Ransomware: Types, Threats, And Mitigation Tools – Report For Regal Security Solutions Company

Impact of Ransomware on Society

Introduction about ransomware

Ransomware is one of the malicious software that has a problem with the locking of the data in the system. Here, the ransom is paid for unlocking it. This is one of the new malware which was found in 2013 and there are programs that are generally seen to be infected through it and through the internal network setup. It has been seen that the attackers are able to encrypt it in the system where there is a proper holding of the keys of decryption and then holding the data which includes the kidnapping as well. There are programs which are based on identifying the technical industry development with attack problems solving. There are victims that mainly comply to hold the demands depending upon how the cyberhackers are reviewing it, with validation and then handling the safety of the system along with its confidentiality.

Impact of ransomware on the society

With the changing times, the major concern has been about handling the system infiltration and easy touch for the system which includes the data changes as well. There are certain perceptions which are related to how the blackmailing is done for the ransom so that the data is recorded through intervention of certain company professionals. The loss generally has issues with the cybercrime with locking the program files as well depending upon the demands that are made with unique decryption keys. They are created and then stored with the server of hacker. The computer is infected through ransomware with real loss of the valuable data that affects the system productivity and then there is a need of protecting the data as well.

Outline of Report

The report will highlight about the changes and the discussions of ransomware with its impacts or the threats on the system. It will also discuss about the recent incidents that the people have faced. 

Draw taxonomy & its discussion

Crypto locker

This ransomware has spread through different attachments and is mainly setting up the messages spamming for the RSA public key encryptions. It leads to the sealing of the user files as well. There are problems where people demand money for decryption.

TeslaCrypt:

The target of the files are focusing on associating with the video games with the other content that has been downloaded to it. The consistency is to match with improving the creators with handling the restoring of impossibilities as well [1].

Outline of Report

Simple Locker

Android is one of the platform where the system tends to attack, and it is seen that certain infections are there with the fourfold. Hence, there are blockers who attack the file with making it difficult to access it or preventing the users to access it as well.

WannaCry

This is working with taking advantage of the different defective systems where there are issues related to the system security on a large scale.

NotPetya:

The focus is on handling the problems related to monitoring the on-premise factors with assurance related to monitoring the setup of cloud infrastructure.
 

Discuss the working mechanism

It has been seen that the ransomware completely takes the system access, where there are issues related to handling the phishing or the spamming of emails as well. Once, the email is downloaded and then opening it can lead to problems with social engineering tools. It leads to problems of security rules as well, where the statistical analysis and the signature-based approaches are defined for relying on the dataset measures which holds certain signatures. The approach is to work on the malware detection and then determining about how one can detect the different threats which are related to the obfuscation. The speed certainty needs certain new strains that are developed based on the methods and then handling the malware to stop as well [4]. The system functioning is based on properly monitoring and then detecting the issues which are related to file associations which can be quarantined as well. the challenges are determined through detecting the behavioral indicators which does not include any reliable information or identification process as well. Hence, there is also a major need to avoid the false alternatives and the positives with establishing a better connection to analyze different events.

System lockup

The ransomware is about handling the system lockup for the PC where there is a problem related to the scareware with locking screen virus as well as the other stuff [2]. 

Scareware:

There are problems with the attacking of ransomware which leads to locking up of the system and there are alerts or the pop ups as well. It leads to the prevention of the program to be running on the system at any cost.

Lock Screen Virus:

The focus is on ransomware where there is computer locking. Here the display is done through full size setup with proper logo coming from FBI that certainly leads to problem and mishandling of law.

Variants of Ransomware

The Locky is worst encryption which can lead to the problems with the personal files as well as there is no access to it, till there is a certain ransom paid for it.

File Encryption and Deletion

There has been focus on encryption of system with properly handling the system files as well. Here, the data is seen to be deleted or hidden where the files also tend to go encrypted with changing the extension for the files in ransomware. Here, there is a need to purchase or focus on system getting a proper access as well [5]. The methods are defined for handling the file recovery where the encryption is set to work with crack fixing and handling license activation problems as well. The invoice which is fake, or the order receipts could have other issues which can be seen through that includes the malicious files uploading in different websites. The victims are then seen to be looking forward for the downloading and then end up holding data encryption for carrying out certain legitimacy for the attachment of emails as well.

The encryption forms includes the issues related to the virus problems. It needs to be checked with encountering the problems related to it. The payload and the malicious files set are mainly for handling the files which are easy to be executed. There are detection through researching with the %AppData% 

Recent Attack

WannaCry Ransomware attack has been one of the major attacks which are seen to be causing the issues related to the targeting of the computer systems. It includes the problems which works with the payments and the Bitcoin currency. The direct impact is about the propagation which leads to the exploitation of the system as well. The Windows Server Message Block (SMB) protocol is about the handling of the events with reporting about the message to inform users with encryption and handling the demands of payment [3]. The attack generally comes with infecting the vulnerability systems as well. WannaCry has taken advantage for the proper installation of Backdoors which are in the patches of the system. The organizations are also working with handling the no security patches and so for that there are Kaspersky Lab study for detecting about the different responses that are defined. It includes the problems which are related to the companies of cybersecurity and the allegations that are related to it. the evidences and the transport code is to scan the vulnerability system with properly using the Eternal Blue and then making a proper gain in access for the system as well. There are DNS sinkhole services where the companies are seen to be working on certain allegations like the links that are related to handle evidences. It includes the discovery through the potential attacking for the same types with major target that is defined on the critical infrastructural patterns.

Discuss any two mitigation tools

1. Process Monitoring: This tool is mainly for handling the system advancement where there are certain real time functions and the file systems to handle the processing. It works with focusing on Regmon that is for enhancement and working on sessions. The full threading stacks with proper supporting and symbol integration includes different operational setups that are defined with handling system log files [6].
2. SSDT: The other tool is for core utility management of the system styles where there is a proper storage of the information which is then seen to be deleted when there is any process which is killed. The block leads to the calling of the vssadmin.exe that leads to certain preventions of the snapshots as well. Hence, for this, the solutions are mainly to combine and then work towards the restoration of the file system encryption process.

Effectiveness of selected mitigation tools

Procmon tool is about properly focusing on monitoring the processes with handling the system capabilities to take hold of filter. The system includes the proper capturing of the data and the operations are defined through input and the output setup. There are non-distributive filters as well that help in setting the filter without any loss of data. It includes the proper configuration where the events are related to handle different files for the data that includes columns as well. The logging architecture are set with capturing of events and then there is a proper setup which is done for the processing of the tree tool which shows about the relationship as well.

The response is determined through SSDT (SQL Server Data Tool) which is for maintaining the database development and then work on handling the system debugging functions. It is then able to manage the database projects that are for handling team-based environment.

Ransomware has been a malware which needs to be efficiently be taken care of. Here, the focus has to be on network segmentation where the major goal is to completely handle the setup of IT infrastructure as well. The whitelisting generally includes the defined working and the system standards as well, which includes the processing set for malicious processes. the higher volumes of the new and the slight modified variations are seen to be not important for the threats in cybercrime. 

References

• Barak, Gil. “System and methods thereof for preventing ransomware from encrypting data elements stored in a memory of a computer-based system.” U.S. Patent Application 15/492,338, filed October 26, 2017.
• Takeuchi, Yuki, Kazuya Sakai, and Satoshi Fukumoto. “Detecting Ransomware using Support Vector Machines.” In Proceedings of the 47th International Conference on Parallel Processing Companion, p. 1. ACM, 2018.
• Allen, J. “Surviving ransomware.” American Journal of Family Law31, no. 2 (2017): 65-68.
• Richardson, Ronny, and Max North. “Ransomware: Evolution, mitigation and prevention.” International Management Review13, no. 1 (2017): 10-21.
• Wolf, Daniel G., and Donald L. Goff. “A ransomware research framework: poster.” In Proceedings of the 5th Annual Symposium and Bootcamp on Hot Topics in the Science of Security, p. 26. ACM, 2018.
• Kolodenker, Eugene, William Koch, Gianluca Stringhini, and Manuel Egele. “PayBreak: defense against cryptographic ransomware.” In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 599-611. ACM, 2017.