in the next section.

6
INFORMATION SECURITY TECHNOLOGIES
3.2 Security Concerns
The major security concerns associated with the ransomware attack are elaborated below-
1) The attacker makes use of the vulnerability in the operating system or a device in order
to launch an attack. This indicates that the operating system or the security essentials of the
system and devices is needed an upgrade. This may be further lead to the loss of confidential
data and information (Bhardwaj et al., 2016).
2) The major security concern associated with ransomware attack is that, once infected a
single computer, it can easily spread to different computer systems.
3) The ransomware attack generally targets different public institution and organizations
making a use of the untrained staffs who handle the information security systems. Thus, out of
date equipments and untrained staffs may lead to loss of data and considerable monetary loss as
well. The vulnerabilities of the information system of the institution are targeted in different
ransomware attack (Pathak & Nanded, 2016).
4. Ransomware attacks may Change the name of the files of a particular system, thus it
becomes impossible to detect such attack.
The different strategies that can be implemented in lessening the risk and security issues
associated with the ransomware and preventing the ransomware attack are elaborated in the
previous section (Hampton & Baig, 2015).
3.3 Strategies for addressing the risks and security concerns
The strategies for addressing the different risks and security concerns associated with the
ransomware are listed below-

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7
INFORMATION SECURITY TECHNOLOGIES
1) In order to prevent the risk of Ransomware attack, all the out of date information
systems are to be updated and patched regularly. The core security fundamentals that include
patch management, regular backup and disaster recovery must be ensured regularly in order to
prevent the risks of a ransomware attack.
2) Regular maintenance of windows and updating the antivirus software is a major
strategy in preventing such ransomware attack.
3) Another strategy in avoiding the payment of ransom even if the attack occurs is to
keep a backup of the most important files. This way, the user will not have the need of unlocking
the encrypted files by paying money as he already has another set of data (Everett, 2016).
4) Ransomware is generally spread via email and therefore, it is utmost necessary to
configure the email web server and block the doubtful attachment extensions such as .exe, .vbs
and .scr.
5) The user should not respond or even open the email and messages sent by unfamiliar
people. Furthermore, the phishing emails should be detected and avoided as much as possible.
6) On account of detection of suspicious activities and processes, the internet connection
of the system is to be disconnected as soon as possible in order to prevent the further spreasing of
the malware.
7) The volume shadow copy service or VSS of windows can be used for restoring the
previous version arbitrary files. If the VSS is disabled on a computer at the time of attack, can
later be used to restore the encrypted files. Therefore, VSS can be used in order to eliminate the
effects of the ransomware attacks.

8
INFORMATION SECURITY TECHNOLOGIES
8) Windows Firewall should be kept enabled all the time.
9) Additional firewall protection can also be leveraged in enhancing the security
essentials of the information system in order to prevent any ransomware attack.
10) The computer security software must be effective enough to scan the compressed or
archived files of the system, in order to detect the ransomware attack.
11) A browser add on may also be installed that can help in blocking the pop ups.
12) Auto play should be disabled in order to prevent the automatic launching of files
from external media.
13) The automatic file sharing should be disabled, as in case a system is hit by a
ransomware attack, it does not spread to the other systems.
14) Bluetooth and other wireless connections should be kept off when not in use.
4. Conclusion
Therefore, from the above discussion, it can be concluded that the ransomware attack is
strategically launched in order to leave a widespread effect. Different ransomware attack has
been discussed in the report and the major causes of these attacks are found to be the improper
security essentials and out of date system. Ransomware attacks are more dangerous because the
files once encrypted by the attack cannot be decrypted without paying the sum of money the
attacker is demanding. The report discusses the different security concerns and the risks
associated with a ransomware attack. The major strategy of preventing the ransomware attack is
keeping the systems up to date and patched. The other strategies that can be implemented for
preventing the attack and lessening the impact of a ransomware attack are further discussed in

9
INFORMATION SECURITY TECHNOLOGIES
the report. The most feasible technique of not paying the ransom even if an attack is experienced,
is to keep regular backups of the important files, so that even the if they are encrypted by the
ransomware, the user does not have to pay the ransom.
5. Future Trends
The future trends associated with the ransomware and the attacks related to the
ransomware are listed below (O'Gorman & McDonald, 2012.)-
1) Based on the strategies used for the launching the past attacks, it can be said that the
ransomware attacks are going to take a more dangerous structure in future
2) The ransomware attack can however be prevented by improving the information
security essentials and generating awareness among the users for keeping their security systems
up to date.
3) The future of ransomware includes targeting the security of web mail providers
4) Declination of ransomware can however be possible by enforcing a law for shutting
down the attackers of ransomware and the exploit kits that deliver them.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

10
INFORMATION SECURITY TECHNOLOGIES
6. References
Akkas, A., Chachamis, C. N., & Fetahu, L. (2017). Malware Analysis of WanaCry Ransomware.
Bhardwaj, A., Avasthi, V., Sastry, H., & Subrahmanyam, G. V. B. (2016). Ransomware digital
extortion: a rising new age threat. Indian Journal of Science and Technology, 9, 14.
Brewer, R. (2016). Ransomware attacks: detection, prevention and cure. Network Security,
2016(9), 5-9.
Clarke, R., & Youngstein, T. (2017). Cyberattack on Britain’s National Health Service—A
Wake-up Call for Modern Medicine. New England Journal of Medicine.
Collier, R. (2017). NHS ransomware attack spreads worldwide.
Everett, C. (2016). Ransomware: to pay or not to pay?. Computer Fraud & Security, 2016(4), 8-
12.
Hampton, N., & Baig, Z. A. (2015). Ransomware: Emergence of the cyber-extortion menace.
Mansfield-Devine, S. (2013). Security review: the past year. Computer Fraud & Security,
2013(1), 5-11.
Mansfield-Devine, S. (2016). Ransomware: taking businesses hostage. Network Security,
2016(10), 8-17.
Mattei, T. A. (2017). Privacy, Confidentiality, and Security of Health Care Information: Lessons
from the Recent WannaCry Cyberattack. World Neurosurgery, 104, 972-974.

11
INFORMATION SECURITY TECHNOLOGIES
Mohurle, S., & Patil, M. (2017). A brief study of Wannacry Threat: Ransomware Attack 2017.
International Journal, 8(5).
O'Gorman, G., & McDonald, G. (2012). Ransomware: A growing menace. Symantec
Corporation.
Pathak, D. P., & Nanded, Y. M. (2016). A dangerous trend of cybercrime: ransomware growing
challenge. International Journal of Advanced Research in Computer Engineering &
Technology (IJARCET) Volume, 5.
Peltier, T. R. (2013). Information security fundamentals. CRC Press.
Rajput, T. S. (2017). Evolving Threat Agents: Ransomware and their Variants. International
Journal of Computer Applications, 164(7).
Sittig, D. F., & Singh, H. (2016). A socio-technical approach to preventing, mitigating, and
recovering from ransomware attacks. Applied clinical informatics, 7(2), 624.