The security remains a challenge in networked information systems. One of the fastest evolving malware is ransomware. The ransomware embeds itself onto the computer in such a manner that it cannot be segregated, and even rebooting causes the ransomware to launch malicious code again. A ransomware continues to be a serious threat to the network users.
Assume you have an interview for the ransomware analyst position with Regal Security Solutions company. You are supposed to be prepared about the ransomware, their types, threats, and mitigation tools. In this context write a report including the following sections:
A.Introduction about ransomware and their impacts on the society
B.Discussion of any five variants of ransomware (Consider some recently developed ransomware)
C.The working mechanism of ransomware
D.Potential threats posed by ransomware
E.Case study of at least one recent attack carried out by the ransomware
F.Recommendations on any two mitigation tools to tackle the ransomware attack and discuss the effectiveness of the selected tools
G.Summary
H.References in IEEE Transactions on Networking style
Answer:
Introduction
Ransomware can be considered as one of the attack which is related to the disruption of the normal flow of the activity of the user. The main motive which is put forward from the end of the attacker is that they tend to get the overall control of the user under their own control and in order to regain the control they demand ransom. The concept which is related to the ransom is related to money which is in the form of digital amount or electronic fund. The first version of the Ransomware was developed in the year 1980 and the transaction in this aspect was made in the mail [5]. The main target sector which is related to the attack is not the normal user or the house user but they intend to attack organisation who have crucial data which is stored and it would lead to disruption in the normal activity of the organisation. The main impact in the sector can be related to the permanent or temporary loss of data of the organisation. Relating to the organisation the situation can directly impact the financial aspect of the organisation and it would not be just a temporary area but it would be very much permanent sector.
The main focus point of the report is to take into consideration different aspects which is related to the attack. The five variants which is related to the attack is majorly discussed in the report. The threats which are associated with the concept is also discussed in the report along with the mitigation and the monitoring strategy which can be implemented in each of the cases.
Discussion
Five Ransomware Variants
There are basically five variants which can be related to the attack of the Ransomware. The types are discussed below:
Cerber: It can be stated here that the variant which is related to the cerber can be considered as one of the most recent innovation which is related to the attack. One of the very important aspect which can be related to the attack is that it is compactable with more than 12 language which make the access point of the attack very much severe [6]. The whole concept which is applied to the aspect of cerber is related to the affiliation of the system. The attack directly result in an creation of a platform which is the Ransomware platform which result in huge gain related to the monitory aspect from the end of the creator and the initiator of the attacker.
Locky: The main aspect which can be stated here related to the variant of the Ransomware which is locky is that it tend to follow a path which is very much common to the aspect of a spam [9]. The main functionality which is related to the attack is that a user would be getting mail which would be looking very much genuine and in order to view the message of the mail the user would be instructed to open and enable all the possible micros in the system. This can be stated as the entry point of the attack. If the user gets involved in the above process the Ransomware would be starting his operation in the system and gaining control over the overall data of the system.
Jigsaw: Jigsaw can be considered as one of the basic attack which is related to the concept which would be directly involving encryption of the data and the user would be asked to pay some ransom in order to initiate a decryption operation on the data. It can directly lead to loss of the data and the security of the system.
Crytolocker: The concept of the crytolocker is used by the attack in order to gain the access of the data which would be secured saved into the system. It can be stated here that the overall functionality which is related to the aspect would be in the sector no involvement of any sort of security aspects being involved into the system [5]. The attacker in this type of attack generally try to attack those system which have very less amount of security aspect involved in the operation so that they can easily indulge into the concept without any issue which involved into the concept.
Crysis: This can be considered as a form Ransomware which is directly encrypts the files on a fixed not removable network position. The aspect of encryption which is used in the aspect can be considered to be very strong which cannot be mitigated by normal mitigation strategy.
Working mechanism
Ransomware attack can be considered as one of the sector of attack into the computer system which has gained importance over the past few years. The main aspect which can be related to the attack is related to the aspect of spam and social engineering. There are different aspects which can be taken into consideration in the concept of the Ransomware and new approaches are being implemented in order to make the attack successful [2]. One of the most common mechanism which is related to the attack is the attack would be initiating a download link for the user and when the user would be trying to get indulge into the link would be victim of the attack. On the other hand one of the latest technique which is followed by the attacker in the point of view of the attack is the USB drive access. USB can be considered as one of the most common mechanism which is related to the sending and receiving of the data from one system to another system [7]. The user in this concept does not have any idea that Ransomware attack is being initiated into the system with the insertion of the USB into the system.
Encryption and decryption of the files
The main functionality which is related to the concept can be directly be related to the concept of DOUBLEPULSAR. The DOUBLEPULSER can be considered as one of the famous backdoor which is related to the execution of the code and immediately getting access permission into the code. The concept can be directly be utilised in the sector of the installation of additional code or software which is related to the malware execution. The malware in this type of process directly takes use of the Ethernal Blue which is needed in the aspect of the SBM exploitation of the vulnerability.
Recent attack
One of the recent attack which is related to the Ransomware is the WannaCry which is one of the attacks which had affected more than 150 countries. The attack was directly related to the cyber security which was initiated in the year 2017 [8]. The attack can be considered to be very much dangerous as compared to other attacks due to the fact that it has the ability to spread itself over the concept of the network relating to the organisation. The attack which is related to the WannaCry can also be stated as Ethernal Blue because it can result in number of leaks for example the shadow broker.
Mitigation tools
Taking into consideration the different factors of risk it can be stated that the role which is the mitigation aspects play is very much important in safeguarding the system. Some of the steps which can be followed in the aspect are stated below:
Secure transfer: It should be taken into consideration that there is always security involved in the aspect of the transfer of the data from one network to another network. In fact it can be stated here that if there is a bulk transfer of data the chances of data breach can be considered to be very much high [6]. The path of transfer of the data can be considered as one of the primary factor which is related to the concept so that there are no issue relating to the degradation of the quality of the data.
Data transfer rate minimization: It can be stated here that due to the aspect of the involvement of security it should be taken into consideration that transfer of data should be ignored in most of the cases due to the fact of keeping the network secured. Most of the attacks in the context of the data breach directly occur due to the factor of intruders or the hackers can easily get involved into the concept. Data breach can be considered as one of the most important sectors which should be taken care so that there is no loss of data involved into the concept.
Securing of the password: The password of the user should always be secured in a manner in which it has a combination of strong characters so that there are no chances of the intruders getting involved into the concept [1]. A strong password in most of the cases can be considered to be very difficult to crack and it would be directly beneficial in a way of securing the network. Security aspect should be involved into the concept so that there are no unethical activity into the concept so that the functionality of the system is not abrupt or disturbed.
Conclusion
The report can be concluded on a note that the attack which is related to the Ransomware can be considered as one of the most important and crucial attack which is related to the computer network. It can be stated that the Ransomware attack can be considered to be innovating as time progresses and it the near future would be playing a more dominating role.
References
Ferreira, Denzil, et al. "Securacy: an empirical investigation of Android applications' network usage, privacy and security." Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks. ACM, 2015
Lubacz, Józef, Wojciech Mazurczyk, and Krzysztof Szczypiorski. "Principles and overview of network steganography." IEEE Communications Magazine 52.5 (2014): 225-229.
Mathur, Avijit, and Thomas Newe. "Comparison and overview of Wireless sensor network systems for Medical Applications." International Conference on Sensing Tecnology; International Journal on Smart Sensing and Intelligent Systems: Liverpool, UK. 2014.
Pathan, Al-Sakib Khan, ed. Security of self-organizing networks: MANET, WSN, WMN, VANET. CRC press, 2016.
Perlman, Radia, Charlie Kaufman, and Mike Speciner. Network security: private communication in a public world. Pearson Education India, 2016.
Rajkumar, M. Newlin, M. Nithya, and P. HemaLatha. "Overview of Vanet with Its Features and Security Attacks." International Research Journal of Engineering and Technology (IRJET) 3.1 (2016): 137-142.
Taylor, Robert W., Eric J. Fritsch, and John Liederbach. Digital crime and digital terrorism. Prentice Hall Press, 2014.
White, Gregory B., Eric A. Fisch, and Udo W. Pooch. Computer system and network security. CRC press, 2017.
