Ransomware Attacks: Mitigation And Data Security

Research Objectives

Ransomware is the kind of the malicious software, which is responsible for threatening to publish the confidential data of the victim and even to block the access to that specific data unless and until a ransom is being paid (Kharraz et al. 2015). In the properly deployed attack of cryptoviral extortion, the file recovery is an extremely significant problem without the specific decryption key. Hence, it becomes extremely difficult to trace the attackers. Moreover, he uses digital currencies like Ukash as well as crypto currencies like Bitcoin for ransom and thus making tracing or prosecuting becomes quite difficult for the attackers (Scaife et al. 2016).

The following research report will be outlining a brief discussion on the topic of ransomware in in today’s world. The ransomware attacks have spread in the technological world drastically and hence there is a major question of data security. In recent days, it is being notified that the ransomware attacks are becoming quite threatening for the users and this report will be providing various relevant details regarding it.

The important research objectives of this research report are as follows:

1. i) To understand the entire concept of ransomware that is discussed in the media in recent times.
2. ii) To find out the data security issues for the ransomware for securing data.

iii) To search for suitable prevention techniques of ransomware attacks.

The ransomware or ransom malware is the kind of malware, which could prevent the users from getting access to the personal files or systems and also demands the ransom payment for regaining the access (Andronio, Zanero and Maggi 2015). The ransom is paid or is sent through credit card or crypto currencies. There are various methods, which could allow ransomware to infect the system or computer. The most common method of the ransomware is by the mal spam or malicious spam that is unsolicited electronic mails for delivering the malware. This ransomware even comprises of links for the malicious web sites. The mal spam utilizes the social engineering for tricking the people for opening the attachments and clicking on the links by properly appearing as legal (Kharraz et al. 2016). The cyber criminals utilize the social engineering within other kinds of ransomware attacks for locking the files and paying ransom.

The ransomware attacks could be carrying out with the help of Trojan, which is subsequently disguised as the legitimate file (Mercaldo et al. 2016). The victim is then tricked into opening or downloading the file as soon as it arrives as any electronic mail attachment. The most significant example of the ransomware is the Wanna Cry worm and this worm travels within the several computer systems without any type of user’s interaction automatically (Continella et al. 2016). Another popular example of this ransomware attack is the Crypto Locker. It is a specific Trojan horse, which remains active on the Internet. The kits of ransomware on the deep web have eventually allowed the cyber criminals for purchasing as well as utilizing a typical software tool and creating the ransomware with proper capabilities (Brewer 2016).

The various web sites of social media are the major victims of these types of ransomware attacks (Song, Kim and Lee 2016). The main reason for this vulnerability is that there are various users of social media and it is extremely easy to target these sites. According to a survey, more than 70% of the scams of social media are being shared manually by the people. These types of ransomware attacks could be completed by undertaking some of the steps (Pathak and Nanded 2016). The victim would eventually download as well as run the executable files or folders from several links. The second step of this attack is that the files are kept in the encrypted version and could only be opened after decryption technique. In this particular step, the cloud storage is also affected and hence the users gets no idea about the attack (Yang et al. 2015). The final step of these ransomware attacks in the media asking for ransom payments to the administrator of the social media web site.

Discussion

Since, the confidential information of billions of uses are at stake, the respective administrator is bound to pay the ransom to the attacker and get the decryption code (Everett 2016). Apart from these vulnerabilities, another important issue that occurs in these attacks is that the information of the billions of users could be leaked easily in front of the public and these users would be facing several problems related to confidentiality and data integrity (Cabaj et al. 2015). This type of attack also targets the businesses of all sizes. The first and the foremost requirement of any organization is to recognize the attack, whenever they are being attacked by the ransomware malware. Furthermore, they should even ensure that significant tools regarding the anti malware or anti virus is being implemented within the systems (Cabaj and Mazurczyk 2016).

The ransomware attacks in the technological world have become extremely common and significant for the users and thus they should be avoided on an urgent basis (Sgandurra et al. 2016). The major affected persons in these attacks are the users of the media web sites or social media web sites. The data of these users are at stake and these issues related to data security is quite problematic. The major issues of data security for the ransomware in the media are as follows:

1. i) Location of Data Unknown: The first and the most important issue of data security that is common for these types of ransomware attacks in the world is that the intended or authenticated users does not have any idea about the location of the data (Richardson and North 2017). The attacker of the ransomware attack encrypts the data and keeps them in any secret location. This location is not easily or promptly accessed by the users and hence they do not get access to the data (Bhardwaj et al. 2016).
2. ii) Losing of Data Confidentiality: The second important and significant issue that is being faced in these types of ransomware attacks in the technical world is the loss of the data confidentiality (Hampton and Baig 2015). The data no longer remains confidential for the users and hence the attacker does not maintain the confidentiality if he does not get the ransom within time.

iii) Losing of Data Integrity: Another specific and noteworthy issue of the data security, which often becomes threatening for the users is the loss of data integrity (Mansfield-Devine 2016). The attacker breaks the data integrity and the attacker could even change the data. This losing of data integrity should be stopped on the immediate basis by undertaking proper and relevant precautions.

1. iv) Losing of Data Availability: Data security is also threatened when the user does not get the data properly and hence loses the overall availability. The confidential data of the users are also quite vulnerable for the attackers and hence if the data is not available for the users, these users could be facing significant problems (Mohurle and Patil 2017). The loss of data confidentiality is extremely common for the ransomware attacks for the users and has come into account recently.
2. v) Outsourcing Responsibility: This is yet another significant issue of data security for ransomware attacks for the respective users (Moore 2016). The privacy regulations as well as data protection regulations majorly state that the organization should not share the specific risk of compliance. This solely refers to the fact that when the outsourcing partner of this company is failing to protect the confidential data of their business, the web site is at fault and thus is liable to all sorts of legal actions or associated penalties (Andronio, Zanero and Maggi 2015). This type of data security issue could only be avoided by undertaking validated legal actions.
3. vi) Fragmented Policies and Processes: The various web sites should comprise of various processes as well as policies for the proper security of the sensitive data. However, when fragmented policies and processes are present within the world, the attackers get a chance of spreading ransomware malware and hence encrypting the data for ransom payments (Song, Kim and Lee 2016). Thus, the security of data of the users are kept at stake due to these fragmented policies or processes.

vii) Lack of Retaining Sensitive Data: The seventh subsequent issue of data security that could be extremely problematic for the authenticated users is the lack of retaining the sensitive or confidential data or information (Continella et al. 2016). If the user does not pay the ransom there is a high chance that the data would be lost forever and could not be retrieved at any cost.

Although, some of the simplified ransomware could lock the respective system in any specified method that is much easier for the knowledgeable individual to reverse; most of the advanced malware utilizes the technique known as cryptoviral extortion (Pathak and Nanded 2016). With this particular technique, the attacker encrypts the files of the victim and make completely inaccessible. Finally, he demands for a huge ransom payment to decrypt all the files and provide access to the victim. The major objective of the ransomware attack is always monetary and similar to other kinds of attacks, attackers notify the victim after exploiting the data or files. These attackers then demand for payment in any virtual currency like Bitcoin with the core purpose that the identity of the cyber criminal is not made public (Cabaj and Mazurczyk 2016). The ransomware malware could be eventually spread by the malicious email attachment, infected external storage device, infected software applications or even compromised web sites.

Security of Data due to Ransomware

In spite of having the above mentioned vulnerabilities, these could be solved by undertaking some of the major and important steps of mitigation (Richardson and North 2017). The three distinct mitigation mechanisms for securing the data and stopping the ransomware attacks are as follows:

1. i) Securing the Systems and Networks: The most effective and efficient technique of mitigating the various ransomware attacks is by securing the systems as well as networks (Hampton and Baig 2015). For this purpose, the first criteria is to have the incident response plan. This type of planning involves the requirement that is to be done in the ransomware events. Moreover, utilization of backup system is yet another important and significant technique to mitigate these attacks. It enables several iterations of the backups and it requires infected or encrypted files. The regular check ups for the data integrity and ensuring it to be operational is also required here (Mansfield-Devine 2016). Another effective and efficient method of mitigating the ransomware attacks and securing the networks or systems is by using the anti-spam or antivirus solutions.

The regular systems hence could be enabled and the network scanning could be done easily. The macros scripts should be disabled and Microsoft Office files should be transmitted (Mohurle and Patil 2017). The systems should also be patched and the mobile devices, hardware, applications, software and operating systems should be upgraded in a periodical manner. The respective internet access should be restricted with the help of a proxy server and the ad-blocking software should be considered properly. The next important and significant technique of mitigation for ransomware attacks is the application of principles for the lesser privilege as well as network segmentation (Cabaj and Mazurczyk 2016). The organizational values could be categorized or separated regarding data and the virtual environments should be implemented properly. The logical or the physical network and data separation should be checked properly and this would be helpful for reducing the complexities regarding data security. The third parties should be monitored and these third parties comprise of the remote access to the respective organizational network. It helps to ensure that they are diligent with the best practices of cyber security (Song, Kim and Lee 2016). The employees of the organization should participate in the programs of cyber security information sharing such as InfraGard and MS ISAC.

1. ii) Securing the Specified End User: The security of the end user is also extremely important and noteworthy for the proper mitigation of ransomware attacks (Kharraz et al. 2015). Since, the data belongs to the end users, it is also important to reduce the issues effectively. The social engineering or phishing training should be provided to the respective employees and urge them not to open any suspicious emails and not to click on the links for opening the attachments contained within the emails and even to be cautious before visiting the unknown web sites. These end users should also close their browsers when these are not in use (Mercaldo et al. 2016). A reporting plan should be present for all the organizations for ensuring that the employees knows and learns about the suspicious activities. These would help in securing the end users.

iii) Responding to the Attack: The third mitigation technique for removing the ransomware attacks and securing data is by responding to the ransomware attacks (Continella et al. 2016). The infected system should be immediately disconnected from the network and infection propagation should also be prevented. The affected data should be determined and additional reporting should be protected properly. The decryptor should be available so that if any such issue arises, it could be solved easily and promptly. Backups should also be maintained for restoring the confidential files or data. Moreover, the infection should be reported immediately and it is highly recommended that the government agencies should report these incidents with legal actions (Yang et al. 2015). The targeted victims would not be affected anymore and they could deal with these ransomware attacks properly and the data would be secured eventually.

Conclusion

Therefore, from the above discussion, it can be concluded that ransomware is the subset of malware, where the confidential data within the victim’s system is locked by encryption technology and then payment is demanded even before the respective ransomed data could be decrypted and the access is returned to the specific victim. The growing number of attacks have substantially utilized the remote desktop protocols and all other approaches, which do not rely on the form of user’s interactions. Moreover, this malware could also change the login credentials of the victim for the computing devices and within the data kidnapping attacks, this malware might even encrypt the files in the infected devices or any other linked network device. The above research report has clearly described about the effect of ransomware in the technological world with relevant details. This type of attack could bring major issues for the several users and thus security of data is also affected and these are mentioned in this research report.

References

Andronio, N., Zanero, S. and Maggi, F., 2015, November. Heldroid: Dissecting and detecting mobile ransomware. In International Workshop on Recent Advances in Intrusion Detection (pp. 382-404). Springer, Cham.

Bhardwaj, A., Avasthi, V., Sastry, H. and Subrahmanyam, G.V.B., 2016. Ransomware digital extortion: a rising new age threat. Indian Journal of Science and Technology, 9(14), pp.1-5.

Brewer, R., 2016. Ransomware attacks: detection, prevention and cure. Network Security, 2016(9), pp.5-9.

Cabaj, K. and Mazurczyk, W., 2016. Using software-defined networking for ransomware mitigation: the case of cryptowall. IEEE Network, 30(6), pp.14-20.

Cabaj, K., Gawkowski, P., Grochowski, K. and Osojca, D., 2015. Network activity analysis of CryptoWall ransomware. Przeglad Elektrotechniczny, 91(11), pp.201-204.

Continella, A., Guagnelli, A., Zingaro, G., De Pasquale, G., Barenghi, A., Zanero, S. and Maggi, F., 2016, December. ShieldFS: a self-healing, ransomware-aware filesystem. In Proceedings of the 32nd Annual Conference on Computer Security Applications (pp. 336-347). ACM.

Everett, C., 2016. Ransomware: to pay or not to pay?. Computer Fraud & Security, 2016(4), pp.8-12.

Hampton, N. and Baig, Z.A., 2015. Ransomware: Emergence of the cyber-extortion menace.

Kharraz, A., Arshad, S., Mulliner, C., Robertson, W.K. and Kirda, E., 2016, August. UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware. In USENIX Security Symposium (pp. 757-772).

Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L. and Kirda, E., 2015, July. Cutting the gordian knot: A look under the hood of ransomware attacks. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 3-24). Springer, Cham.

Mansfield-Devine, S., 2016. Ransomware: taking businesses hostage. Network Security, 2016(10), pp.8-17.

Mercaldo, F., Nardone, V., Santone, A. and Visaggio, C.A., 2016, June. Ransomware steals your phone. formal methods rescue it. In International Conference on Formal Techniques for Distributed Objects, Components, and Systems (pp. 212-221). Springer, Cham.

Mohurle, S. and Patil, M., 2017. A brief study of wannacry threat: Ransomware attack 2017. International Journal of Advanced Research in Computer Science, 8(5).

Moore, C., 2016, August. Detecting ransomware with honeypot techniques. In Cybersecurity and Cyberforensics Conference (CCC), 2016 (pp. 77-81). IEEE.

Pathak, P.B. and Nanded, Y.M., 2016. A dangerous trend of cybercrime: ransomware growing challenge. International Journal of Advanced Research in Computer Engineering & Technology (IJARCET) Volume, 5.

Richardson, R. and North, M., 2017. Ransomware: Evolution, mitigation and prevention. International Management Review, 13(1), pp.10-21.

Scaife, N., Carter, H., Traynor, P. and Butler, K.R., 2016, June. Cryptolock (and drop it): stopping ransomware attacks on user data. In Distributed Computing Systems (ICDCS), 2016 IEEE 36th International Conference on (pp. 303-312). IEEE.

Sgandurra, D., Muñoz-González, L., Mohsen, R. and Lupu, E.C., 2016. Automated dynamic analysis of ransomware: Benefits, limitations and use for detection. arXiv preprint arXiv:1609.03020.

Song, S., Kim, B. and Lee, S., 2016. The effective ransomware prevention technique using process monitoring on android platform. Mobile Information Systems, 2016.

Yang, T., Yang, Y., Qian, K., Lo, D.C.T., Qian, Y. and Tao, L., 2015, August. Automated detection and analysis for android ransomware. In High Performance Computing and Communications (HPCC), 2015 IEEE 7th International Symposium on Cyberspace Safety and Security (CSS), 2015 IEEE 12th International Conferen on Embedded Software and Systems (ICESS), 2015 IEEE 17th International Conference on (pp. 1338-1343). IEEE.