MN502 Overview Of Network Security

The introduction to the computer system viruses were first introduced in the year of 1982 for the purpose of the infecting an apply2 computer system. Since then the use of the technology have been a lot and this is not used of the purpose of any help rather it is used for the purpose of hampering the work of a computer system or stealing of data. The most dangerous form of the computer malware is the ransom ware. The ransom ware used for the purpose of encrypting a computer system and then as for huge amount of ransom from the user in exchange of the data of the user. The paper discusses with the impact of the ransom ware in the society, the working principal of the ransom ware. Further the potential threats that a malware possess is also a part of the paper. Further some of the major techniques that can be used in tackle this type of the situations is also a part of the paper.

A ransom ware can be explained as the type of a malicious software that is specialty designed in order to block access to a computer system until a ransom amount is paid to the hacker. This is one of the most dangerous form of a virus that attacks a computer system [3]. There are several types of the ransom ware that have hit the world in different times, some of the most dangerous are:

• Bad Rabbit: The Bad rabbit which is one of the most dangerous form of a malware that hit the Russia and the Europe few years back is a type of ransom ware that when hit the system it directly locks every function of a computer system and redirects the user to a payment gateway page for the purpose of asking a ransom . The ransom ware hit the targets through a fake adobe reader update and is auto downloaded when the link is visited.
  
  
• Cerber: The cerber is a form of a ransom whose primary target were the users of the cloud based office 365 .  This was one of the most dangerous form of attack which shook the world affecting millions of computer systems. The strategy of the spreading of the virus is still a unknown to the Microsoft office centres but it after the target on the saas platform. This is one of the most dangerous form of virus that can hit a computer system.
  
  
• Wannacry: Many of the researchers claimed this to the most dangerous form of ransom ware in the decade as this malware affected millions of people all over the world. The primary target of this malware were the people who were using non verified windows operating systems. Also expired windows were the target of the system . The ransom ware blocked the access to the system and encrypted all the data that were stored in the system and for the purpose of decryption of the data huge amount of ransom were to be paid in the form of a bit coin. In many of the cases it was seen that even the victim paid the amount yet the system were not decrypted.
• Crysis: This is a form of ransom ware which affected the computer systems hard disk drive that is the hdd, and not any effect the sdd of the solid disk drive. The encryption strategy of the virus was so strong that many it was near about impossible to decrypt the file [12]. Also in many of the case it was seen that the victim did not get a ransom call and was asked nothing to pay.
  
  
• CTB-Locker:  The CTB-Locker is a ransom of different aspect and took a different form of spreading. IT took the support of the page from the playbooks of Girl Scout Cookies and Mary Kay Cosmetics anonymously outsourced the page in order to gain profits from the website without the consent of the user.

The ransom are designed in such a way that the files that are stored in the system of the user gets encrypted in such a way that it becomes impossible for the victim to decrypt the file without the decrypting file [11]. In the modern times most of the ransom wares are designed in such a way that it encrypts a file but reports state that there are many ransom ware that erase the files the victim [14]. The ransom ware not only affects the economy of the victim but the economy of the country.

The ransom ware possesses some of the most dangerous threats to the computer systems. This ransom ware effects the normal working of a computer system. In organisational level it can harm in very serious manner as it can destroy the entire working processes of the organisation. Also it can affect the entire budget of the organisation and hence the organisation can incur huge losses [9]. In personal level it can block all the personal files from the system and if proper measures are not beforehand then can erase all the data in the computer systems.

The working mechanism of a ransom ware is very much simple and can be easily understood:

The steps of the effect are as follows:

1. Initially the end user receives an email or visits the vulnerable website that looks legitimate.
   
   
2. The vulnerability is automatically downloaded or sometimes the victim is downloads the file.
3. Upon downloading the Kit automatically starts the process of exploring the point form where the vulnerability can expand is searched automatically.
4. Once the virus finds the way out, it enters the system andbinary file uses a PowerShell executable commands to propagate copies of itself throughout the file system.
5. Once the system is encrypted the kit sends the decrypting key to the host that is the attacker in this case. And a message regarding the same is sent to the victim.

The attack of the wannacry which was the most dangerous attack in the decade according to some of the researchers, attacked almost more than millions of the computer system all over the world in the year of 2017. The attack almost hit the entire world but particularly the south Asian and the Russian countries. The aim of this ransom ware was to attack the victim and get the ransom in the form of the BITCOIN that is via the virtual currencies. It mainly affected the organisation like the banks, railway platforms and small scale business ventures. The primary target of the ransom ware became those people who did not use the original operating system software and or used the expired ones [10].  The virus propagated through the exploit of the Eternal blue hack which is present in the older windows operating systems. The transport mechanism of the hack was so strong that it took the experts several days for the process of stopping the system. After the flaw was detected the Microsoft realised a patch which would the systems in the original software to cure the virus attack before it began but till then many of the systems were hacked. The wannacry virus also used the exploit of the double pulsar which can affect any of a system without the consent of the user.

The process of the attack began like if the virus enters any system cheeks for the kill system of the computer and hence if the virus doesn’t get the kill switch then starts the process of the encryption. Once the system is encrypted it showed the user the system is encrypted and a timer showed the time till when the data will be present in the system and after that the data will be auto erased and if the user needs to save the data then must pay a huge sum of money in the form of the bit coin. The hacker named as the shadow brokers took the bit coin as it was something the use would not get to access easily . In opposition of this when the Microsoft came to know about the hack instantly realised a patch which would cure the systems.

Mitigation process can be explained as the processes that can be used for the purpose of reducing the chances of getting affected by any computer virus. There can be many things that can be done in order to reduce the chances of the virus attacks.

1. Using of the Original Operating systems: This is the first and the most important thing that is to be done in order to ensure proper security to the system that maybe of an individual or an organisation. Pirated operating systems acts as a pathways for other computer viruses to attack a system. Also the operating systems must be regularly updated and with proper original update packages.
   
   
2. Use of antiviruses: An antivirus is a software that is specially designed for the purpose of eliminating threats from a system . But it is found that now a days the antivirus software are also pirated. The user must ensure that the machines uses the original and updated antivirus for the process of decrying the threats.
   
   
3. Networks: It is often seen that users connects to available to any available network. However a user must ensure that the systems are connected to proper networks else can cause many problems:
   
   
4. Firewalls: In organisation level the use of a firewall is a must do thing. The work of a firewall is to ensure that it stops any potential irregularities from the outside world.

Thus concluding the topic it can be said that the increase in technology, fraudsters are finding out new ways for harming the people and use the technology for works that are anti-social. The ransom ware is one of such technology which is used by hackers for harming normal human life. The researchers and the government of many countries are fighting hard in order to reduce this type of activities and catch the cyber criminals. In personal level many steps can be taken in order to reduce this type of the risks. People must follow all the legal and ethical laws in order to make the cyber world a safe one.                        

[1] Kharraz, Amin, William Robertson, Davide Balzarotti, Leyla Bilge, and Engin Kirda. "Cutting the gordian knot: A look under the hood of ransomware attacks." In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pp. 3-24. Springer, Cham, 2015.

[2] Kharraz, Amin, Sajjad Arshad, Collin Mulliner, William K. Robertson, and Engin Kirda. "UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware." In USENIX Security Symposium, pp. 757-772. 2016.

[3] Scaife, Nolen, Henry Carter, Patrick Traynor, and Kevin RB Butler. "Cryptolock (and drop it): stopping ransomware attacks on user data." In Distributed Computing Systems (ICDCS), 2016 IEEE 36th International Conference on, pp. 303-312. IEEE, 2016.

[4] Andronio, Nicoló, Stefano Zanero, and Federico Maggi. "Heldroid: Dissecting and detecting mobile ransomware." In International Workshop on Recent Advances in Intrusion Detection, pp. 382-404. Springer, Cham, 2015.

[5] Young, Adam L., and Moti Yung. "Cryptovirology: The birth, neglect, and explosion of ransomware." Communications of the ACM 60, no. 7 (2017): 24-26.

[6] Mercaldo, Francesco, Vittoria Nardone, Antonella Santone, and Corrado Aaron Visaggio. "Ransomware steals your phone. formal methods rescue it." In International Conference on Formal Techniques for Distributed Objects, Components, and Systems, pp. 212-221. Springer, Cham, 2016.

[7] Sittig, Dean F., and Hardeep Singh. "A socio-technical approach to preventing, mitigating, and recovering from ransomware attacks." Applied clinical informatics 7, no. 2 (2016): 624.

[8] Bhardwaj, Akashdeep, Vinay Avasthi, Hanumat Sastry, and G. V. B. Subrahmanyam. "Ransomware digital extortion: a rising new age threat." Indian Journal of Science and Technology 9, no. 14 (2016): 1-5.

[9] Gazet, Alexandre. "Comparative analysis of various ransomware virii." Journal in computer virology 6, no. 1 (2010): 77-90.

[10] Pathak, P. B., and Yeshwant Mahavidyalaya Nanded. "A dangerous trend of cybercrime: ransomware growing challenge." International Journal of Advanced Research in Computer Engineering & Technology (IJARCET) Volume 5 (2016).

[11] Mansfield-Devine, Steve. "Ransomware: taking businesses hostage." Network Security 2016, no. 10 (2016): 8-17.

[12] Everett, Cath. "Ransomware: to pay or not to pay?." Computer Fraud & Security 2016, no. 4 (2016): 8-12.

[13 Cabaj, Krzysztof, Piotr Gawkowski, Konrad Grochowski, and Dawid Osojca. "Network activity analysis of CryptoWall ransomware." Przeglad Elektrotechniczny 91, no. 11 (2015): 201-204.]

[14] Yang, Tianda, Yu Yang, Kai Qian, Dan Chia-Tien Lo, Ying Qian, and Lixin Tao. "Automated detection and analysis for android ransomware." In High Performance Computing and Communications (HPCC), 2015 IEEE 7th International Symposium on Cyberspace Safety and Security (CSS), 2015 IEEE 12th International Conferen on Embedded Software and Systems (ICESS), 2015 IEEE 17th International Conference on, pp. 1338-1343. IEEE, 2015.