One day, operations and processes in an organization can be running well and then suddenly; employees cant access files or documents, or use their Information System (IS) resources. The only way to access these crucial resources is if some entities are paid ransom money, in a way that they cannot be traced, such as payments using digital krypto currencies such as BitCoin. This type of malware is known as Ransomware; it is a malicious software that hijacks access credentials and threatens to perpetually block access to, or expose the victim’ s personal information and/ or data. For example, it can take control of the financial details of customers in a financial institution and demand that the institution either pays a ransom or the customer information will be exposed, inviting further lawsuits to the firm (Kharraz et al., 2015). Ransomware is a form of cryptovirology; they range from simple forms that lock IS systems, but which can be reversed by someone with adequate skills and knowledge to more complex and advanced forms that employ crytptoviral extortion where the victims’ resources, files, and data are encrypted in a way that they cannot be accessed, just like for encrypted files being transferred.
The attackers then demand to paid ransom before they can decrypt the files or send the decryption keys so they can continue using the data. Usually, the ransomware attacks are undertaken using vectors such as Trojans where a seemingly perfectly normal file, software, or document is used to carry the ransomware. The user is then tricked into downloading or opening the file, and setting off a devastating chain in which the malware rapidly multiplies over a network, taking over files and documents and encrypting them such that the organization or users cannot access the files unless they pay a ransom. There are also varieties of sophisticated malware that can travel between computers and networks without human mediation and still cause damage (Palien, 2016). This paper discusses the concept of ransomware; the paper begins by discussing the background to this form of malware attack with respect to where and how it has been experienced and then goes on to discuss the risks and security concerns of ransomware. The paper then discusses some of the strategies that can be used to mitigate and address the security concerns and risk of ransomware before discussing future trends and drawing conclusions
The attacks by malware that shut users with access credentials from accessing various IS resources is the phenomenon of Ransomware cyber attacks, and it appears anyone can be hit, from the UK national Health Service (NHS), to international business headquartered in the US and Europe, global energy giants such as Rosneft of Russia, global shipping giant Maersk, global pharmaceutical giant Merck of the USA, the Auchan Group, a French retailer and BNP Paribas (The Real Estate division). These are just firms that have been hit by massive ransomware attacks this year (2017). In the Ukraine, organizations were particularly hard hit, with government offices, banks, the metro system of Kiev and the national postal service being victims of massive ransomware attacks (Larson & Mullen, 2017). Even environmental and safety services have not been spared with the monitoring system for the Chernobyl nuclear reactor monitor being targeted. Manufacturing company Mondelez has also reported attacks to its manufacturing plants located in New Zealand and Australia becoming victims of ransomware attacks. The companies attacked demonstrate a deadly form of malware attacks that has a global reach and can breach the security systems of major multinationals that would be expected to have some of the biggest investments in cyber security and best mitigation and defense systems, especially relating to technical preparedness. Further, research shows that 99% of ransomware are designed to target Microsoft systems, which is the dominant operating system in the world (Forrest, 2017). This has helped its explosive growth as they are designed to attack the most popular operating system used by majority of people in the world; this fact further exacerbates the problem and threat of ransomware, whose growth has been explosive in recent years.
At present, the leading cyber/ IS security risks include phishing and ransomware; with phishing being the most important risk, according to a survey (Perez, 2017). However, the explosion of ransomware attacks and its impact make it a major security concern for all organizations using IT systems. To recap, ransomware is a form of malware attack in which the browser or desktop on computer systems and files are taken over by the malware and a ransom demanded before these resources can be released and access allowed. Using high pressure techniques, the criminals are able to extract payments from the victims, including by making the infected files and data encrypted such that they cannot be recovered, using threats of revealing the captured data to the public, or instilling fear in users by claiming to be members of the law enforcement community and threatening their prosecution, for instance, if the captured data would show financial impropriety or criminal acts (Leveille, 2014). The criminals that hijack IS systems also use methods such as the threat of increasing the payment amount as time progresses before the victims pay, rendering machines incapable of booting by overwriting the MBR (master boot record) and encrypting sections of the hard disks. The attackers also employ methods in which they threaten to erase all the captured files, rendering enterprises unable to operate (Rains, 2016).
The fact that attackers can take control of the IS systems of an organization and use such aggressive methods to demand ransom demonstrates the seriousness and threats that ransomware pose to organizations in a world that is increasingly using IS and network infrastructures. The high profile cases involving large multinationals has increased concerns about this form of malware across the IT and business industry. While attackers are have profit as their main motivation, the underlying reasons as to why they have so far targeted specific firms, organizations, and industries are not very straight forward, and this poses new dilemmas and challenges. Attackers may be targeting specific organizations and and industries using ransomware or simply leveraging their abilities in exploiting specific IS vulnerabilities or specific business application lines that are used primarily or heavily by specific industries or organizations. This creates another risk in which competitors, former employees that are disgruntled, or organized criminal gangs, can target specific companies for revenge or work at the behest of competitors to bring down a specific business or industry. The business environment is highly competitive and events such as spoiled reputation, for example, when personal client information becomes exposed to all and sundry can greatly damage the reputation of an organization, while giving the competitors an edge; such risks are not far fetched.
Microsoft Data (Security Intelligence Reports) show that on a global scale, there has been much less encounters with ransomware compared to other threats such as Trojans. However, ransomware becomes a major threat because of its risk, when the combined factors of probability and impact are considered (Rains, 2016). Ransomware has evolved rapidly and become more sophisticated, and will likely pose greater challenges in future. Because the attack vectors for ransomware are many, including through e-mail, social engineering such as using MS Word and Excel macros, removable devices for storage, as well as drive by download attacks, ransomware is an IS security nightmare. Further, its risks profile is multiplied by the probability; one does not need to be a security expert or skilled programmer to launch a ransomware attack; the development of RaaS (ransomware as a service) in the dark web means anybody can access it and launch attacks, especially to specific organizations and industries. Examples of such ransomware include the Enrume and Sarento families of ransomware. Further, ransomware is becoming increasingly paired with other exploit kits, for instance with Axplerge/JS (aka angler) or with other malware to achieve persistence in the IS environments of the victims (Rains, 2016). Further, more distribution points can be used to initiate ransomware attacks and this means more enterprises are encountering these attacks as shown in the figure below where more non-domain attack points are being used.
The result is an increase in the encounter rates for ransomware attacks. Sophisticated ransomware attacks employ the technique of encrypting as many critical data and files of their victims as possible, rendering operations impossible. This is achieved by encrypting data in as many devices and infrastructure as possible, using tricks such as exploiting vulnerabilities that have not yet been patched. The threats ransomware attacks pose in terms of risk and security concerns are, therefore, huge and increasingly important. Ransomware will not only affect the organizations they attack, but also their clients; for instance, an attack on a financial institution will have the result of exposing client financial information that can expose those engaging in financial impropriety. It also leads to loss of reputation (and businesses) of companies, as well as causing financial losses and severely affecting operations. The financial losses can be huge; for instance, FedEx estimates an attack on its newly acquired unit (TNT Express) by the NotPetya ransomware cost the company about $ 300 million,which is very significant (Lawler, 2017) https://www.engadget.com/2017/09/21/fedex-ransomware-notpetya/ . Ransomware attackers that seek to gain control to an organization’s entire IS infrastructure will seek to deny victims access to their backups, increasing the victim’s motivation to pay a ransom. Ransomware employ strong encryption algorithms such as the 256 bit AES, that would take forever, or be almost impossible for the victim to decrypt. The impact of such attacks can be severe, especially given that the victim is unable to restore her backups; intellectual property can be lost, customer data, and financial records could be lost as well, having irreversible financial records. Thus ransomware, despite still not being experienced large scale, is a deadly form of attack with a very huge impact and consequences for organizations
Because of its high impact, organizations must do more to contain ransomware attacks; precaution and measures must be undertaken to defend from ransomware attacks. Protecting against ransomware attacks entail employing basic computer hygiene;
Conclusions and Future Trends
Ransomware is a type of malware that attacks the victims IS and denies them access; it can attack the desktop, web interfaces, or entire networks. While its encounter rate compared to other forms of malware is still low, its more deadly considering its impact. It can lead to loss of sensitive data, loss of reputation in case pf leaks, and massive financial losses, along with permanent loss of data and intellectual property. Already, it has targeted multinationals like FedEx, BNP Paribas, the NHS, Rosneft with huge impacts. The future looks bleak with regard to Ransomware; they are, and will continue to be more sophisticated, and are evolving very quickly. It will become just another tool for hackers, more attacks will be designed for public shaming of victims, it will become a tool for revenge and more will be designed without executable files to further avoid detection (‘Tripwire’, 2017), (Liska, 2017). Webmail and security providers will be targeted by ransomware spam campaigns, although it will not develop to attack Internet of things (IoT) devices or the cloud (Liska, 2017).
References
Delaney, D. (2016). 5 Methods For Detecting Ransomware Activity. [online] NetFort. Available at:
https://www.netfort.com/blog/methods-for-detecting-ransomware-activity/ [Accessed 23 Sep. 2017].
Forrest, C. (2017). Report: 99% of ransomware targets Microsoft products. [online] TechRepublic. Available at:
https://www.techrepublic.com/article/report-99-of-ransomware-targets- microsoft-products/ [Accessed 23 Sep. 2017].
Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., & Kirda, E. (January 01, 2015). Cutting the Gordian Knot: A Look Under the Hood of Ransomware Attacks. In: Almgren M., Gulisano V., Maggi F. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2015. Lecture Notes in Computer Science, vol 9148. Springer, Cham
Larson, S. and Mullen, J. (2017). Global cyberattack: What you need to know. [online] CNNMoney. Available at:
https://money.cnn.com/2017/06/28/technology/ransomware-attack-petya-what- you-need-to-know/index.html [Accessed 23 Sep. 2017].
Lawler, R. (2017). FedEx estimates ransomware attack cost $300 million. [online] Engadget. Available at:
https://www.engadget.com/2017/09/21/fedex-ransomware-notpetya/ [Accessed 23 Sep. 2017].
Lee, J. K., Moon, S. Y., & Park, J. H. (July 01, 2017). CloudRPS: a cloud analysis based enhanced ransomware prevention system. The Journal of Supercomputing : an International Journal of High-Performance Computer Design, Analysis, and Use, 73, 7, 3065-3084.
Leveille, M.-E. M. (2014). TorrentLocker: Ransomware in a country near you. Sydney: ESET.
Liska, A. (2017). 7 Ransomware Trends to Watch for in 2017 | Recorded Future. [online] Recorded Future. Available at:
https://www.recordedfuture.com/ransomware-trends-2017/ [Accessed 23 Sep. 2017].
Luo, X., & Liao, Q. (January 01, 2007). Awareness Education as the Key to Ransomware Prevention. Information Systems Security, 16, 4, 195-202.
Pailen, L. M. B., & IStock and Adobe. (2016). Super cybersecurity Grandma: Episode 1 – Phishing and ransomware. Jastin Enterprises, Charleston, SC : CreateSpace Independent Publishing Platform
Perez, T. (2017). Phishing and Ransomware Leads Security Concerns for Organizations | PerezBox. [online] PerezBox. Available at:
https://perezbox.com/2017/08/phishing-ransomware-leads- security-concerns-organizations/ [Accessed 23 Sep. 2017].
Pope, J. (January 01, 2016). Ransomware: Minimizing the Risks. Innovations in Clinical Neuroscience, 13.
Rains, T. (2016). Ransomware: Understanding the Risk. [online] Microsoft Secure Blog. Available at:
https://blogs.microsoft.com/microsoftsecure/2016/04/22/ransomware-understanding-the- risk/ [Accessed 23 Sep. 2017].
‘Tripwire’ (2017). What Does the Future Hold for Ransomware?. [online] The State of Security. Available at:
https://www.tripwire.com/state-of-security/security-data-protection/what-does- the-future-hold-for-ransomware/ [Accessed 23 Sep. 2017].
Wecksten, M., Frick, J., Sjostrom, A., & Jarpe, E. (October 01, 2016). A novel method for recovery from Crypto Ransomware infections. 2016 2nd IEEE International Conference on Computer and Communications (ICCC). 1354-1358.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download