NIT5083 Enterprise Security Management For Malware Ransomware

The main motive for the attack of ransomware is that to collect money from the users. Other cyber attacks notify the user about the attack and there are instructions available about how to get rid of those attacks. However, the ransomware does not allow such processes (Sitting and Singh, 2016). The payment that is to be done after the attack is that they mainly demand Bitcoins so the identity of the attack is not known by the cybercrime investigators. The spread of ransomware is done mainly by email attachments, which infect the application software in the system, compromised websites, and attacks the external storage device of the system. Remote access protocols are used by the attackers and they do not use any other forms of user interaction (Smith, 2017). Highly knowledgeable scammers in system programming use the ransomware attack in a cyber attack. Email attachments are sent to users. If the user opens the files that are attached in the mail, their system gets corrupted and they lose the access to the files in their own system. This is the most common type of cyber attack in the modern world.

Increasing Problems

The rate of ransomware is seemed to be increasing with very high speed in the current digital world and it is being estimated that every organization is facing such attack in every forty seconds ("Kasperskycontenthub", 2017). Businesses around the world are facing ransomware attacks, more often and in every two minutes it is being estimated that one ransomware attack is making prey a business.

The businesspersons are generally paying attackers and this is increasing the interest of the intruders to more indulge in such activities and make more profit. Out of ten, six malware found in the systems were ransomware as reported by Malwarebytes (2017) and a rough presentation was presented of about 60% of malware payloads in the spam campaign and phishing attacks including the traces of another malicious coding.

Ransomware variants are expected to be 4.3 times new coding in 2017 than it was in 2016. It is becoming easier for the intruders to led digital extortion successfully and is being resisted very few. RaaS can be stated as the most contributing and crucial factor for the intruders to get success in their attempts and allowing the intruders with the very less technical knowledge to enter the system and get ransom (Kasperskycontenthub.com, 2017). Dharma and CrySis are another family of ransomware those are being upgraded by the programmers as the defence system is being evolved. According to the researchers, the ransomware variants seem to be grown thirty times from since 2015.

There is not any sector, which is untouchable of such intrusion and had to pay the ransom in a manner to get the access to their personal data and the information (Crowe, 2017). Following is a table that shows the quantity of sectors facing ransomware attack and had to pay the circumstances.  

One in four businesses is being hit by the ransomware attack those have more than 100 employees working in the organization. It was being reported by Barkly (2017) that among them 71% of the organization had to pay a large amount of ransom and 29% were only which, are escaped safely.

The Scam

WannaCry Ransomware Attack

This was one of the most popular attack of this decade those was responsible for the mass destruction. The properties of this attack were same as stated in the above report, but an additional software was used in this attack called ‘EthernetBlue' that allows the intruder to get access to the storage drives of the systems. This software was developed by a U.S. agency and was stolen by an intruder and sold to the black market (Mohurle and Patil, 2017). This was a much-planned attack in which intruder had implemented coding to execute the virus on the same network and spread on all over the internet. Malicious injection principle was used to inject the virus into the network that was reported to be started in a European organization. The main target of the intruders was the multinational companies, big hospitals, institutions, federals and much more (Chen and Brodges, 2017). Most of the organizations had to pay the ransom, however, very few of them were able to shut down the network before it is spread to all systems in the organization. It was reported that the virus was mostly affected the latest operating systems, Windows XP, Windows 7, and Windows 8 and among them, the most destroyed systems were the one with the pirated operating system. Thousands of systems were destroyed by this malicious virus and the most affected region was the Chinese Institutions as, most of the individuals over there were using services from the black market (Collier, 2017). The intruders were demanding Bitcoins currencies in the exchange of the cryptographic key for the encryption made by the virus over the files.  

The profit

WannaCry incident helps in understanding that it is very important to keep the operating systems updated with the latest version in a manner to stop any such intrusion. This is not limited to the latest version of the operating system, but it should be original too and protected by proper anti-virus and antimalware software. Mass destruction was made to the systems with the pirated operating system, so using latest and original is very crucial in a manner to keep the system from getting compromised (Batcheller et al., 2017). Most of the victims were not able to get the access to their files even after paying the ransom money; this led to the statement that ‘it is not important that the intruders will give the cryptographic key even after paying the ransom amount.’ Even after getting access to those files, some of the organizations were not confident that whether their data are compromised or not. This also states that no matter whether the access is gained or not, data might be compromised even after getting access to the compromised files (Martin, Kinross, and Hankin, 2017). There are ways to which we can turn the tables by encoding encryption for the files before uploading to the database, whether it stays in the system or transferred to the cloud. Whenever data is being compromised, it is not necessary that the files have not been compromised. Microsoft should have launched the patches earlier and should have estimated it earlier that such type of attack is coming. Providing update does not mean to provide patches for the past threats rather it should have a measure that could prevent the estimated threats and this estimation should be highly forward thinking.   

Impact of Paying Ransomware

Ransomware is capable of affecting the mass impact on the financial condition of the organization because of improper and insecure precautions taken against the malicious attacks. Following are the impacts of ransomware attacks that could potentially affect the financial condition of the organization:

Ransom cost paid: The amount that is being invested for gaining the access to the personal data and information to the intruder through Bitcoins is also a certain big amount of the money (Kshetri and Voas, 2017). On the other hand, it is being reported that the ransom amount has been doubled from last year. This is also promoting the intruders to be more indulging in such activities because of making money in less effort. Paying ransom never ensures the victim the data that is about to be restored, will be restored or not or whether the data is already compromised or not.  

Downtime Cost: This is an impact the organization might face whether it pays the ransom or not as the organization will have to face a loss that could be more affecting the business than paying the ransom value. A ransomware targeting the organization will lead to the loss of the reputation of the organization; it will have to face financial loss and reduced the satisfaction of the customers.

Encourage the attackers for next attempt: Paying the ransom amount will encourage the intruders to attempt to the different organization (Simmonds, 2017).

Impact of not Paying Ransomware

The loss of productivity and data: This is the case, which is being faced by more than fifty percent of the victims as most of the victims facing the problem of data loss when once targeted by ransomware attack. This could lead the organization to struggle in the market as it could lead to the loss of data and information related to the client and the operational activities and results in the business to be open.

Reputation effects: Not paying the ransom value will lead to the loss of data and information as the intruders will not provide the cryptographic key unless the ransom is paid (Sharma et al., 2016). This will lead to customers feeling less reliable on the organization and thus customers will feel insecure to provide information to the organization.

Manipulation of data: not paying ransom might lead to the expose of data to the competitors or in front of the world that will affect the organization in all the ways that could be expected.

Privacy and security issues: Expose or manipulation of data could lead to the several security and privacy issues for the clients and the organization’s employees and will lead to the reputation of the organization.

Mitigation Strategies

Following are the methods that could prevent such intrusion:

Proper education and training: This is one of the important factors in a manner to determine how the attacks could follow and prevent from suffering in future.

Data backup: There should be a backup strategy for the data and information related to the operational activities of the organization (Volynkin, 2017).

Restricting the execution of malicious codes:

The Malicious Codes unknown to the system or needs administrative permission will be blocked through this practice.

Updating software: Using updated firewalls, operating systems, and anti-malware could restrict the unauthorized user from getting access to the storage of the systems.  

Robust filtering: This could be very helpful in ensuring the organization that the chances of attacks have been reduced to the extent level.

Blocking attachments: Mails containing attachments should be blocked unless the sender is well known to the user (Krida, 2015).  

Practices related to the permission review: This will help the organization or enterprises to restrict the execution of codes that need an allowance from the administration to run the file.

Conclusion 

Based on the above and findings made through the research, it can be stated that ransomware is one of the most concerning topics related to the digital world. Ransomware once affected an organization will ultimately affect the reputation and other issues of the organization whether ransom is paid or not. However, there are certain measures those could effectively stop from letting it happen and affecting the working of the organization. Such intrusion leads to several losses related to the financial state of the organization and has the capability to drag the organization to closure. It is very crucial for the organization to keep its data and information saved and protected from any intrusion in a manner to maintain the reliability of the customers and keeping the progress of the organization as per the expectations and maintaining the rate of the organization. Using encryption for the files that are about to be saved into the database could be recommended in a manner to keep the data and information safe event after being compromised. Another recommendation can be introduced, as the organization should always use original and updated versions of the operating system, anti-virus, and anti-malware. This report presents the basics and extra technical knowledge on how these attacks proceed including the measures those could be helpful in ensuring the security. WannaCry can be stated as one of the greatest ransomware attacks and this report presents an idea about how the attack was moved on and what were the drawbacks of the systems of the different sectors that allows the virus to enter their network. The measures stated above could be helpful in ensuring that the data and information related to the operational activity of the organization and secure its reputation and financial status from such intrusion.

Finally, it can be stated that ransom should not be paid for ransomware attacks because paying the amount will no-doubt gain access to the data but there will be always a doubt of data compromise and expose of data. Discussions made in the above report concludes even after paying the ransom, the company will have to spent money for the downtime cost.   

References

Ali, A., (2017). Ransomware: A Research and a Personal Case Study of Dealing with this Nasty Malware. Issues in Informing Science and Information Technology, 14, pp.087-099.

Batcheller, A., Fowler, S.C., Cunningham, R., Doyle, D., Jaeger, T. & Lindqvist, U., (2017). Building on the Success of Building Security In. IEEE Security & Privacy, 15(4), pp.85-87.

Chen, Q. & Bridges, R.A., (2017). Automated Behavioral Analysis of Malware A Case Study of WannaCry Ransomware. arXiv preprint arXiv:1709.08753.

Collier, R., (2017). NHS ransomware attack spreads worldwide.

Crowe, J. (2017). Cyber Attack Statistics: Majority of Victims Aren't Changing Their Security in 2017. [online] Blog.barkly.com. Available at: https://blog.barkly.com/cyber-attack-statistics-2016 [Accessed 31 Oct. 2017].4

Ioanid, A., Scarlat, C. & Militaru, G., (2017), September. The Effect of Cybercrime on Romanian SMEs in the Context of Wanna cry Ransomware Attacks. In 12th European Conference on Innovation and Entrepreneurship ECIE 2017 (p. 307).

KASPERSKY_SECURITY_BULLETIN_2016. (2017). Kasperskycontenthub.com. Retrieved 31 October (2017), from https://kasperskycontenthub.com/securelist/files/2016/12/KASPERSKY_SECURITY_BULLETIN_2016.pdf

Kasperskycontenthub.com. (2017). Cite a Website - Cite This For Me. [online] Available at: https://kasperskycontenthub.com/securelist/files/2016/12/KASPERSKY_SECURITY_BULLETIN_2016.pdf [Accessed 31 Oct. 2017].

Kirda, E., (2015). Most Ransomware Isn’t As Complex As You Might Think Yes, we should be able to detect most of it. DIMVA.

Kshetri, N. & Voas, J., (2017). Do Crypto-Currencies Fuel Ransomware?. IT Professional, 19(5), pp.11-15.

Martin, G., Kinross, J. and Hankin, C., (2017). Effective cybersecurity is fundamental to patient safety.

Mohurle, S. & Patil, M., (2017). A brief study of wanna cry threat: Ransomware attack 2017. International Journal, 8(5).

Proofpoint.com. (2017). Cite a Website - Cite This For Me. [online] Available at: https://www.proofpoint.com/sites/default/files/proofpoint_q4_threat_report-final-cm.pdf [Accessed 31 Oct. 2017].

Sharma, M.P., Zawar, M.S. & Patil, S.B., (2016). Ransomware Analysis: Internet of Things (IoT) Security Issues, Challenges, and Open Problems Inthe Context of Worldwide Scenario of Security of Systems and Malware Attacks. Int. J. Innov. Res. n Sci. Eng, 2(3), pp.177-184.

Simmonds, M., (2017). How businesses can navigate the growing tide of ransomware attacks. Computer Fraud & Security, 2017(3), pp.9-12.

Sittig, D.F. & Singh, H., (2016). A socio-technical approach to preventing, mitigating, and recovering from ransomware attacks. Applied clinical informatics, 7(2), p.624.

Smith, J., (2017). Ransomware Incident Response for Law Enforcement (Doctoral dissertation, Utica College).

Smith, M., (2016). Ransomware attack forces Michigan utility to shut dow n systems, phone lines, email. Network World.

Volynkin, A. (2017). Ransomware: Best Practices for Prevention and Response. [online] Insights.sei.cmu.edu. Available at: https://insights.sei.cmu.edu/sei_blog/2017/05/ransomware-best-practices-for-prevention-and-response.html [Accessed 31 Oct. 2017].

Yaqoob, I., Ahmed, E., ur Rehman, M.H., Ahmed, A.I.A., Al-garadi, M.A., Imran, M. & Guizani, M., (2017). The rise of ransomware and emerging security challenges in the Internet of Things. Computer Networks.