MN502 Overview Of Network Security

I. Introduction About Ransomware And Their Impacts On The Society

Ransomware is basically defined as a malicious code or software that is designed to lock down computer systems data until a ransom is paid. It is viewed as a new class of software that is malicious. It was first discovered in the year 2013 with the most recent attack being in the year 2018 where several thousands of computers fell victim to this infamous malware.

The ransomware like all other malware infects and affects computers through clicking of unverified and dangerous links and the downloading of unsafe software programs. They come in the form of torrents, mail and bots. Ransomware has therefore affected home-users and businesses alike and ultimately resulted in to many negative repercussions that range from:[1]

1. Denial of service that results in regular operations in the business being disrupted or halted
2. Short lived or permanent loss of vital information that occurs.
3. Creating damage to the reputation of organizations by both delaying service delivery and stealing of vital information that may end up being shared and used for malicious purposes.
4. Massive financial loss incurred in the process of restoring company files and systems and some being used as part payment for the asked ransom.

Many lessons learnt from the ransomware is that victims aren’t guaranteed release of their encrypted files despite paying ransom but instead the attacker will benefit from the ransom that is paid and most of all, decryption of files does not necessarily mean that the malware infection has been eliminated. [2]

II. Discussion Of Any Five Variants Of Ransomware (Consider Some Recently Developed Ransomware)

Jigsaw Ransomware: This Jigsaw ransomware variant was detected in 2016 by a company, Trend-Micro. This variant works by encrypting data by appending the “.epic” file extension and subsequently demands ransom in the form of Bit coins amounting to up to $5,000 so as to decrypt the files. It displays a message that appears routinely purporting to collect the victim’s credentials and threatening to send the credentials to its victim’s contacts, a threat that has not been proven.

The ransomware actually plays with the victim by both locking files and subsequently deleting files each time the program gets restarted thereby instilling fear to the victim and making the victim pay. Sadly, a delay in payment results in the deletion of a certain number of files each hour. [3]

Jigsaw plays with users by not only locking their files, but by deleting them incrementally every hour or when the program is restarted—instilling fear and paranoia to scare the victim into paying. Over time, the delay of payment will cause more than one file to be deleted every hour.

Spider ransomware: This variant spreads through spam-mail within European Nations and is normally hidden within Microsoft Word documents. It automatically installs itself in the computer upon being downloaded. The document comes in the form of an urgent demand or notice like from a debt collector yet it bears a malicious macro that executes when opened and subsequently encrypts the user’s computer. [4]

The TeslaCrypt ransomware variant employs the AES algorithm when encrypting files and gets spread by an exploit called Angler and attacks Adobe products and ultimately installs itself in the temporary files folder. It then spreads to the other computers within the computer network.

The Torrent-Locker variant is also spread via campaigns of spam mail and is meant to attack specific geographical locations or regions. This variant uses the AES algorithm in encrypting certain file types. It goes ahead to steal any email contacts it finds in the victims contacts or address book and uses them to spread the malware further. [5]

Crysis: This variant works by encrypting files on all kinds of drives: Hard-Driver, Removable drives and even network drives thereby making it impossible to crack it within the shortest time before damage is done. It’s typically spread through email that have attachments that have got a double file extension which hide the fact that it’s an executable file. [6]

III. The Working Mechanism Of Ransomware

Since the ransom is a malicious kind of software that takes captive of your computer as it threatens to do harm and even causes denial of service, it becomes important to understand how it work. It mostly comes through phishing, where the victim normally gets mail that comes with an attachment that appears like a trusted file. On the recipient downloading the file and opening it, the victim then becomes captive. The victims files become decrypted making the system totally unusable since they are locked using a mathematical key solely known by the attacker. In other cases the malware use the External-Blue exploit, a thing that usually affects Windows based systems because many users failed to update their operating systems after Microsoft patched it in 2017. [7]

IV. Potential Threats Posed By Ransomware

With the increasing number of hackers and their effort to finding newer ways to target by using refined tools that break into existing defenses. This has resulted in many threats as discussed below:

Data Breaches: Theft of crucial information like personal data, telephone numbers, PIN’s, Social Security numbers, dates of birth are among the many breaches that have occurred in the past. This has made them become very potential targets by the hackers who ensure they program ransomware that not only steals the data, but encrypts it till a ransom it paid, preferably using bitcoin currency. An example of a data breach is on Equifax Company in 2017 that does credit reporting. [8]

Ransomware on cloud computing: In this case, the computer systems are targeted by the ransomwares by breaching the defense system of computers and the goes ahead to encrypt the computer files using technical encryption. On doing so, they demand for money so as to release the digital keys for unlocking the data. The most prone victims are those who haven’t backed up their data. A good example is the Wannaccry Ransomware that attacked many companies in May 2017. [9]

Physical Cyber Attacks: This involves attacking electrical power grids, transport sector and other important infrastructure. This kind of attack is designed to instantly disrupt services and also hijacking very crucial systems and taking control, while threatening to create havoc if the victim doesn’t pay up within a specified time

Mining of cryptocurrency has become a common phenomenon where hackers have made holders of digital currencies their prime targets, thus affecting the processing power of computer and that’s why the attackers ensure that they compromise several systems for such purposes.

V. Case Study Of At Least One Recent Attack Carried Out By The Ransomware

The Wanncry Ransomware attack is considered as being among the most lethal attacks in information systems in the recent past. It attacked by virtually blocking and subsequently preventing access to computers and their data by encrypting the data while demanding for a ransom within a given timeframe of which if the demand is not met, the data will be wiped out of the systems. [10]

It operates by contacting the central server after infecting the initial computer and requests for the needed information that would initiate the file encryption process, and then completes its mission by demanding ransom. It spread very fast by attaching itself to commonly used documents lime Microsoft Word and PDF files and above all attacks systems that operate on the Windows platform. [11]

The attack left key institutions, business enterprises and health institutions affected in 2017, May. Organizations like Nissan Motors and Renault motors had their operations paralyzed due to this. Hospitals were not left behind too. It was estimated that the attack left several thousands of computers grounded in at least 150 countries and losses running into several billion dollars. [12]

VI. Recommendations On Any Two Mitigation Tools To Tackle The Ransomware Attack And Discuss The Effectiveness Of The Selected Tools

As discussed above, Information security systems have lately become prime targets of such criminal activity leading to a mirage of issues that range from systems being hacked, spammed, and jammed and malware. This has resulted in the need to come up with urgent and long-term measures to help mitigate these threats to information security.

Organizations need to come up with plans for how to respond to incidences that cover on what is supposed to be done in the event of a ransomware attack. Staff also needed to be empowered through training on how to manage the attacks by learning how to detect, prevent and control any attacks. This will go a long way in minimizing the chances of an attack. [13]

Generally the best tools to counter the effect are the use of Antivirus and Ant-Spamming tools. The tools will be configured and scheduled to routinely scan the systems and the entire network. [14] Such tools will also automatically update signatures that will add a layer in preventing any suspicious activity.

The organizations also need to perform routine backups on their systems since they will create a duplicate copy of data held by the organizations and in the event of an incidence, they will revert to the backup. The backups should be tested routinely checked for data integrity and verify that the backup is operational. [15]

References

[1]"Ransomware becomes the most prevalent form of malware and hits an ever-wider range of victims", Network Security, vol. 2017, no. 2, pp. 1-2, 2017.

[2]O. Dyer, "Hackers demand ransom to release encrypted US medical records", BMJ, p. i1876, 2016.

[3]S. Huntsberry, "Avoid becoming a victim of cybercrime", Freedom from Fear, vol. 2010, no. 7, pp. 32-34, 2010.

[4]"Streitwert des Unterlassungsantrages gegen Spam-Mail", Computer und Recht, vol. 32, no. 9, 2016.

[5]P. Ghaedi and A. Harounabadi, "Identifying spam e-mail messages using an intelligence algorithm", Decision Science Letters, vol. 3, no. 3, pp. 439-444, 2014.

[6]E. Gibney, "Magnetic hard drives go atomic", Nature, 2017.

[7]P. Lewis and J. Hilton, "A Statistical Analysis of Vulnerability Discovery: Microsoft Operating Systems", Engineering & Technology Reference, 2015.

[8]C. Dinges, "Forecast of Bitcoin Can It Become a Major Currency or Is It Just Another Bubble?", SSRN Electronic Journal, 2018.

[9]A. Negi and A. Goyal, "Optimizing Fully Homomorphic Encryption Algorithm using RSA and Diffie- Hellman Approach in Cloud Computing", International Journal of Computer Sciences and Engineering, vol. 6, no. 5, pp. 215-220, 2018.

[10]S. Xie, J. Yang, K. Xie, Y. Liu and Z. He, "Low-Sparsity Unobservable Attacks Against Smart Grid: Attack Exposure Analysis and a Data-Driven Attack Scheme", IEEE Access, vol. 5, pp. 8183-8193, 2017.

[11]S. Mansfield-Devine, "Ransomware: the most popular form of attack", Computer Fraud & Security, vol. 2017, no. 10, pp. 15-20, 2017.

[12]C. Wood, "Spectacular computer crimes—what they are and how they cost American business half a billion dollars a year!", Computers & Security, vol. 9, no. 6, p. 557, 1990.

[13]K. Knapp, T. Marshall, R. Rainer and D. Morrow, "The Top Information Security Issues Facing Organizations: What Can Government Do to Help?", Information Systems Security, vol. 15, no. 4, pp. 51-58, 2006.

[14]T. Munea, H. Lim and T. Shon, "Network protocol fuzz testing for information systems and applications: a survey and taxonomy", Multimedia Tools and Applications, vol. 75, no. 22, pp. 14745-14757, 2015.

[15]A. Gondhalekar, M. Krishnan and A. Vidap, "Quantifying the Systems Engineering Need for Organizations", INCOSE International Symposium, vol. 26, no. 1, pp. 11-24, 2016