Navigating The Growing Tide Of Ransomware Attacks
Background
Discuss About The Navigate Growing Tide Of Ransom Ware Attack?
Ransomware can be considered as one of the malware that have the main intension of restricting the user from accounting their system. This is mainly achieved either by locking the system’s screen or locking the users file unless a ransom is paid on behalf of it. Modernized ransomware families which can be collectively be termed as crypto – ransomware, encrypt certain types of files on the system which is infected and forces the user to pay a certain sum of money through the use of certain online payment methods in order to get the decrypt key (Kruse et al., 2017). The ransom price very much vary which depends on the ransomware variant and the price or the rate of exchange of the digital currency.
This report puts direct emphasis on the terminology and states its risk and security concerns and the strategies that can be used to address them.
The ransomware can be considered as one of the most promising threats which can be related to enterprises, individuals and SMBs since the mid-2000. In fact, it can be stated that there are more than 7600 ransom attacks reported to the internet crime complaint centre (IC3) between the tenure of 2005 march till date and which is still counting.
In the ransomware attack the hackers mainly exploit the flaws which are there in the operating system which is mainly the in the windows oriented framework. The affect is mainly concerned with those people who do not update the features by the use of patches which are available through the vendor itself. As of now the concerned event have generated a lot of claims. the risk associated with the attack can be stated as below:
Extortion cover: There are mainly two types of key which are used in common programming language first is the encryption key which is mainly used to hid the messages and on the other hand is the decryption key which helps in retrieving the original content of the file (Simms, 2016). extortion cover is mainly expected from the cost which is related to the decrypted key which is used to regain the original message from the encryption format. The key is generally provided from the hacker’s side.
Business interruption cover: The main goal of the hacker is pointing towards running business orientation in order to gain the overall access of the data. It can be stated here that the data which is hacked by the hackers are sometimes so much vital from the organisations point of view that it would tend to a huge loss if the data are lost or could not be received.
Risk and security concerns of Ransomware
Data restoration covers: the data in many situations can include information which are related to customer which are of high importance to them for example credit card number, bank details etc. If these details ones reach the hand of the hackers it could lead to 2 types of problem.
One of the problem is that the hacker can take the information and use it for their own benefit
One the other hand they can ask from ransom in order to receive the information. (Smith, M. (2016).
- Scolding doesn’t help
The information and the operation are very much aware of the core fundamentals and the security aspect which are involved with it. For example, disaster recovery, patch, management, regular backup and business continuity, this factors are very much important in order to protect the network and the user from the damage which can be made by the hackers (Shukla Mondal & Lodha, 2016). The Act of that the concerned people are irresponsible or incompetent for being behind the patching which are available for ensure security and ignoring the challenges that they could face if the attack is initiated are one of the security issue that can be involved in the ransomware attack. It can be stated that in most of the cases the undisputed reality is that the systems are vulnerable and mainly running on software’s that is out dated or just unpatched (Brewer, 2016).
- Understanding of the challenges
The information technology does not always have the access to the system’s which are on the overall area of the networks. When patching system can avoid the warranty or the term of the license then staying on the top of the updates is not merely an option (Valach, 2016). Or when relating to a manufacturing plant where the computers are plugged into a machine in order for the proper working may be considered as a part of the machinery and not fall under the infrastructure of the information technology. The issue is among the most widespread aspect among different organisations which can be considered as an aspect which is below the security line. This issue can be considered as avital security issue which makes the system very much vulnerable to the attack (Mohurle & Patil, 2017).
- Organisational constraints
This can be considered as one of the most vital security issue which can be directly related to the attack. The main security concerns in such an aspect is that the legislative rules and the spending cuts design rein the government from spending money on the information technology infrastructure (Lee et al., 2016)
The security factors that can be involved in the ransomware attack are
it was seen that after several hours after an attack was initiated while initiating the amount of attack and the harm it has produced a researcher by the name of MalwareTech discovered the amount of kill switch which was injected in the system. The main strategy which could be implemented according to him was that a domain name should be registered in accordance to the DNS sinkhole (Chinthapalli, 2017). This resulted in the spreading of the worm which mainly created the attack. This was taken into account due to the fact that the ransom’s main aim was to encrypt the computer files if and only if it could not connect to the domain. The lead to a widespread of the attack because most of the system’s website were not registered and it was open towards the attack. Taking into concern about the system which were already infected by the infection, it helped in slowing down the initial infection and overall expanded the time which was needed to deploy a protective measure towards it (Simmonds, 2017).
It was mainly noticed that the window encrypted APIs which were mainly used by the wannaCry may not even completely clear the prime number used in order to generate the payload’s private key from within the memory. This potentially made it possible to retrieve the key if they were not cleared or overwritten from the resident memory. This behaviour of the system was used by a French researcher who developed a tool which was known as wannakey (Pope, 2016). The key role of the wannakey was to automate the process on the windows XP systems. (the windows XP system is highline because of the factor that the infection on the window XP system where the maximum) (Pathak & Nanded, 2016). After this approach a second tool was build which was named as wanakiwi which was mainly tested on the window 7 and the server 2008 R2 as well. The scale of the attack was so huge that it intended windows to launch a new security update which was designed for older versions of the windows. In this contact the cyber defines operational of the Microsoft stated that the factor of elevated risk for the cyber-attacks which is termed destructive at the present time, the company had taken many actions in order to provide the customers full protection from the event and so that no harm can be done on any system (Russell, 2016).
Strategies for Addressing them
Conclusion
The report can be concluded on the fact that the ransomware attacks have the ability to gain a huge point of interest in the near future. The main point of emphasis is that small security measures can be incorporate into the information technology framework which can be directly beneficial in stopping the attacks privilege on a system.
The attack is already changing its basic framework and continuing its process in evolving. Ransomware would eventually sit in the arsenal with regards to the attackers on a wide range of options. On the other hand, the advanced hacking groups need money and the concept of the attack can be proven a very much easy way to gain the money in the future.
The impact of news which many dwelled when an attack it made it made the interest of the small hackers more towards this sort of attack. So it can have estimated that in the near future there can be many more such types of attack which can be termed as copycat attacks. The system which can be targeted in the future attacks are:
- Bank ATMs
- System which are related to self-checkout at the grocery store
- Billboards which are computerized.
This can be directly being related something which is already done with Ransom32 which was entirely build on JavaScript and power ware (developed in PowerShell) and this trend can be followed in the near future.
This type of ransomware attack mainly uses a combination of language which are mainly scripting languages and Microsoft API which is used to encrypt the files on the machine of the victim. Within the executable file the encryption, the note which is related to the ransom and the call out of the command and the control server are completed.
The spam campaigns right now are losing the battle against the consumer webmail providers for example yahoo!, google and Microsoft. This services have mainly bugged up in detecting the mails which are related to the attack and remedy of which have been set by sending the mails to the spam. This have resulted in the increase of the activity along the year 2016. The spam detection system in many organisations are very much less effective or non-existing than those which are involved in the webmail providers. This is one of the main reason why the attackers behind the attack have mainly focused their main area of concern towards the corporate agencies.
The Iot devices always sinks with the cloud server and it can be very much easy to wipe and replace them, so there is no such compiling reason behind which the attacks can be initiated within such framework. On the other hand, when initiated on LINUX, UNIX that actually play a vital role in the day to day life it can be somewhat obstructive. But the target which are discussed here are not in the to do list of the hackers as they are indeed very much complicate in bypassing and creating an aspect of the attack. Even if the user accidentally installs the infection on the system it would not produce any sort of harm to the system. The attackers have to be very much professional in order to do so, they need to have a victim who is already logged in which can be considered as the root of the attacker to the package an escalation with the ransomware which is a set of a whole new problem set). In the near future the target of the hackers can be in these sort of machines due to the factor that rest of the machines would be having enough of security measure sin order to stop the attack and the attack would be eventually being a loss from the point of view of the hackers.
References
Brewer, R. (2016). Ransomware attacks: detection, prevention and cure. Network Security, 2016(9), 5-9.
Chinthapalli, K. (2017). The hackers holding hospitals to ransom. BMJ, 357, j2214.
Hayes, J. (2017). Pay up-or else [ransomware attacks on industrial infrastructure]. Engineering & Technology, 12(4), 48-51.
Kruse, C. S., Frederick, B., Jacobson, T., & Monticone, D. K. (2017). Cybersecurity in healthcare: A systematic review of modern threats and trends. Technology and Health Care, 25(1), 1-10.
Lee, J. K., Moon, S. Y., & Park, J. H. (2017). CloudRPS: a cloud analysis based enhanced ransomware prevention system. The Journal of Supercomputing, 73(7), 3065-3084.
Martin, G., Kinross, J., & Hankin, C. (2017). Effective cybersecurity is fundamental to patient safety.
Mohurle, S., & Patil, M. (2017). A brief study of Wannacry Threat: Ransomware Attack 2017. International Journal, 8(5).
Pathak, D. P., & Nanded, Y. M. (2016). A dangerous trend of cybercrime: ransomware growing challenge. International Journal of Advanced Research in Computer Engineering & Technology (IJARCET) Volume, 5.
Pope, J. (2016). Ransomware: Minimizing the Risks. Innovations in clinical neuroscience, 13(11-12), 37.
Richardson, R., & North, M. (2017). Ransomware: Evolution, Mitigation and Prevention. International Management Review, 13(1), 10.
Russell, R. (2016). A layered approach: integrating email security with document management processes. Computer Fraud & Security, 2016(12), 14-18.
Shukla, M., Mondal, S., & Lodha, S. (2016, October). POSTER: Locally Virtualized Environment for Mitigating Ransomware Threat. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (pp. 1784-1786). ACM.
Simmonds, M. (2017). How businesses can navigate the growing tide of ransomware attacks. Computer Fraud & Security, 2017(3), 9-12.
Simms, C. (2016). A Matter of Survival. ITNOW, 58(4), 30-31.
Smith, M. (2016). Ransomware attack forces Michigan utility to shut dow n systems, phone lines, email. Network World.
Valach, A. P. (2016). What to Do After a Ransomware Attack. Risk Managem