MN502-Potential Threats and Mitigation Tools for Ransomware
A. Introduction about ransomware and their impacts on the society
B. Discussion of any five variants of ransomware (Consider some recently developed ransomware)
C. The working mechanism of ransomware
D. Potential threats posed by ransomware
E. Case study of at least one recent attack carried out by the ransomware
F. Recommendations on any two mitigation tools to tackle the ransomware attack and discuss the effectiveness of the selected tools
G. Summary
H. References in IEEE Transactions on Networking style
Answer:
Introduction
The world of today has grown so much where we have technology advancements trending each and every day globally. The advancement in technology has resulted to high risks of system being hacked as the hackers and crackers have really increased in number. There are so many risks, threats as well as attacks that are set for attacking a given target, Program in a computer or the files in the computer. Some of the attacks and threats that are normally known are such as theft, virus, worms, phishing in emails and other type of malicious software’s. In this concept the major is on the ransomware malware which has grown and evolved very fast in the modern applications and technologies. Ransomware is a type of malicious software which has been designed by hackers that blocks the access to system of the computer and one can only regain it if he or she pays the needed ransom of money within the given period failure to which may lead total damage to the files. Many are times have been seen to be only affecting the individuals but nowadays they are majoring even business and it attaches itself just like a normal does when entering in to computer system.
This type of malicious software has been known for locking down the data unless a ransom is paid and hence giving us the name ransomware. The first one was known to have hit the scene in the late 2013. Ransomware came as a results of both the education that had been improved when using computers and the work of both the professionals in security associating themselves with the antivirus companies. Just like many malwares this malware called ransomware infects the computers maybe through clicking the links which are unsafe and downloading programs which are unsafe. This links can be found in computers emails, torrents, botnets or all other forms of transmission. This type of malware does not get to be removed from the computer even when the bios is flashed or the hard disk drive is wiped completely or even when one attempts to return to a prior restore point. [1]. The program will only lock itself in the files making them not able to be accessed and thus looking like they are encrypted.
Ransomware Impacts to the society
Most of the people consider ransomware to be a malicious software that targets only the few individuals and forgetting that they also affect the business which have led negative consequences affecting the entire organization and the surrounding society. The negative impacts that may befall an organisation due to ransomware includes
- Disruptions of all regular operations.
- A company may lose its data temporarily or even permanently and in other cases the information that is proprietary
- There is occurrence of some financial losses that may come as a result of system restoration.
- The organisation reputation maybe harmed potentially and this may create a bad image to the surrounding society.
All the above impacts are with regards to the business, however as ransomware affects it has been affecting other areas such as the transport and health industry and this has made it to be very hard to eliminate making the servers and computers not to be functional hence rendering one to have no access to the medical records in the health industry [2].. The following are some of the impacts that befall the health sector and that are caused by attacks such as ransomware.
- Lacking the access to the history of medical of any given patient
- Medical record of the patients becoming unavailable
- Results in the lab being delayed
- Lab results stalled for some moments
- Prescriptions being postponed as the program for ordering online is not available
- To monitor the PCs is impacted highly
- Rising of all controversies to potential relations in publics.
Ransomware Variants
Ransomware are mostly attached to emails especially when phishing, they are attached on emails where one can have associated links and incase one click it, then it might be harmful to the machine. Another area or section such malicious software affects the personal computer is when a drive is downloading from untrusted source. When the ransomware attaches itself in to your machine or computers then it takes control of the files in the machine by encrypting all the files. Ransomware behaves just like a virus and as they affect the files, one will start to receive messages that are intimidating, threatening one to pay a given amount of money (Ransom) and if one fails to pay the given amount of money within the given which may be 48 hours or 72 hours then may lose the files completely.
Proliferation of variants is manifested in many ways and some of them are as classified below.
There are two major variants of ransomware named as the lucrative and the desctructive variants which lated initiated others.
Xorist, CryptorBit and Cryptolocker Ransomware variant
The three variants that initiated from the major two were Xorist, CryptorBit and Cryptolocker. The three variants are known for decrypting themselves to not only the files but also to the devices even those that are shared within the network. The reasons to why they are lucrative and destructive is because the encrypt in to files of the user by making them look as if they are useless until when the hacker or the criminal behind the attack receive the asked ransom.
Locky Ransomware variant
.Two years another destructive variant was observed which infected many user computer that belonged to the health industry and hospitals in America, Europe and Asia. The locky ransomware attached itself as a spam in the emails which included some malicious document like office documents which could maybe compressed such as the RAR or ZIP files. The locky ransomware variant was said to be associated with an attachment that had files or macros in formats of java scripts that helped them to download the files of Locky ransomware.
Samas Ransomware Variant
The fifth ransomware variant is Samas which was applied to comprise the networks of health facilities. It was known for attaching itself to the servers such as the web servers and Domain Name server unlike in the case of the Locky ransomware variant [3]. They webserver after being comprised by the Samas ransomware will upload all the used files in the network where they will be shared to all the devices connected to the network.
How Ransomware work or infects the System
The various ways through which a virus can be attached to the system is the same way a ransomware will attach itself to the computer programs. The only difference is in ransomware a ransom is requested upon which payment is done the hacker releases the program and decrypts the encrypted files.
The figure below shows how the system behaves when it is under ransomware attack. The software may land in one computer when phishing in emails or downloading from dangerous or untrusted sources which are seemed to be malicious. The ransomware will do an exploitation to the operating system checking all it flaws and hence will know which code to attach so that he can harmful the computer, the programs or any running application.
Figure 1 bitcoin registration so that one can pay the ransom
After it attaches itself to the machine the ransomware will encrypt all the files in the computer while in other situation jumbling to an extent the files will no longer exist and hence not readable and finally refusing to give the key for decrypting the encrypted files.
Figure 2 paying the ransom for decryption
The hacker will have full access to your system as one cannot access any file and for the user to access the files he or she will have to pay the asked amount which is always asked in a currency that is anonymous like the use of Bitcoins [4].
Figure 3 the message after payment
Ransomware Threats
There are many threats that are brought about by its attack before or even after. In this case the infection vector and additional capability threats are as discussed below.
Additional Capabilities are some of the features of the of ransomware that have led to expansion of very high rates which may include the infiltration of data , Denial of Service attacks which are distributed all over the system and some of the antidetection components in the system. The variant may be used for deleting the files even when one has paid for ransom. Lastly on additional capabilities is the lock down on the backups of the cloud where the system will continuously backup in the real-time or when synchronization of the system is taking place. They also affect the smart phones and the devices used in the Internet of Things.
Infection Vectors is a threat that is imposed by the user themselves as they are propagated through what the actions initiate knowingly and unknowingly such as when we click any link that might be malicious. These links might be found on the email spams or when a click takes you to a compromised website. The other instances that may disseminate threats is when there malvertising and downloading by the drive which will not require the user in engaging when the infection is said to be successful [5].
San Francisco Municipal Transport Agency
There has been a lot of attacks from ransomware which have been reported while others have not been reported. Locky is one of the commonest ransomware variant that have used a lot varieties of ransomware with evident from the research study done by Phishme. In 2016 SFMTA became a victim of locky ransomware which led to disruptions of their management systems that is the train and the bus. The attackers were so ruthless and they asked amount over 100 bitcoins which was about over 75, 000 dollars [6]. The biggest advantage is that there was speedy backup system that backed up all files for SFMTA in two days and a comprehensive restore was achieved. They incurred some losses for the two days when the system was down travelers did not pay anything. They were riding for free. The attack was researched and termed as Mamba.
Ransomware Risk Mitigations
The first mitigation will be installing a popup blocker where the is need to have an extension at the browser that will be used in helping to block the third party popup ads and keeping the computer and running programs safe. Some ads risks may be addressed when downloading on the drive duping it when clicking in to website that is malicious and making it harmless.
The other mitigation is to disable the windows PowerShell. Many perps may attach the functionalities of the windows in PowerShell where they will deploy their attacks there. Many organizations such as health industry have been victims of ransomwares such as the crypto which are used when doing automation and configuration of management frameworks such as downloading the infected files from the server that is in a remote place and doing the execution of the bad scripts. The use and adaption by disabling the windows PowerShell will be used in helping the malware code to evade being detected by the antivirus hence creating some tricks in preventing the malware from attacking.
Summary
In the research the main aim was to discuss the overview in network security where the major was ransomware attacks. This type of a malicious software have been so common in the modern world as the technology advances every day. The impact of ransomware has been said to be lucrative and so destructive. There are three major variants of ransomware namely the CryptorBit, Xorist and the Cryptolocker. There are threats that have been potentially posed by ransomware and this has resulted to negative impacts to the different organisations and to the entire society. In conclusion the report has explained the way a ransomware attack infect a machine and some of the risk mitigations to be recommended to help in preventing such attack and how effective they may be if applied.
Buy MN502-Potential Threats and Mitigation Tools for Ransomware Answers Online
Talk to our expert to get the help with MN502-Potential Threats and Mitigation Tools for Ransomware Answers to complete your assessment on time and boost your grades now
The main aim/motive of the management assignment help services is to get connect with a greater number of students, and effectively help, and support them in getting completing their assignments the students also get find this a wonderful opportunity where they could effectively learn more about their topics, as the experts also have the best team members with them in which all the members effectively support each other to get complete their diploma assignments. They complete the assessments of the students in an appropriate manner and deliver them back to the students before the due date of the assignment so that the students could timely submit this, and can score higher marks. The experts of the assignment help services at urgenthomework.com are so much skilled, capable, talented, and experienced in their field of programming homework help writing assignments, so, for this, they can effectively write the best economics assignment help services.
