Discuss about the Conference on Detection of Intrusions.
On 12th June 2017, A web hosting company named Nayana from South Korea was badly hit by a ransomware attack. A report stated that more than 150 of its Linux servers were out of order which resulted in making 3400 clients website unavailable (Everett, 2016). This particular type of ransomware looks for different files in web server and encrypts them. After that a ransom was demanded against the safety recovery of the file ( Cabaj, Gregorczyk & Mazurczyk, 2016).
Nayana used the older version of Apache and PHP, both of them were released back in 2006. In addition, it uses 2008 edition of Linux kernel. All the tools used by Nayana were found to be back dated. All these factors helped the attackers to attack easily ( DeMuro, 2016).
Certain precaution must be taken to reduce the risk of ransomware attacks like the systems should be patched for new vulnerabilities. Cyber health check programs must be conducted on regular basis to check the cyber risk exposure of various companies. Employees of various organization must be trained against phishing email so that they can easily recognize them. These mails were mainly used as a method for delivering ransomware attacks (Everett, 2016).
In the month of June, a South Korean web hosting firm named Nayana has been badly hit by a ransomware attack named Erebus (Mercaldo et al., 2016). More than 150 of their Linux server were put out of order which resulted in unavailability of 3,400 client website ( DeMuro, 2016). Erebus ransomware is also known as cryptovirus which is named after Greek God of darkness. The ultimate goal of this Erebus ransomware is to attack different files on the Web servers and to encrypt them. After that a ransom is demanded for the safety recovery of the files (Hampton & Baig, 2015).
At first the attackers demanded 550 bitcoins and after several negotiation the deal ended on 400 bitcoins. The ransom has been demanded in three installments. It is a questionable part on the company part that it does not have any back up for those important data (Kharraz et al., 2015).
As per some report, Nayana website runs on back dated Linux kernel. Basically it uses older version of Apache and PHP (Mercaldo et al., 2016). The company does not invested a single penny on their web development which gave a wonderful option to the attackers to attack their website and demand a ransom (O'Gorman & McDonald, 2012).
Erebus ransomware looks for different files on the web server and after that it encrypts them. After that a ransom is demanded for the safety recovery of their files. These ransomware took place as the South Korean company named Nayana has been badly hit and more than 150 of its linux server are damaged (Rajput, 2017). In this case a ransom equating to 550 bitcoin has been demanded and after negotiation the deal has been settled on 400 bitcoin with the attackers (Mercaldo et al., 2016).
Nayana website mainly uses older version of Apache, PHP and Linux kernel. Due to this reason, the attacker easily hacked the web server of this particular company (Kharraz et al., 2015). A report stated that Erebus uses RSA algorithm to change the AES keys of windows and which will ultimately change its encryption keys (Rajput, 2017). Erebus is not the first ransomware virus to affect the various networks running on Linux, there are many others discovered back in the year of 2014(O'Gorman & McDonald, 2012).
Certain measures can be taken to reduce the risk of ransomware attack like the systems from various organizations must be regularly patched for new updates, penetration test must be run in various systems to check holes in the respective systems, Cyber health check up plans must be conducted in various firms to check the cyber risk exposure of their systems (Everett, 2016). Employees of different organization must be trained to recognize phishing emails which are used as method for delivering ransomware. Systems of various organization must be updated with latest firmware and anti-virus software’s. Organization should consult with agencies like ISO-27001 complaint ISMS to improve their security services ( Cabaj, Gregorczyk & Mazurczyk, 2016). Agencies like these help various organizations in the matter of security. These agencies work with various firms irrespective of their location (Hampton & Baig, 2015). These agencies have a experience of many years. It is a advise to various organization that they should have back up of their important data in two to three locations ( DeMuro, 2016). The employees of different companies are advised to avoid installation of unknown third party software’s in their systems as it provide an gateway to such ransomware (O'Gorman & McDonald, 2012).
From the above discussion, it can be concluded that cyber security is a great issue among various IT experts ( Cabaj, Gregorczyk & Mazurczyk, 2016). It risk some important and valuable data of an organization. Certain issues must be taken into account like the systems from various organizations must be regularly patched for new updates, penetration test must be run in various systems to check if there are any holes in it (Kharraz et al., 2015). This ransomware took place due to usage of older version of Apache, PHP and Linux kernel in the systems and websites (Hampton & Baig, 2015). Employees of different organization must be trained to recognize phishing emails which are used as method for ransomware attack (Rajput, 2017).
Ransomware is nothing but a type malicious software that affects the hard drive of various system (Mohurle & Patil, 2017). The ultimate goal of ransomware is to encrypt the data so that it become inaccessible. After that a ransom is demanded against those encrypted files (Matthies, Keller & Lim, 2012). In the case of WannaCry attack, many business and computer users from all over the world are requested for a ransom of 300-600 bitcoins. Ransomware is consider as one of fastest growing cyber-crime in the world(Akkas, Chachamis & Fetahu, 2017).
To deal with the ransomware attack a technique known as kill switch is launched (Martin, Kinross & Hankin, 2017). According to a report more than 150 countries are affected due to this wannacry ransomware attack. It affected more than 300,000 systems of various organizations (Asch, Mattock & Hosek, 2013).
Ransomware is a malicious software which damages the hard drives of various computer systems (Martin, Kinross & Hankin, 2017). Microsoft deserve some blame for its poor security which resulted in Wannacy ransomware attack (Matthies, Keller & Lim, 2012). The main problem behind his attack is that most of the system across the globe have windows operating system that have either automatic updates enabled or are so backdated that they cannot use automatic updates provided by Microsoft (Mejia Gonzalez, 2016). The ultimate goal of this ransomware is to create copies of different files before deleting the original files from the system. After that victim needs a decryption key to access those encrypted copies (Collier, 2017).
Among the entire nations, UK has been affected the most. Many health care services of United Kingdom have been affected due to this malware attack. Many global organization and business are affected due to this ransomware attack. In this attack the biggest issue is that the users cannot access systems data which resulted in the loss of productivity of these firms (Young & Yung, 2017). Initially the attackers choose phishing mail as the mode of delivery of this malware. Till no cases of data breach has been found where private information has been accessed and altered. WannaCry is developed using a piece of NSA code which has been released by a group of hacker known as Shadow Brokers (Mohurle & Patil, 2017). Due to this ransomware, Giant firms like Nissan Motors, FedEx and Russia bank sberbank are also affected (Martin, Kinross & Hankin, 2017).
In the beginning phishing emails are chosen as the mode of delivery of this malware. This ransomware attacked a known vulnerability present in the older version of Microsoft windows (Collier, 2017). After that a patch has been released by Microsoft to tackle the attack of this ransomware (Mejia Gonzalez, 2016). The main mode of spreading of this malware is the malicious software which have been downloaded in the computers through various links of computers. WannaCry is build with capability that appears to have properties like same vulnerability (Young & Yung, 2017). After capurting various systems, wannnacry comes out with kill switch URL in the systems in order check whether the malware is in sandbox environment or not (Akkas, Chachamis & Fetahu, 2017). Now if the respective URL does not respond back then malware starts to encrypt the files containing important data by using a method known as AES-128 cipher (Asch, Mattock & Hosek, 2013). After the successful encryption of these files a ransomware note is displayed on the victims machine. This ransomware attack has the tendency to scan the internet IP and infect other systems linked on the with IP (Matthies, Keller & Lim, 2012).
Attacks like this ransomware can be prevented by using certain measures like backup of important data, installation of latest updates on the system, Installation of antivirus software, enabling security protections. Back up of important data is ensured on a regular basis and after taking the backup it is advised to remove the device from the system so that malware infection cannot spread to your system. The ultimate notion of the malware is to block the access of important data (Collier, 2017). Now on the contrary if the user has a backup of all important data then the ransomware cannot affect the system. The system, software and devices must be updated from time to time. User must be updating their systems to current version of windows to minimize the attacks of various malware (Mejia Gonzalez, 2016).
Antivirus software’s must be installed on every possible devices and it must be updated on regular basis. Developers from all across the globe are working very hard to track upgradation in various malware and their systems software updation, on the contrary this is only possible with the help of latest updates (Asch, Mattock & Hosek, 2013). Security protection on the user device must not be disabled, if it is disabled then it may make the device more open to malware attack. Now if a user is a victim of malware attack then he should contact the respective IT services firm or he may contact the respective cyber insurance organization if the company has a cyber insaurance (Mohurle & Patil, 2017).
From the above discussion it can be concluded that organization from all across the globe must create cyber security awareness among their employees. On 12 May 2017 the ransomware attack known as WannaCry infected the various systems (Akkas, Chachamis & Fetahu, 2017). A mechanism known as Kill switch has been developed by researchers to stop the effect of this malware attack. Security awareness program must be conducted in the various nations. Cyber security in different firms must be improved in order to cut the impact of various malwares (Young & Yung, 2017).
Akkas, A., Chachamis, C. N., & Fetahu, L. (2017). Malware Analysis of WanaCry Ransomware.
Asch, B. J., Mattock, M. G., & Hosek, J. (2013). A new tool for assessing workforce management policies over time. Rand Corporation.
Collier, R. (2017). NHS ransomware attack spreads worldwide.
Martin, G., Kinross, J., & Hankin, C. (2017). Effective cybersecurity is fundamental to patient safety.
Matthies, C. F., Keller, K. M., & Lim, N. (2012). Identifying barriers to diversity in law enforcement agencies. Rand Corporation.
Cabaj, K., Gregorczyk, M., & Mazurczyk, W. (2016). Software-Defined Networking-based Crypto Ransomware Detection Using HTTP Traffic Characteristics. arXiv preprint arXiv:1611.08294.
DeMuro, P. R. (2016). Keeping Internet Pirates at Bay: Ransomware Negotiation in the Healthcare Industry. Nova L. Rev., 41, 349.
Everett, C. (2016). Ransomware: to pay or not to pay?. Computer Fraud & Security, 2016(4), 8-12.
Hampton, N., & Baig, Z. A. (2015). Ransomware: Emergence of the cyber-extortion menace.
Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., & Kirda, E. (2015, July). Cutting the gordian knot: A look under the hood of ransomware attacks. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 3-24). Springer, Cham.
Mercaldo, F., Nardone, V., Santone, A., & Visaggio, C. A. (2016, June). Ransomware steals your phone. formal methods rescue it. In International Conference on Formal Techniques for Distributed Objects, Components, and Systems (pp. 212-221). Springer, Cham.
O'Gorman, G., & McDonald, G. (2012). Ransomware: A growing menace. Symantec Corporation.
Rajput, T. S. (2017). Evolving Threat Agents: Ransomware and their Variants. International Journal of Computer Applications, 164(7).
Mejia Gonzalez, N. J. (2016). Three Essays on Obesity.
Mohurle, S., & Patil, M. (2017). A brief study of Wannacry Threat: Ransomware Attack 2017. International Journal, 8(5).
Young, A. L., & Yung, M. (2017). Cryptovirology: The birth, neglect, and explosion of ransomware. Communications of the ACM, 60(7), 24-26.