MN502 Ransomware Attacks on Data
A. Introduction about ransomware and their impacts on the society
B. Discussion of any five variants of ransomware (Consider some recently developed ransomware)
C. The working mechanism of ransomware
D. Potential threats posed by ransomware
E. Case study of at least one recent attack carried out by the ransomware
G. Summary
H. References in IEEE Transactions on Networking style
Answer:
Ransomware is considered to be a division of malware within the secret data gets locked on the computer of any victim. The locking of the secret data is done with the help of encryption technique and for decryption of the ransomed data, some payment is demanded so that the victim gets the access in return. The primary motive of the ransomware attacks is monetary in nature while in other cases the victim gets notifications regarding the exploit and thereby gets instructions for recovering from the attack. During the time of the ransomware attack, it can be seen that the payment is demanded in the form of virtual currency which is known to be bitcoin and this kind of payment is chosen for keeping secret the identity of the cybercriminal.
Ransomware attacks result in affecting the society in a drastic manner by not only targeting the household users of the computer but also various kinds of well-established business organizations. These kinds of attacks result in temporary or sometimes permanent loss of essential proprietary data that further leads to disruption in the business operations. Ransomware attacks have created the huge amount of problem for several healthcare organizations by making unavailable and inaccessible the patient medical history. Due to these issues, the people within the society have faced many issues during the time of their medications in those healthcare organizations where the ransomware attacks took place.
The overall research concentrates on the potential threats followed by the mitigation tools for ransomware. Primarily, the research concentrates on the discussion regarding five variants of ransomware followed by the working method of ransomware. The discussion then continues with the potential threats that are being posed by ransomware. The report concentrates on the case study related to a recent attack which is being carried out by the ransomware. The report then focuses on the recommendations of two mitigation tools for tackling the ransomware attack and discussion regarding the effectiveness of the selected tools. Finally, the report ends with a summary.
2.0 Variants of Ransomware
2.1 Discussion about five variants of ransomware
- Crysis: This is a variant of ransomware which results in encrypting the files of the users on removable, fixed and also in the network drivers by using strong encryption algorithm which creates difficulties while opening the file [8].
- Cerber: In the research, it has been found that the Cerber resulted in targeting the users of cloud-oriented Office 365 with the utilization of phishing campaign. These kinds of malware concentrate on the increasing requirement of SaaS backup in association with on-premises [1].
- Spider: Spider is known to be the form of ransomware that has spread in the form of spam emails in whole Europe. It has been found that the spider ransomware is kept unseen within the Microsoft Word document which further results in installing the malware within the computer of the victim when the file is being downloaded.
- WannaCry: This is regarded as the widespread campaigning of ransomware which resulted in affecting various kinds of organizations in most parts of the world [7]. This particular ransomware attack commonly affected the Windows systems via the exploitation of Microsoft which is known as EternalBlue [1].
- Bad Rabbit: It is known to be a variant of ransomware which resulted in infecting various organizations of Eastern Europe and Russia [9]. In the research, it has been found that Bad Rabbit has spread due to a certain fake update of Adobe Flash and it automatically directed the users into a payment page by demanding an amount of .05 bitcoin which is approximately $285.
3.0 working mechanism
3.1 Discussion about the working mechanism of Ransomware
Ransomware is considered to be malicious software which enters into the system of any user for stealing the essential information thereby threaten the user by demanding money to return back the access of their essential data. In these kinds of security threats, it can be seen that the attackers demand some ransom from the victimized person in order to restore the data access after payment [10].
Ransomware attacks are performed with the help of various kinds of vectors that results in taking the access to the computer system. The well-known form of delivery system is known to be phishing spam which is regarded as the attachments that are sent to the email id of the victim. The moment it is being downloaded as well as opened by the user, it can be seen that the necessary information is being fetched by the computer of the user.
According to the research it has been identified that in few types of ransomware it can be seen that the attacker declare him to be the agent of law enforcement and thereby shut down the system of the victim because of any pirated software installed within the system and ask for a certain amount as "fine" [11]. It is also known to be doxware or leakware within which it can be seen that the attacker tries to threaten the victim by stating to publicize the sensible data on the hardware of the victim until the amount of ransom is paid to the attacker [2].
4.0 Potential threats
4.1 System lockup by Ransomware
Locker ransomware tries to lock the operating system of the user which does not allow to open any files or applications until the amount of ransom is paid by the user.
In the research, it has been found that a system lockup is considered to be a long delay of starting the system or permanent lockup which can be caused due to the ransomware attack [12]. The primary reason for system lockup is due to the running out of memory and which can be caused due to the ransomware attack where the essential data are stolen and the actual resources for running the system gets erased.
4.2 Encryption and deleting the files by ransomware
The encryption ransomware consists of innovative encryption algorithms which are being developed specially for blocking the system files thereby demanding money for decrypting the blocked content.
During the research, it has been found that the ransomware infection is considered to be the fastest method for acquiring all the personal files of the user that are being encrypted and due to the ransomware attack, it is lost forever. After the utilization of the encryption methods, it can be seen that the threats generated by the criminals get credible and which in turn allow the authors of the malware to obtain control over the personal data of the user.
5.0 Recent attack
In the present research, it can be seen that cybercrime is becoming a common threat in the field of technical advancement. It has also been found that ransomware is regarded as the malicious code that is being utilized by the attackers for performing lock screen attacks followed by data kidnapping. According to the chosen case study, it has been found that the threat related to WannaCry Ransomware was actually not associated with the malware contaminated phishing emails.
Rather the attack began with the scanning for weak TCP 445port within the public Internet server. Researchers have analyzed that the ransomware attack had been a cyber attack on the worldwide basis that mostly targeted the computers that were operating under the Microsoft built operating system [3]. It has been found that the data are being encrypted by the attacker and in return, they claimed for ransom payments which are in the form of bitcoin cryptocurrency.
6.0 Mitigation tools
After the thorough research, it has been found that the two mitigation tools for tackling the ransomware attacks include Procmon and SSDT. The primary task of the detection and mitigation tools for ransomware is to identify whether there is any occurrence of ransomware encryption [5]. After that, it is required to know that which process of encryption is taking place followed by termination of the process.
Procon is known to be the monitoring tool which results in showing the overall activities that are taking place inside the system. It is quite obvious that the events are occurring in a continuous manner and in that aspect, Procmon has the capability for enabling its filter which does not allow the information to get flooded [4]. With the help of the Procmon, it can be seen that the malicious programs are pointed out for carrying out the process of mitigation.
In the research, it has been found that all the system call within the system are monitored with the help of SSDT. After finding the process that is responsible to encrypt the files it can be seen that the SSDT starts concentrating on the log in order to search that which process has started the act of encryption [6]. With the help of this mitigation tool all the malicious data and files which are being stored previously can be deleted in an easier manner. Thus, it can be seen that SSDT helps in the overall cleaning of the full system followed by cleaning up of malicious files and processes [4]
7.0 Summary
After the analysis of the overall research, it can be summarized that Ransomware is considered to be malicious software which enters into the system of any user for stealing the essential information thereby threaten the user by demanding money to return back the access of their essential data. It has been found that the Ransomware attacks are performed with the help of various kinds of vectors that results in taking the access to the computer system. Ransomware is also said to be doxware or leakware within which it can be seen that the attacker tries to threaten the victim by stating to publicize the sensible data on the hardware of the victim until the amount of ransom is paid to the attacker.
The main reason for system lockup is due to the running out of memory and which can be caused due to the ransomware attack where the essential data are stolen and the actual resources for running the system gets erased. Research has found that utilization of the encryption methods it can be seen that the threats generated by the criminals get credible and which in turn allow the authors of the malware to obtain control over the personal data of the user. The chosen case study has discussed the recent ransomware attack known to be WannaCry Ransomware. The two chosen mitigating tools for overcoming the ransomware attacks are Procmon and SSDT.
References
[1] Brewer, Ross. "Ransomware attacks: detection, prevention and cure." Network Security 2016, no. 9 (2016): 5-9.
[2] Brunau, Chris. Common Types of Ransomware, August 2018.
[3] Cabaj, Krzysztof, Marcin Gregorczyk, and Wojciech Mazurczyk. "Software-defined networking-based crypto ransomware detection using HTTP traffic characteristics." Computers & Electrical Engineering 66 (2018): 353-368.
[4] Christensen, J. B., and Niels Beuschau. "Ransomware detection and mitigation tool." (2017).
[5]Fruhlinger, Josh. What is ransomware? How it works and how to remove it, November, 2017.
[6] Kharraz, Amin, Sajjad Arshad, Collin Mulliner, William K. Robertson, and Engin Kirda. "UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware." In USENIX Security Symposium, pp. 757-772. 2016.
[7] Kharraz, Amin, William Robertson, Davide Balzarotti, Leyla Bilge, and Engin Kirda. "Cutting the gordian knot: A look under the hood of ransomware attacks." In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pp. 3-24. Springer, Cham, 2015.
[8] Maurya, A. K., N. Kumar, A. Agrawal, and R. A. Khan. "Ransomware: Evolution, Target and Safety Measures." (2018).
[9] Sahi, Supreet Kaur. "A Study of WannaCry Ransomware Attack."
[10] Scaife, Nolen, Henry Carter, Patrick Traynor, and Kevin RB Butler. "Cryptolock (and drop it): stopping ransomware attacks on user data." In Distributed Computing Systems (ICDCS), 2016 IEEE 36th International Conference on, pp. 303-312. IEEE, 2016.
[11] Sharma, Ms Prachi, Mr Shubham Zawar, and Suryakant B. Patil. "Ransomware Analysis: Internet of Things (IoT) Security Issues, Challenges and Open Problems Inthe Context of Worldwide Scenario of Security of Systems and Malware Attacks." Int. J. Innov. Res. n Sci. Eng 2, no. 3 (2016): 177-184.
[12] Sultan, Hirra, Aqeel Khalique, Shah Imran Alam, and Safdar Tanweer. "A SURVEY ON RANSOMWARE: EVOLUTION, GROWTH, AND IMPACT." International Journal of Advanced Research in Computer Science 9, no. 2 (2018).
Buy MN502 Ransomware Attacks on Data Answers Online
Talk to our expert to get the help with MN502 Ransomware Attacks on Data Answers to complete your assessment on time and boost your grades now
The main aim/motive of the management assignment help services is to get connect with a greater number of students, and effectively help, and support them in getting completing their assignments the students also get find this a wonderful opportunity where they could effectively learn more about their topics, as the experts also have the best team members with them in which all the members effectively support each other to get complete their diploma assignments. They complete the assessments of the students in an appropriate manner and deliver them back to the students before the due date of the assignment so that the students could timely submit this, and can score higher marks. The experts of the assignment help services at urgenthomework.com are so much skilled, capable, talented, and experienced in their field of programming homework help writing assignments, so, for this, they can effectively write the best economics assignment help services.
