Recent Ransomware Attacks

Question:

Discuss About The International Journal Computer Applications?

Information security is a process and action to ensure the protection of information and preventing the unauthorized use of confidential and private information, especially electronic data. Information security ensures different measures in achieving the correct security standards for particular information (Peltier, 2013). There are different risk agents that can launch an attack on the information system in with an aim of data theft and corrupting the data. One of the major threat agents is ransomware, which is a type of malicious software, typically designed to block the access of data or the whole computer system, until a sum of money is paid to the attacker (Brewer, 2016). The recent cases of ransomware attack include the attack on UK’s National Healthcare Service, Russia’s Interior Ministry and staffers at selected offices of FedEx. The global ransomware attack on this organization has resulted in the disruption of normal services loss of confidential data. The increasing attack of ransomware is alarming as many organizations and computer system are targeted by these attacks to fetch a huge sum of money from the user (Mansfield-Devine, 2016). The background, risks and security concerns along with the future trends in relation to such ransomware attacks are elaborated in the following paragraphs.

A worldwide cyber attack by Wanna Cry ransomware, as it is called has potentially put many lives at risk by paralyzing the computer systems of National Health Service, UK.  The attack paralyzed thousands of appointments and emergency operations of the hospital as the ransomware attack threatened to delete crucial files unless an amount of $300 is paid (Collier, 2017). The ransomware was capable enough to break into the robust cyber security measures taken by the hospital in protection of data. However, the attack were mainly laid on the systems, that were using Windows XP and the malware managed to jump from computer to computer by targeting the weakness of the this older version of windows operating system (Clarke & Youngstein, 2017). Only the windows XP were targeted as Microsoft had stopped supporting it in the year 2014, and the computers that were still operating on windows XP did not install the patch (Mattei, 2017).

A similar cyber attack was led on Interior ministry of Russia, by making a use of hacking tools created by U.S National Security Agency.  The attack was launched on more than 100 countries and locking the files and data of different computers demanding a payment of $300 for restoring the access (Mohurle & Patil, 2017). According to the cyber extortionists, the attackers have used the stolen NSA hacking tools for sending spam emails with the ransomware attached in form of invoices, job offers, security warnings and other legitimate files. Once the user opens that files, the malware gets installed into the computer and encrypts all the files present in the computer (Mattei, 2017). The files can only be decrypted after paying a certain amount of money in form of bit coins as demanded by the attackers. Furthermore, if the amount is not paid within 7 days, the files are permanently deleted from the system and thus, the user has no choice apart from paying the attacker.

Risks and Security Concerns

Even the staffers of FedEx offices were attacked by this ransomware. Security software makers of Avast said that they have observed of about 57000 infections in 99 countries and the top target of this attack was Russia, Ukraine and Taiwan (Mohurle & Patil, 2017).

One of the most dangerous features of ransomware is that the ransomware-encrypted files cannot be decrypted that easily.  Furthermore, the malware has the ability to scramble the files names, so that it remains undetected or becomes very difficult to detect.  After locking the crucial files, the ransomware displays a message asking for a specific sum of money in order to decrypt the files. One of the major concerns about the ransomware is that, it targets the infected machines into botnets so that the future attacks become easier to conduct. After infecting a single computer, the ransomware can easily spread to other computers connected in a local network (Rajput, 2017).

Ransomware generally has data infiltration capabilities and includes geographical targeting as well. This indicates that the ransom note is generally translated into victim’s language, thus increasing the chances of ransom to be paid. The most common methods that are generally used by the attackers in launching and executing a ransomware attack are listed below (Mansfield-Devine, 2013)-

• sending spam email campaigns that contains malicious links and attachments
• security exploits in different vulnerable software
• injecting malicious codes in legitimate websites
• creating Botnets

The above-discussed processes are the most common technique of ransomware attack. However, there are many different processes of launching ransomware attacks as well. Ransomware attack mainly uses complex set of different evasion techniques that generally go unnoticed by traditional antivirus. The different types of ransomware includes encryption ransomware, lock screen ransomware and master boot record ransomware (Sittig & Singh, 2016). The attacks cited above are mainly encryption ransomware attack, which is also known as file encryptor ransomware. The risks and security concerns associated with ransomware are elaborated in the next section.

The different risks and security concerns associated with ransomware are elaborated in the following paragraphs (Akkas, Chachamis & Fetahu, 2017)-

1) Ransomware is an infection vectors that are propagated with the user-initiated actions, which include, clicking some malicious links obtained from spam email or visiting any malicious websites. Therefore, it becomes almost impossible to detect a ransomware before it actually launches the attack.

2) The major target of a ransomware attack includes mobile devices, weak operating systems, software and cloud based applications and resources.

3) All the crucial files are locked by the ransomware paralyzing the entire system. The files cannot be decrypted by any means without paying the amount as demanded by the attacker and therefore it becomes very difficult or impossible to access the files without paying the attackers (Mohurle & Patil, 2017).

Preventive Strategies

4) As an effect of ransomware attack, different process within an organization may come to a hault, risking even people’s life as happened with the case of National Health Service in UK.

There are other risks associated with a ransomware attack as well, which includes loss of confidential data, stealing of data and so on. The security concerns associated with a ransomware attack are elaborated in the next section.

The major security concerns associated with the ransomware attack are elaborated below-

1) The attacker makes use of the vulnerability in the operating system or a device in order to launch an attack.  This indicates that the operating system or the security essentials of the system and devices is needed an upgrade. This may be further lead to the loss of confidential data and information (Bhardwaj et al., 2016).

2) The major security concern associated with ransomware attack is that, once infected a single computer, it can easily spread to different computer systems.

3) The ransomware attack generally targets different public institution and organizations making a use of the untrained staffs who handle the information security systems. Thus, out of date equipments and untrained staffs may lead to loss of data and considerable monetary loss as well. The vulnerabilities of the information system of the institution are targeted in different ransomware attack (Pathak & Nanded, 2016).

1. Ransomware attacks may Change the name of the files of a particular system, thus it becomes impossible to detect such attack.

The different strategies that can be implemented in lessening the risk and security issues associated with the ransomware and preventing the ransomware attack are elaborated in the previous section (Hampton & Baig, 2015).  

The strategies for addressing the different risks and security concerns associated with the ransomware are listed below-

1) In order to prevent the risk of Ransomware attack, all the out of date information systems are to be updated and patched regularly. The core security fundamentals that include patch management, regular backup and disaster recovery must be ensured regularly in order to prevent the risks of a ransomware attack.

2) Regular maintenance of windows and updating the antivirus software is a major strategy in preventing such ransomware attack.

3) Another strategy in avoiding the payment of ransom even if the attack occurs is to keep a backup of the most important files. This way, the user will not have the need of unlocking the encrypted files by paying money as he already has another set of data (Everett, 2016).

4) Ransomware is generally spread via email and therefore, it is utmost necessary to configure the email web server and block the doubtful attachment extensions such as .exe, .vbs and .scr.

5) The user should not respond or even open the email and messages sent by unfamiliar people. Furthermore, the phishing emails should be detected and avoided as much as possible.

6) On account of detection of suspicious activities and processes, the internet connection of the system is to be disconnected as soon as possible in order to prevent the further spreasing of the malware.

7) The volume shadow copy service or VSS of windows can be used for restoring the previous version arbitrary files. If the VSS is disabled on a computer at the time of attack, can later be used to restore the encrypted files. Therefore, VSS can be used in order to eliminate the effects of the ransomware attacks.

8) Windows Firewall should be kept enabled all the time.

9) Additional firewall protection can also be leveraged in enhancing the security essentials of the information system in order to prevent any ransomware attack.

10) The computer security software must be effective enough to scan the compressed or archived files of the system, in order to detect the ransomware attack.

11) A browser add on may also be installed that can help in blocking the pop ups.

12) Auto play should be disabled in order to prevent the automatic launching of files from external media.

13) The automatic file sharing should be disabled, as in case a system is hit by a ransomware attack, it does not spread to the other systems.

14) Bluetooth and other wireless connections should be kept off when not in use.

Conclusion

Therefore, from the above discussion, it can be concluded that the ransomware attack is strategically launched in order to leave a widespread effect. Different ransomware attack has been discussed in the report and the major causes of these attacks are found to be the improper security essentials and out of date system. Ransomware attacks are more dangerous because the files once encrypted by the attack cannot be decrypted without paying the sum of money the attacker is demanding. The report discusses the different security concerns and the risks associated with a ransomware attack. The major strategy of preventing the ransomware attack is keeping the systems up to date and patched. The other strategies that can be implemented for preventing the attack and lessening the impact of a ransomware attack are further discussed in the report. The most feasible technique of not paying the ransom even if an attack is experienced, is to keep regular backups of the important files, so that even the if they are encrypted by the ransomware, the user does not have to pay the ransom.

The future trends associated with the ransomware and the attacks related to the ransomware are listed below (O’Gorman & McDonald, 2012.)-

1) Based on the strategies used for the launching the past attacks, it can be said that the ransomware attacks are going to take a more dangerous structure in future

2) The ransomware attack can however be prevented by improving the information security essentials and generating awareness among the users for keeping their security systems up to date.

3) The future of ransomware includes targeting the security of web mail providers

4) Declination of ransomware can however be possible by enforcing a law for shutting down the attackers of ransomware and the exploit kits that deliver them.

References

Akkas, A., Chachamis, C. N., & Fetahu, L. (2017). Malware Analysis of WanaCry Ransomware.

Bhardwaj, A., Avasthi, V., Sastry, H., & Subrahmanyam, G. V. B. (2016). Ransomware digital extortion: a rising new age threat. Indian Journal of Science and Technology, 9, 14.

Brewer, R. (2016). Ransomware attacks: detection, prevention and cure. Network Security, 2016(9), 5-9.

Clarke, R., & Youngstein, T. (2017). Cyberattack on Britain’s National Health Service—A Wake-up Call for Modern Medicine. New England Journal of Medicine.

Collier, R. (2017). NHS ransomware attack spreads worldwide.

Everett, C. (2016). Ransomware: to pay or not to pay?. Computer Fraud & Security, 2016(4), 8-12.

Hampton, N., & Baig, Z. A. (2015). Ransomware: Emergence of the cyber-extortion menace.

Mansfield-Devine, S. (2013). Security review: the past year. Computer Fraud & Security, 2013(1), 5-11.

Mansfield-Devine, S. (2016). Ransomware: taking businesses hostage. Network Security, 2016(10), 8-17.

Mattei, T. A. (2017). Privacy, Confidentiality, and Security of Health Care Information: Lessons from the Recent WannaCry Cyberattack. World Neurosurgery, 104, 972-974.

Mohurle, S., & Patil, M. (2017). A brief study of Wannacry Threat: Ransomware Attack 2017. International Journal, Management.

O’Gorman, G., & McDonald, G. (2012). Ransomware: A growing menace. Symantec Corporation.

Pathak, D. P., & Nanded, Y. M. (2016). A dangerous trend of cybercrime: ransomware growing challenge. International Journal of Advanced Research in Computer Engineering & Technology (IJARCET) Volume, 5.

Peltier, T. R. (2013). Information security fundamentals. CRC Press.

Rajput, T. S. (2017). Evolving Threat Agents: Ransomware and their Variants. International Journal of Computer Applications, 164(7).

Sittig, D. F., & Singh, H. (2016). A socio-technical approach to preventing, mitigating, and recovering from ransomware attacks. Applied clinical informatics, 7(2), 624.