The security remains a challenge in networked information systems. One of the fastest evolving malware is ransomware. The ransomware embeds itself onto the computer in such a manner that it cannot be segregated, and even rebooting causes the ransomware to launch malicious code again. A ransomware continues to be a serious threat to the network users. Assume youhave an interview for the ransomware analyst position with Regal Security Solutions company. You are supposed to be prepared about the ransomware, their types, threats, and mitigation tools. In this context write a report including the following sections:
A. Introduction about ransomware and their impacts on the society
B. Discussion of any five variants of ransomware (Consider some recently developed ransomware)
C. The working mechanism of ransomware
D. Potential threats posed by ransomware
E. Case study of at least one recent attack carried out by the ransomware
F. Recommendations on any two mitigation tools to tackle the ransomware attack and discuss the effectiveness of the selected tools
Answer:
Introduction
Ransom ware is a subset of the malicious software also known as malware invented from the cryptovirology which is designed to threaten the general public on account of stealing of data saved on either, computer or tablets. This software blocks the data of the person and the same is handed over to the person back once the money is received in the form of ransom [1]. The consequences of not giving the ransom can be so bad that the company or the individual can go out of the data no matter how much important or private it is. The report includes the complete analysis of the ransom ware and how it works and its different variants that have been developed over the years [2]. Also the main motive of this report is to understand the threats that have been arising from the ransom ware.
Impact and its effect
Ransom ware falls under the category of the dangerous malware which creates the drastic effect on the society. The effect is so turbulent that the entire set of the files can be disturbed if the money is not paid on time and the data may be blocked for much of the time. On the other hand if the ransom is paid timely, the user has the power to access the data. If the effect is looked upon in case of the overall disturbance the service sector is the one that gets disturbed mostly. There are businesses whose turnovers are in the figures of the crores, there are humungous transactions which need to be managed [9]
The company prefers to keep the data on the cloud computing basis so that it is manageable anytime and anywhere as it is not possible to carry the documents everywhere. These cloud data is highly exposed to the malware and the services are mostly under the attack of the malware. According to the reports the cost of the cybercrime in the Australia was prevailing at $1.3 billion in the previous year. Generally the payment is made through the crypto currency like Bit coin or the MoneyGram. Therefore it gives the ideas to the hackers to extort more and more money as possible in the fraudulent manner [8].
Variants of ransom ware
There are certain variants of the ransom ware in the information industries which are as follows
- Locker ransom ware
- Bad Rabbit
- Mac ransom ware
- Crysis
- Crypto ransom ware
Locker ransom ware
The Locker ransom ware is a kind of the threatening malware which enters into the PC and its framework so that they can earn money to re-gain and re- establishes the data. The experts of the hacking enter into the computer with the assistance of the locker ransom ware Trojan. Due to the several unwanted links created on the websites and the notification is sent through the texts and the emails specifically, the locker ransom ware seems to be a sole malware and does not fit with the particular group [6].
Bad Rabbit
Bad Rabbit is a kind of the malware that has infected the organisation especially the Russia and the Eastern Europe. Bad Rabbit spread majorly through the use of the fake Adobe Flash Player. The same was updated mainly on the compromised websites. When the ransom ware infects the machine of the users they are directed to a particular page that suggests downloading the software or the demand of the Bit coin which cost around $285. On October 24th there were rumours of the notifications and the reports were also confirmed form the Ukraine [5]. An example of the Bad Rabbit malware is depicted below in the form of the image.
(Source: Secure list, 2017).
Mac Ransom ware
Mac ransom ware in another kind of the ransom ware that the data from user’s account is to earn monetary benefits through the process. The flow of this kind of malware is just like a walk of the tortoise yet the malware cannot assure the possibility of the non-attack. It has been reported in the financial times that the ransom war costs about $7 trillion in the disasters annually by the year 2021 [4].
Crysis
Crysis is a super dangerous crypto virus that has been discovered by the experts of security. Since then, the ransom ware has been revamping constantly. According to the latest reports it uses a particular file extension. If the individual gets infected with this variant, and meanwhile the Crysis ransom ware decrypts [2].
Crypto Ransom ware
The crypto ransom ware was propagated in the year 2014, which was believed to have targeted the computers running on the Microsoft Windows. The malware ultimately displays the message which offered to decrypt the data if payment is made within the deadline otherwise vice versa. Crypto ransom ware uses the human information and through the web of thing it incorporates the same into the PC framework. Most of the individuals are carrying their most confidential data on various applications; even the bank account numbers are being shared [2].
Mechanism of the Ransom ware
The mechanism of the ransom ware is the most simplest and the easiest one. Thought there are numerous procedures through which the data shall be hacked in a different manner, the process of the ransom ware is the most sober. The method firstly involves the response of the hacker through the spam and the fraud emails. The user gets a particular link on the website due to which, if he clicks on the website the, the spam link puts the data on the pause mode and the ransom are is successful in hacking of the data [3].
There is a format of the ransom ware through which it is executed. The algorithm is used by the hacker because of which they are able to track IP address and get into the systems of the user. After entering into the system generally the hackers tend to change the password of the computer and hacks all the data and blocks it.
The following is the procedure of how ransom ware works evidently.
- The choice of the computers by the hackers is not restricted to the company or the business or the organisations, rather it has also started attacking the personal computers rigorously.
- The malicious software generated the mathematical algorithm to decipher the data and cipher it using the key, only to gain some monetary advantage of the company.
- After the collection of the data, the ransom ware puts the file of the victim in the coded language and breaks down the information of the user from the computer.
- At last the victim of the ransom ware has to give the monetary fees to gain the access of its own data.
Potential Threats imposed by the ransom ware
New Attacks
Most of the attacks that have been occurred in the country and the infection were spread in different zones. In early stages the text messages became the source of the communication but now a days the email are the new source that has been used to send the notification of the spam mail to the customers. Cybercriminals nowadays possess the major techniques which can delete the mails and the communication over the telephone [4].
Unpatched systems
Most of the malwares is set up through the activities of the client. The user does not clicks on the links purposely and the purposefully the client taps on the negative connections and the spam messages that visits or bargains the site.
While all the payment product is contaminated by the theft and tainted infection and hits the affectability purpose of the focused on casualty. As indicated by FBI these occurrences are being alluded to as the blackmail of the payoff product [7].
No differentiation
The criminals do not care much about the target of the computers, and they do not buy the operations rather, they are willing to victimize anyone irrespective of the how dangerous and critical it might get. For example the Social media declared the news of the ransom ware attack and caught the critical applications and responsible for the extortion of the money [8].
Case Study
Jigsaw ransom ware it is a kind of the ransom ware, an encrypting one that was created in the year 2016. Earlier it was titles as the Bit coin Black mailer, but later it was termed as Jigsaw as the image of the Billy the puppet was showcased which belonged to the Saw film franchise. It was designed to spread through the malicious attachments in the form of the spam email. Jigsaw used to get activated when the files get encrypted and the data gets master boot in the record. After this image a pop up feature of the Billy the puppet will appear with the statement of the version including “I want to play a game” line in exchange of the Bit Coin or MoneyGram [5].
Recommendation
It has been recommended to the individuals to create secure and protected passwords that cannot be hacked by any hacker and to avoid the date of birth, mother name or father name in the passwords as it is easy to catch. The critical important component is that it needs to be critically evaluated so that the protective measures can be taken in advance. For instance the security approaches will be expanded on a larger amount, presentation of the coding procedure so the hackers cannot hack, as far as possible the task of the PC and the structure, reliably redesigning the current projects, the follow up of the solid isolating procedure and obstructing of obscure associations and uncovering the spam messages. Once the payment has been made the client is relieved and feels safe for the data [10].
Conclusion
There are diverse systems through which the issues that can make a problem can be diminished in the number. The strike made by the ransom is of such a worry, to the point that it influences the PC and the client as well as it influences the secretive information of the business. Significantly it is prescribed to the client to scramble the information and utilize the antivirus information keeping in mind the end goal to protect the information and records.
References
Fruhlinger, "What is ransomware? How it works and how to remove it", CSO Online, 2018. [Online]. Available: https://www.csoonline.com/article/3236183/ransomware/what-is-ransomware-how-it-works-and-how-to-remove-it.html. [Accessed: 25- Aug- 2018].
Owens, "'Ransomware' cyberattack highlights vulnerability of universities", Nature, 2016.
Choudhary, "Ransomware on Android devices", Forensic Science & Addiction Research, vol. 2, no. 2, 2018.
Jung and Y., Won, “Ransomware detection method based on context-aware entropy analysis.” Soft Computing, vol. 12, pp.1-10, 2018.
Wirth, “The Times They Are a-Changin': Part One.” Biomedical instrumentation & technology, vol. 52, no. 2, pp.148-152, 2018.
, Wolf, “Strategies against being taken hostage by ransomware.” ATZelektronik worldwide, vol. 13, no. 2, pp.44-47, 2018.
What is ransomware? - Definition from WhatIs.com", SearchSecurity, 2018. [Online]. Available: https://searchsecurity.techtarget.com/definition/ransomware. [Accessed: 24- Aug- 2018].
, Mohurle, & M Patil, (2017). A brief study of wannacry threat: Ransomware attack 2017. International Journal of Advanced Research in Computer Science, 8(5).
Kamat and A.S., Gautam, “Recent Trends in the Era of Cybercrime and the Measures to Control Them.” In Handbook of e-Business Security, vol. 18, pp. 243-258, 2018.
Y., Huang, M.M., Aliapoulios, V.G., Li, L., Invernizzi, E., Bursztein, K., McRoberts, J., Levin, K., Levchenko, A.C. Snoeren and D., McCoy, “Tracking Ransomware End-to-end. In 2018 IEEE Symposium on Security and Privacy (SP), vol. 15, pp. 618-631, 2018
