IT Security Report: Ransomware Attacks and Mitigation Strategies

Verified

Added on 2022/11/17

AI Summary

This report, prepared for ITech Company as part of an IT security consultancy, provides a detailed analysis of ransomware attacks. It begins with an introduction to ransomware, discussing its societal impact and outlining the report's structure. The report then delves into three recent variants of ransomware attacks, examining their specific characteristics and methods of operation, including CryptoLocker, WannaCry, Crysis, Jigsaw, and Locky. Following this, the report explains the working mechanism of ransomware, detailing the cryptographic techniques, infection methods, and ransom demands employed by attackers. The report also highlights the potential threats posed by ransomware, including data loss, financial damage, and reputational harm to organizations. The report concludes with a summary of key findings and recommendations for mitigating the risks associated with ransomware attacks, emphasizing the importance of proactive security measures and incident response planning.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: IS SECURITIES AND MANAGEMENT
Ransome ware Attack
[Name of the Student:]
[Name of the University:]
[Author Note:]

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1IS SECURITIES AND MANAGEMENT
Executive Summary
The below study emphasize on how the ransom wares work and how the viruses effect the
various organizations. The working mechanisms and possible threats imposed by the ransom
wares are discussed along with the examples of different types of ransom wares. The ransom
wares effect the user’s system by blocking access of the files until and unless the ransom is
provided and such malwares are increasing the cybercrimes.

2IS SECURITIES AND MANAGEMENT
Table of Contents
Introduction......................................................................................................................................3
Discussion........................................................................................................................................3
Different types of ransom ware attacks.......................................................................................3
Working mechanism of ransom ware..........................................................................................5
Potential threats by ransom ware.................................................................................................7
Conclusion.......................................................................................................................................8
References......................................................................................................................................10

3IS SECURITIES AND MANAGEMENT
Introduction
In modern society internet plays an important role in the communication, business and
social lives of human beings. However many threats and risks are there while using internet such
as malware and ransom ware attacks which possess direct threat to the user’s and their
confidential data. Ransom ware can be described as a malware that generally comes from the
cryptographic background and it threatens and blocks the user’s access to any kind of website
and data until and unless any monetary ransom is given to the attackers (Aurangzeb et al. 2017).
Many complex algorithms and techniques may be used by the attackers in order to lock the
systems and thus demanding ransom. Such techniques and algorithms which are less complex
can be reversed by the knowledgeable persons sometimes but that is not always possible also.
Strong encryption techniques such as crypto viral extortion is used which encrypts the user’s
data, making them inaccessible to the user’s. The attackers sometimes demand the ransom in
forms of crypto currency such as Bit coin and Ukash as because the tracking back of such
transaction forms are difficult (Bhattacharya and Kumar 2017). The ransom ware attack is
carried by sending some files that look legitimate to a user via email or websites, which when
downloaded activates the ransom ware protocol. However some modern ransom ware viruses
like WannaCry worm does not need the intervention of humans and can travel through
computers effecting a large number of user’s.
Discussion
Different types of ransom ware attacks
Ransom ware attacks are done by the intruders in order to block the access of data to the
users and in order to that some ransoms are demanded. Different types of ransom ware attacks

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4IS SECURITIES AND MANAGEMENT
are used by the intruders to get access of the confidential data and also various kinds of
cryptographic algorithms and techniques are also used. The different kinds of ransom ware
attacks can be described as –
The oldest form of cyber ransom ware attacks are carried out by crypto locker technique
which is initially a botnet and it is considered to be one of the strongest ransom ware attacks as it
uses very strong encryption algorithms. During the attack of such a worm, sometimes it becomes
very much difficult for IT professionals to decrypt the crypto ransom ware without giving the
demanded ransom to the attackers (Al-rimy, Maarof and Shaid 2018). Another type of ransom
ware attack is the famous WannaCry ransom ware which has effected millions of user’s in
almost 150 countries. It is considered to be one of the most frequent used ransom ware over the
globe. WannaCry ransom ware is also sometimes termed as WannaCryptOr or WCry. The files
stored in some removable drives, network drives and fixed drives are encrypted using a ransom
ware known as crysis. The worm is spread through email attachments with double-file extension.
The problem with the crysis ransom ware is that it is unable to decrypt the files that spreads the
worms within a fair amount of time (Chen and Bridges 2017). Another kind of ransom ware
which encrypts the user’s files on their system and gradually keeps deleting them until a ransom
is paid. Such type of viruses are known as Jigsaw and is considered to be one of the most
destructive ransom wares. It also gives an hour-mark of 72 hours until which each file is deleted
if the ransom is not given and after the given interval of time, the entire files is deleted. The most
recent types of ransom ware spreads through email message termed as invoice, which when
downloaded locks the user’s system until a ransom is paid and such type of worms are referred to
as Locky. The Locky accesses the victim’s files on the system and encrypts them using the AES
encryption and the initial email attached file is deleted.

5IS SECURITIES AND MANAGEMENT
On the type of encryption, ransom wares can be distinguished into further three
categories – encrypting ransom ware, non-encrypting ransom ware and mobile ransom ware
(Hampton and Baig 2015). The encrypting ransom wares are generally based on public key
encryption and the crypto virus only contains the encryption key and the corresponding
decrypting key is kept private by the attacker. Some of the encrypted ransom ware are Trojans
like Gpcode and Archiveus (Mercaldo et al. 2016). The non-encryption ransom ware are
basically based on the re-activation of a Windows software update which is not done via the
internet and the user needs to call to a number and this phone call charges huge amount of
international phone rates. With the increase of ransom ware on PC platforms, the attackers have
now started targeting the mobile operating systems. These ransom wares generally target the
android mobiles where any APK files can be installed from an external source and it generally
generates a blockage in every applications of that device.
Working mechanism of ransom ware
The ransom ware attacks are generally based on the cryptographic platforms and private
and public key encryptions. The public key is generally attached to the malware and sent via
various methods. After getting into victim’s system, the malware encrypts all the files in the
victim’s system with the random generated symmetric key. Hybrid encryption is used here which
results in the generation of a small cipher text and due to this the recovery of the data becomes
very difficult. Many complex algorithms and techniques may be used by the attackers in order to
lock the systems and thus demanding ransom. Such techniques and algorithms which are less
complex can be reversed by the knowledgeable persons sometimes but that is not always
possible also. Strong encryption techniques such as crypto viral extortion is used which encrypts
the user’s data, making them inaccessible to the user’s. The victim then has to send the ransom

6IS SECURITIES AND MANAGEMENT
(e-money) along with the asymmetric cipher text. After the attackers receive the payment, the
symmetric key relevant to the victim is send and the victim decrypts the data using the needed
symmetric key. The ransom wares are generally carried out by Trojans by email attachments and
embedded links in a network service (Scaife, Carter and Butler 2016). These when gets the
access of the files somehow locks the system down and display some fake warnings in the name
of the security or law enforcement agencies. The files are encrypted in such a manner that only
the malware author can decrypt it with the needed decryption key. Payment is always the
ultimate goal of such ransom ware attacks and the victims are forced to pay the ransom in order
to get access of the files. The payment system used by the attacker is always a safe and
untraceable system. Some of the methods used by the attackers to take ransom are – digital
currency Bit coin, pre-paid voucher service such as paysafecard and also wire transfers.
However, in the recent observed ransom ware attacks, the payments are required to be done
through Bit coins.
The ransom ware attackers were initially confined to one or two countries of Eastern
Europe but gradually it began spreading to the other parts of Europe and other continents as well.
The initial ransom ware that effected the systems somehow locked down the systems and the
screens of the system were also locked or some illegal or pornographic content were displayed in
the victim’s screen until and unless the payments were made. Not only single individuals were
getting effected because of this, but also many government and private entities and even
hospitals were effected due to such kinds of attacks (Tuttle 2016). Ransom wares in the recent
years are spreading into almost every sector over the internet and the attacks are becoming more
sophisticated and complex and at the same time more resistant and accessible. The attackers by
paying a cheap amount, can get access to such ransom ware as a service. Due to such kinds of

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7IS SECURITIES AND MANAGEMENT
attacks, many organization have lost millions of dollars and the attacks on the health care
industry has resulted into the loss of lives and this act results in the funding of cybercrime. Many
awareness programs have been initiated by the organizations and governments that are prone to
such attacks and certain policies and structures are formed in order to stop the ransom ware
attacks. One of the most destructive attack in the health care sectors were initiated in the year
2017 where many hospitals of Ukraine and radio stations of California were effected and the
ransom ware used was the WannaCry ransom ware. More than 250000 attacks were detected in
116 countries by Avast system which caused much loss to various organizations.
Potential threats by ransom ware
Ransom ware attacks that have been carried out has effected various private and
government organizations as well as the healthcare industry. The health and services industry of
England and Scotland were heavily effected where up-to 70,000 devices including operation
theatre equipment, blood –storage refrigerators, computers and MRI scanners were affected
(Gordon, Fairhall and Landman 2017). Many computers and emergency systems were effected
due to the WannaCry ransom ware which resulted in huge loss of money as well as some lives.
Many business firms were also targeted by the ransom wares where recruitment agencies where
made the primary target. These recruitment agencies have many applications, contracts and CV’s
stored in their database and that is the reason why they are vulnerable to the attacks. The most
destructive aspect of ransom ware is the loss of crucial and confidential data which results in less
productivity and also business downtime. Even after the ransom ware attack, the company
suffers the consequences and as a result of such attacks, loss of reputation of the firms occurs
(Mansfield-Devine 2016). With the increase of such attacks in the recent days, the businesses
that are vulnerable to such attacks should adopt high cyber security goals and should also

8IS SECURITIES AND MANAGEMENT
implement proper measures and recovery future plans. Due to such kinds of attacks, many
organization have lost millions of dollars and the attacks on the health care industry has resulted
into the loss of lives and this act results in the funding of cybercrime (Kruse et al. 2017). Many
awareness programs have been initiated by the organizations and governments that are prone to
such attacks and certain policies and structures are formed in order to stop the ransom ware
attacks. However in the recent attacks that are occurring, there exists no release key and the
ransom ware completely deletes the files in the victim’s computer which cannot be retrieved
back. Such kinds of ransom ware are very much disastrous in case of national level
infrastructure. Many social and scientific techniques such as technical short comes, negligence of
senior managers, profiling staff and psychological trickery can be pointed out as the factors
leading to ransom wares (Uma and Padmavathi 2013). The ransom wares also impact the social
and economic factors in our society which leads to the loss of money and lives and strict and
effective counter-measures should be adopted in order to stop such cyber-attacks.
Conclusion
The recent studies have shown that ransom ware attacks are increasing day by day and
effecting a huge number of people throughout the globe. The ransom ware attacks have been
increasing in the recent days and affecting many lives and by the above study it can be concluded
that the ransom ware viruses are adopting new and strong encryption techniques in recent days
and as a result almost every industry is becoming vulnerable to such attacks and thus the
organizations should adopt possible counter-measures against them. Though many Governments
have imposed highly skilled cybercrime departments and units in their specific vulnerable
regions, the attackers are finding new techniques and ways of surpassing those firewalls and
breaching into the systems. It is also observed that due to the absence of adequate skilled IT

9IS SECURITIES AND MANAGEMENT
professionals in some organizations, such ransom ware attacks are easily implemented and in
such cases the roles of managers and their subordinates should be revised.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

10IS SECURITIES AND MANAGEMENT
References
Al-rimy, B.A.S., Maarof, M.A. and Shaid, S.Z.M., 2018. Ransomware threat success factors,
taxonomy, and countermeasures: A survey and research directions. Computers & Security, 74,
pp.144-166.
Aurangzeb, S., Aleem, M., Iqbal, M.A. and Islam, M.A., 2017. Ransomware: A Survey and
Trends. Journal of Information Assurance & Security, 6(2).
Bhardwaj, A., Avasthi, V., Sastry, H. and Subrahmanyam, G.V.B., 2016. Ransomware digital
extortion: a rising new age threat. Indian Journal of Science and Technology, 9(14), pp.1-5.
Bhattacharya, S. and Kumar, C.R.S., 2017, February. Ransomware: The CryptoVirus subverting
cloud security. In 2017 International Conference on Algorithms, Methodology, Models and
Applications in Emerging Technologies (ICAMMAET) (pp. 1-6). IEEE.
Brewer, R., 2016. Ransomware attacks: detection, prevention and cure. Network Security,
2016(9), pp.5-9.
Chen, Q. and Bridges, R.A., 2017, December. Automated behavioral analysis of malware: A
case study of wannacry ransomware. In 2017 16th IEEE International Conference on Machine
Learning and Applications (ICMLA) (pp. 454-460). IEEE.
Gordon, W.J., Fairhall, A. and Landman, A., 2017. Threats to information security—public
health implications. N Engl J Med, 377(8), pp.707-709.
Hampton, N. and Baig, Z.A., 2015. Ransomware: Emergence of the cyber-extortion menace.

11IS SECURITIES AND MANAGEMENT
Kruse, C.S., Frederick, B., Jacobson, T. and Monticone, D.K., 2017. Cybersecurity in healthcare:
A systematic review of modern threats and trends. Technology and Health Care, 25(1), pp.1-10.
Mansfield-Devine, S., 2016. Ransomware: taking businesses hostage. Network Security,
2016(10), pp.8-17.
Mercaldo, F., Nardone, V., Santone, A. and Visaggio, C.A., 2016, June. Ransomware steals your
phone. formal methods rescue it. In International Conference on Formal Techniques for
Distributed Objects, Components, and Systems (pp. 212-221). Springer, Cham.
Mohurle, S. and Patil, M., 2017. A brief study of wannacry threat: Ransomware attack 2017.
International Journal of Advanced Research in Computer Science, 8(5).
Scaife, N., Carter, H., Traynor, P. and Butler, K.R., 2016, June. Cryptolock (and drop it):
stopping ransomware attacks on user data. In 2016 IEEE 36th International Conference on
Distributed Computing Systems (ICDCS) (pp. 303-312). IEEE.
Song, S., Kim, B. and Lee, S., 2016. The effective ransomware prevention technique using
process monitoring on android platform. Mobile Information Systems, 2016.
Tuttle, H., 2016. Ransomware attacks pose growing threat. Risk Management, 63(4), p.4.
Uma, M. and Padmavathi, G., 2013. A Survey on Various Cyber Attacks and their Classification.
IJ Network Security, 15(5), pp.390-396.