SlideShare a Scribd company logo

Ransomware: Attack, Human Impact and Mitigation

Maaz Ahmed Shaikh
Maaz Ahmed Shaikh

This document discusses ransomware attacks, including their history, impact, and mitigation strategies. It provides an overview of common ransomware types and how they work. Statistics are presented on organizations and countries most affected by ransomware. The COVID-19 pandemic is noted to have increased ransomware attacks by exploiting remote work vulnerabilities. Effective mitigation involves backups, antivirus software, user training, and following best practices if a ransomware attack occurs.

Engineering
1 of 5
Download to read offline
Ransomware: Attack, Human Impact and Mitigation Maaz Ahmed CSIT Department, NED UET NED UET Karachi Pakistan maazshaikh437@gmail.com Waqas Ahmed CSIT Department, NED UET NED UET Karachi Pakistan waq.ahmed01@gmail.com Sheroz Khan Department of Telecommunications, IICT MUET Jamshoro Pakistan sherozk867@gmail.com Abstract - Ransomware is one of the types of malware which is the result of sophisticated effort to compromise the modern computer structures. In this paper we examine the current history of ransomware and its growth to the recent form of large-scale ransomware attacks (ones that interrupt whole organizations). Within that timeframe, public reporting, articles, and news media reporting on large- scale ransomware attacks is reviewed to create an experimental analysis of ransom payments, circumstances that led to those payments, and if data was eventually recovered through a literature study for the people victimized by ransomware. Increasing threats due to ease of transfer of ransomware over internet are also talk over. Finally, low level awareness among company professionals is confirmed and reluctance to payment on being a victim is found as a common trait. Keywords- Ransomware; Extortion; Malware I. INTRODUCTION Ransomware is a type of malware that creates files on a victim’s computer isolated and then demands the victim to pay a ransom (commonly in the method of bitcoins) in order to recover access to the lost files. In 2013, the first popular conventional ransomware called Crypto locker spread through the Internet [1]. Since then, the threat and danger has grown-up and is now a common-place incident constructing headlines regularly. Among the concerns that are frequently expressed is the ethical concerns of giving ransoms and how persons who do pay are merely funding the next attacks. On one hand, limited the profitability of such attacks would lessen their occurrence. On the other hand, it would need organizations to agree the permanent loss of data or to be potentially shut down permanently. II. IMPACT OF RANSOMWARE: Generally, ransomware attack is seen from the prism of business, commercial and financial environments. The ransom is monetary, and the costs involved with recovery are monetary [1]. Ransomware utilizes techniques to inforce victim into paying the demanded quantity in Bitcoins (usually undetectable Crypto Currency) or providing personal information. Still, there are many times in which files aren't decrypted even after a charge has been paid. The ultra-modern consensus is that ransomware maintains in vital categories which may be crypto and locker [2]. This contains that the victim retaining of the laptop machine is done by way of both encrypting documents and locking the computer or by either one of them. In a subset of cases, a ransom payment may mean the difference among a business continuing to exist or to close. There are also other non-financial interests to consider. A modern study into the effects of ransomware attacks on hospitals indicated that hospitals that suffered breaches as well as ransomware frequently had longer times to given that critical services that has led to a measurable growth in mortality rates of those services compared to those that did not suffer a breach or ransomware infection. Government organizations were more likely to not pay the ransom as finish is not a possible effect for them. There is also the individual impact of executives in charge of IT or IT security on their future careers and the intangible costs to organizations for reputational damage that may occurs as being identified as a victim of ransomware [1]. Although difficult to calculate, those making selections in addressing ransomware have the clear real costs mentioned above, they are likely to involve in choices that do not badly disturb their employability or company’s future reputation unnecessarily. It is practical to accept the cause that most public reports for ransomware attacks involve certain industries is that many have no choice to report International Journal of Computer Science and Information Security (IJCSIS), Vol. 18, No. 12, December 2020 73 https://sites.google.com/site/ijcsis/ ISSN 1947-5500
and have the capability to hide the disruption from the public, thus they have no reason to reveal. III. ANALYSIS: Targets which can, from the attacker’s opinion, be seen as feasible targets are a minor subset of the total group of victims. Feasible targets are victims who have lost important data, need the technical skills to make a payment and are also ready to do so. It can consequently be assumed that most ransomware distributors use a ‘shotgun approach’ in the hope of finding some feasible targets and, in practice, create a lot of cyber damage. The Internet provides the key role in pressing threat for easier spread of ransomware. Some of the statistics of Ransomware highlights the interesting variations. Revealing about their focus where they see greatest opportunity for return, and also variations in countries in their ransomware defenses [ 4]. Figure 2. Organization Hit Ransomware Figure 1. Countries Hit Ransomeware Figure 3. Countries Paid Ransomware 60% 56% 55% 54% 50% 49% 49% 48% 46% 45% MEDIA,LEISURE, ENTERTAINMENT IT,TECHNOLOGY, TELECOMS ENERGY,OIL/GAS, UTILITIES OTHER BUSINESSAND PROFESSIONAL… CONSTRUCTION ANDPROPERTY RETAIL, DISTRIBUTION… FINANCIAL SERVICES MANUFACTURING ANDPRODUCTION PUBLICSECTOR PERCENTAGE OF ORGANIZATIONS HIT BY RANSOMWARE IN THE LAST YEAR 82% 65% 63% 60% 59% 58% 57% 55% 53% 52% 49% 48% 48% 45% 42% 41% 40% 39% INDIA BRAZIL TURKEY SWEDEN U.S. MALAYSIA GERMANY NETHERLANDS SPAIN FRANCE UAE UK AUSTRALIA CHINA JAPAN ITALY SINGAPORE CANADA PERCENTAGE OF COUNTRY HIT BY RANSOMWARE IN THE LAST YEAR 66% 50% 31% 28% 28% 25% 22% 19% 16% 15% 13% 13% 12% 12% 11% 6% 4% INDIA SWEDEN JAPAN BRAZIL SINGAPORE U.S. NETHERLANDS FRANCE UAE CHINA MALAYSIA UK GERMANY AUSTRALIA CANADA ITALY SPAIN COUNTRIES THAT ARE PAID RANSOMEWARE International Journal of Computer Science and Information Security (IJCSIS), Vol. 18, No. 12, December 2020 74 https://sites.google.com/site/ijcsis/ ISSN 1947-5500
IV. RANSOMWARE ATTACKS TYPES, WORKING FUNCTIONALITIES TABLE I. TYPE TYPE WANNACRY Cryptowarm GRANCRAB Ransomware-as-a-Service (Raas) SAMSAM Automated Active Adversary DHARMA Automated Active Adversary BITPAYMER Automated Active Adversary RYUK Automated Active Adversary LOCKERGOGA Automated Active Adversary MEGACORTAX Automated Active Adversary ROBBINHOOD Automated Active Adversary SODINOKIBI Automated Active Adversary NETWALKER Ransomware-as-a-Service (Raas) TABLE II. PRIVILEGES ESCALATION PRIVILEGES ESCALATION WANNACRY Exploit GRANCRAB Credentials SAMSAM Credentials DHARMA Credentials BITPAYMER Exploit RYUK Credentials LOCKERGOGA Credentials MEGACORTAX Credentials ROBBINHOOD Credentials SODINOKIBI Exploit NETWALKER Exploit TABLE III. CIPHER CIPHER WANNACRY No GRANCRAB No SAMSAM No DHARMA No BITPAYMER No RYUK No LOCKERGOGA Yes MEGACORTAX Yes ROBBINHOOD No SODINOKIBI No NETWALKER No TABLE IV. FILE ENCRYPTION FILE ENCRYPTION WANNACRY Copy, in place GRANCRAB In-Place SAMSAM Copy DHARMA Copy BITPAYMER In-Place RYUK In-Place LOCKERGOGA In-Place MEGACORTAX In-Place ROBBINHOOD Copy SODINOKIBI In-Place NETWALKER In-Place TABLE V. RENAME RENAME WANNACRY After the attack GRANCRAB After the attack SAMSAM After the attack DHARMA After the attack BITPAYMER After the attack RYUK After the attack LOCKERGOGA Before the attack MEGACORTAX Before the attack ROBBINHOOD After the attack SODINOKIBI After the attack NETWALKER After the attack TABLE VI. ENCRYPTION BY PROXY ENCRYPTION BY PROXY WANNACRY No GRANCRAB Yes SAMSAM No DHARMA No BITPAYMER No RYUK Yes LOCKERGOGA No MEGACORTAX Yes ROBBINHOOD No SODINOKIBI No NETWALKER No International Journal of Computer Science and Information Security (IJCSIS), Vol. 18, No. 12, December 2020 75 https://sites.google.com/site/ijcsis/ ISSN 1947-5500
V. RANSOMWARE ATTACKS IN COVID-19 After the 1st quarter of 2020 the entire world is facing COVID-19 pandemic situation and all the organizations regardless that they are public or private, were forced to shift their approach to work from home. This surge in users results in the internet world being turned into an open ground for attackers to testing with malicious tools and to exploit on the organizations with weaker cyber security controls. A massive amount of ransomware was attacked in 2020. This increase is due to a combination of weaker controls on home IT and a higher likelihood of users clicking on COVID-19 themed ransomware lure emails given levels of anxiety [6] Some of the attacks are given below: • ColdLock Ransomware • RangarLocker Ransomware • Maze Ransomware • DopplePaymer Ransomware • Nemty Ransomware And many others had hits the OT/IT market to disturb them. VI. MITIGATION OF THE RANSOMWARE Mitigation of the ransomware can be performed in several ways: Off-site backups, capable anti-virus software and user training [3]. And the point has come forward that awareness of basic cyber security best practices is particularly low. As such it looks that a lot of improvement can be prepared by educating computer users of how to create safe backups and how to identify threats on the internet. It is also becoming apparent that in a commercial setting mostly users will assume that any computer problem is the responsibility of the IT department. Whilst this notation is indeed acceptable to some extent, but this attitude has also leads to carelessness and irresponsible behavior. Therefore, firms could most certainly benefit from training their employees in basic cyber security practices. VII. IF YOU ARE THE VICTIM OF RANSOMWARE ATTACK: If you suffer a ransomware attack, you must to understand that all credentials currently on these endpoints are now available to attackers, whether the accounts linked with them were active during the attack or not. Determining the effect of a ransomware attack will not be sufficient because threat performers are identified to change their tools and methods once they can identify their victims’ detection abilities. After primary identification has been done the following steps are necessary: • Quarantine affected system as soon as possible by eliminating the systems from the network or shut down to stop more ransomware attacks all over the network • Quarantine or Shut down the affected devices that have up till now to be completely corrupted to gain more time to clean and recover data • Starting backup data and System offline instantly • All account and network passwords will be change, when the ransomware is removed from the devices/system, you must to change all devices/system/network passwords again. I was found a website on internet i.e. https://www.nomoreransom.org/ this website was providing decrypting software free of cost and even though you do not know about the ransomware, you have to just upload a file that was encrypted if there is a decrypting software is available for that encryption technique they will provide it to victim. VIII. CONCLUSION: Cybersecurity at that time, faces many type of threat and risk coming regularly from consciously done malware and Cyber-attacks. There are quite a lot of incidents of cyber threat to era and it has on the go disturbing more vital zones such as medicine, energy etc. The latest infamous form of cyber threat is ransomware and this is aiming different zones because it is sophisticated and is an undetectable way to get “easy” money via compromising devices and extorting multimillion budget organizations [2]. The transfer of malware has become easy with increasing Internet based facilities and services. In company environments, high irresponsibility of the employees and dependence on the IT department for malware attacks is confirmed. [3] Hackers have already started to move attention on industries using ransomware nature of attack. Taking access to industry and processes, cyber attackers could become riskier due to the interruption they may impose on the businesses which in turn, may effect to vital procedure and human security of the organizations. Information security International Journal of Computer Science and Information Security (IJCSIS), Vol. 18, No. 12, December 2020 76 https://sites.google.com/site/ijcsis/ ISSN 1947-5500
around the world is not sufficient to handle these cyber-attacks and malware, if infection of ransomware spread extremely across the world. The best example of it is WannaCry ransomware that has been attacking worldwide and was only stopped after frequent times of trials by cyber security specialists [5]. However, researching the nomenclature and strategies it is might be possible to be prepared at hand. We could apply those techniques and strategies for defensive and preventive countermeasures and move one step forward. REFERENCES: [1] Bambenek J.C., Bashir M. (2020) Ethics, Economics, and Ransomware: How Human Decisions Grow the Threat. In: Corradini I., Nardelli E., Ahram T. (eds) Advances in Human Factors in Cybersecurity. AHFE 2020. Advances in Intelligent Systems and Computing, vol 1219. Springer, Cham. [2] Maxwell Mago and Farai Fransisco Madyira, “Ransomware Software: Case of WannaCry,” International Research Journal of Advanced Engineering and Science, Volume 3, Issue 1, pp. 258-261, 2018. [3] Rhythima Shinde, Pieter Van der Veeken , Stijn Van Schooten and Jan van den Berg “Ransomware: Studying Transfer and Mitigation” 2016 International Conference on Computing, Analytics and Security Trends (CAST) College of Engineering Pune, India. Dec 2016 [4] Sophos “THE STATE OF RANSOMWARE” https://secure2.sophos.com/en-us/content/state-of- ransomware.aspx . [Accessed 10/05/2020]. [5] Usman Javed Butt, Maysam Abbod, Anzor Lors Hamid Jahankhani, Arshad Jamal, Arvind Kumar “Ransomware threat and its impact on SCADA” 2019 IEEE 12th International Conference on Global Security, Safety and Sustainability (ICGS3) [6] David Ferbrache “The rise of ransomware during COVID-19” https://home.kpmg/xx/en/home/insights/2020/05/rise-of- ransomware-during-covid-19.html [Accessed 22/06/2020]. International Journal of Computer Science and Information Security (IJCSIS), Vol. 18, No. 12, December 2020 77 https://sites.google.com/site/ijcsis/ ISSN 1947-5500

Recommended

Blockchain Technology In IOT
Blockchain Technology In IOTBlockchain Technology In IOT
Blockchain Technology In IOT
Stacey Roberts
 
Blockchain in banking
Blockchain in bankingBlockchain in banking
Blockchain in banking
zaarahary
 
Study on Zeus Banking Malware
Study on Zeus Banking MalwareStudy on Zeus Banking Malware
Study on Zeus Banking Malware
Shaik Anisa
 
Why cloud accounting is good for business:
Why cloud accounting is good for business:Why cloud accounting is good for business:
Why cloud accounting is good for business:
XeroAccounting
 
Blockchain+IOT
Blockchain+IOTBlockchain+IOT
Blockchain+IOT
Matthew David
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Fat-Thing Gabriel-Culley
 
Blockchain HyperLedger Fabric Internals - Clavent
Blockchain HyperLedger Fabric Internals - ClaventBlockchain HyperLedger Fabric Internals - Clavent
Blockchain HyperLedger Fabric Internals - Clavent
Araf Karsh Hamid
 
Internet Of Things(IOT)
Internet Of Things(IOT)Internet Of Things(IOT)
Internet Of Things(IOT)
sameergupta85
 

Recommended

Blockchain Technology In IOT
Blockchain Technology In IOTBlockchain Technology In IOT
Blockchain Technology In IOT
Stacey Roberts
 
Blockchain in banking
Blockchain in bankingBlockchain in banking
Blockchain in banking
zaarahary
 
Study on Zeus Banking Malware
Study on Zeus Banking MalwareStudy on Zeus Banking Malware
Study on Zeus Banking Malware
Shaik Anisa
 
Why cloud accounting is good for business:
Why cloud accounting is good for business:Why cloud accounting is good for business:
Why cloud accounting is good for business:
XeroAccounting
 
Blockchain+IOT
Blockchain+IOTBlockchain+IOT
Blockchain+IOT
Matthew David
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Fat-Thing Gabriel-Culley
 
Blockchain HyperLedger Fabric Internals - Clavent
Blockchain HyperLedger Fabric Internals - ClaventBlockchain HyperLedger Fabric Internals - Clavent
Blockchain HyperLedger Fabric Internals - Clavent
Araf Karsh Hamid
 
Internet Of Things(IOT)
Internet Of Things(IOT)Internet Of Things(IOT)
Internet Of Things(IOT)
sameergupta85
 
Ransomware attacks
Ransomware attacksRansomware attacks
Ransomware attacks
Texas Medical Liability Trust
 
Blockchain
BlockchainBlockchain
Blockchain
Babu Pallam
 
Ransomware
RansomwareRansomware
Ransomware
m3 Networks Limited
 
Ceh v5 module 14 sql injection
Ceh v5 module 14 sql injectionCeh v5 module 14 sql injection
Ceh v5 module 14 sql injection
Vi Tính Hoàng Nam
 
Digital banking as a service(v.e)
Digital banking as a service(v.e)Digital banking as a service(v.e)
Digital banking as a service(v.e)
Mehdi Arabzadeh Yekta
 
Ransomware attack
Ransomware attackRansomware attack
Ransomware attack
Amna
 
Data breach
Data breachData breach
Data breach
Burhan Ahmed
 
Wiseasy Digital Banking Solution Introduction.pdf
Wiseasy Digital Banking Solution Introduction.pdfWiseasy Digital Banking Solution Introduction.pdf
Wiseasy Digital Banking Solution Introduction.pdf
kjhfjfhdsjlf
 
Blockchain Security and Privacy
Blockchain Security and PrivacyBlockchain Security and Privacy
Blockchain Security and Privacy
Anil John
 
IOT in healthcare
IOT in healthcareIOT in healthcare
IOT in healthcare
Midhun Abraham
 
Blockchain-based Solutions for Identity & Access Management
Blockchain-based Solutions for Identity & Access ManagementBlockchain-based Solutions for Identity & Access Management
Blockchain-based Solutions for Identity & Access Management
Prabath Siriwardena
 
OpenAM - An Introduction
OpenAM - An IntroductionOpenAM - An Introduction
OpenAM - An Introduction
ForgeRock
 
Is web 3 an overengineered solution
Is web 3 an overengineered solutionIs web 3 an overengineered solution
Is web 3 an overengineered solution
Bellaj Badr
 
WannaCry ransomware attack
WannaCry ransomware attackWannaCry ransomware attack
WannaCry ransomware attack
Abdelhakim Salama
 
e-wallet , The future of Cards and Money
e-wallet , The future of Cards and Moneye-wallet , The future of Cards and Money
e-wallet , The future of Cards and Money
Vikram Dahiya
 
What is Ransomware?
What is Ransomware?What is Ransomware?
What is Ransomware?
Datto
 
IoT Challenges: Technological, Business and Social aspects
IoT Challenges: Technological, Business and Social aspectsIoT Challenges: Technological, Business and Social aspects
IoT Challenges: Technological, Business and Social aspects
Roberto Minerva
 
MITRE-Module 2 Slides.pdf
MITRE-Module 2 Slides.pdfMITRE-Module 2 Slides.pdf
MITRE-Module 2 Slides.pdf
ReZa AdineH
 
Linux11 Proxy Server
Linux11 Proxy ServerLinux11 Proxy Server
Linux11 Proxy Server
Jainul Musani
 
Cyber Security 101
Cyber Security 101Cyber Security 101
Cyber Security 101
Cloudflare
 
Ways To Protect Your Company From Cybercrime
Ways To Protect Your Company From CybercrimeWays To Protect Your Company From Cybercrime
Ways To Protect Your Company From Cybercrime
thinkwithniche
 
Invesitigation of Malware and Forensic Tools on Internet
Invesitigation of Malware and Forensic Tools on Internet Invesitigation of Malware and Forensic Tools on Internet
Invesitigation of Malware and Forensic Tools on Internet
IJECEIAES
 

More Related Content

What's hot

Data breach
Data breachData breach
Data breach
Burhan Ahmed
 
Wiseasy Digital Banking Solution Introduction.pdf
Wiseasy Digital Banking Solution Introduction.pdfWiseasy Digital Banking Solution Introduction.pdf
Wiseasy Digital Banking Solution Introduction.pdf
kjhfjfhdsjlf
 
IoT Challenges: Technological, Business and Social aspects
IoT Challenges: Technological, Business and Social aspectsIoT Challenges: Technological, Business and Social aspects
IoT Challenges: Technological, Business and Social aspects
Roberto Minerva
 

What's hot (20)

Ransomware attacks
Ransomware attacksRansomware attacks
Ransomware attacks
 
Blockchain
BlockchainBlockchain
Blockchain
 
Ransomware
RansomwareRansomware
Ransomware
 
Ceh v5 module 14 sql injection
Ceh v5 module 14 sql injectionCeh v5 module 14 sql injection
Ceh v5 module 14 sql injection
 
Digital banking as a service(v.e)
Digital banking as a service(v.e)Digital banking as a service(v.e)
Digital banking as a service(v.e)
 
Ransomware attack
Ransomware attackRansomware attack
Ransomware attack
 
Data breach
Data breachData breach
Data breach
 
Wiseasy Digital Banking Solution Introduction.pdf
Wiseasy Digital Banking Solution Introduction.pdfWiseasy Digital Banking Solution Introduction.pdf
Wiseasy Digital Banking Solution Introduction.pdf
 
Blockchain Security and Privacy
Blockchain Security and PrivacyBlockchain Security and Privacy
Blockchain Security and Privacy
 
IOT in healthcare
IOT in healthcareIOT in healthcare
IOT in healthcare
 
Blockchain-based Solutions for Identity & Access Management
Blockchain-based Solutions for Identity & Access ManagementBlockchain-based Solutions for Identity & Access Management
Blockchain-based Solutions for Identity & Access Management
 
OpenAM - An Introduction
OpenAM - An IntroductionOpenAM - An Introduction
OpenAM - An Introduction
 
Is web 3 an overengineered solution
Is web 3 an overengineered solutionIs web 3 an overengineered solution
Is web 3 an overengineered solution
 
WannaCry ransomware attack
WannaCry ransomware attackWannaCry ransomware attack
WannaCry ransomware attack
 
e-wallet , The future of Cards and Money
e-wallet , The future of Cards and Moneye-wallet , The future of Cards and Money
e-wallet , The future of Cards and Money
 
What is Ransomware?
What is Ransomware?What is Ransomware?
What is Ransomware?
 
IoT Challenges: Technological, Business and Social aspects
IoT Challenges: Technological, Business and Social aspectsIoT Challenges: Technological, Business and Social aspects
IoT Challenges: Technological, Business and Social aspects
 
MITRE-Module 2 Slides.pdf
MITRE-Module 2 Slides.pdfMITRE-Module 2 Slides.pdf
MITRE-Module 2 Slides.pdf
 
Linux11 Proxy Server
Linux11 Proxy ServerLinux11 Proxy Server
Linux11 Proxy Server
 
Cyber Security 101
Cyber Security 101Cyber Security 101
Cyber Security 101
 

Similar to Ransomware: Attack, Human Impact and Mitigation

Invesitigation of Malware and Forensic Tools on Internet
Invesitigation of Malware and Forensic Tools on Internet Invesitigation of Malware and Forensic Tools on Internet
Invesitigation of Malware and Forensic Tools on Internet
IJECEIAES
 
5 network-security-threats
5 network-security-threats5 network-security-threats
5 network-security-threats
ReadWrite
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112
Erik Ginalick
 
The Complete Guide to Ransomware Protection for SMBs
The Complete Guide to Ransomware Protection for SMBsThe Complete Guide to Ransomware Protection for SMBs
The Complete Guide to Ransomware Protection for SMBs
Protected Harbor
 
Datto stateofthechannelransomwarereport2016 rh
Datto stateofthechannelransomwarereport2016 rhDatto stateofthechannelransomwarereport2016 rh
Datto stateofthechannelransomwarereport2016 rh
James Herold
 
2. Cyber Intelligence in online gambling final
2. Cyber Intelligence in online gambling final2. Cyber Intelligence in online gambling final
2. Cyber Intelligence in online gambling final
MARIUS EUGEN OPRAN
 

Similar to Ransomware: Attack, Human Impact and Mitigation (20)

Ways To Protect Your Company From Cybercrime
Ways To Protect Your Company From CybercrimeWays To Protect Your Company From Cybercrime
Ways To Protect Your Company From Cybercrime
 
Invesitigation of Malware and Forensic Tools on Internet
Invesitigation of Malware and Forensic Tools on Internet Invesitigation of Malware and Forensic Tools on Internet
Invesitigation of Malware and Forensic Tools on Internet
 
Industry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacksIndustry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacks
 
Emerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business ReadyEmerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business Ready
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaper
 
5 network-security-threats
5 network-security-threats5 network-security-threats
5 network-security-threats
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112
 
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
 
Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shifts
 
Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shifts
 
The Complete Guide to Ransomware Protection for SMBs
The Complete Guide to Ransomware Protection for SMBsThe Complete Guide to Ransomware Protection for SMBs
The Complete Guide to Ransomware Protection for SMBs
 
Retail
Retail Retail
Retail
 
Cybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future AttacksCybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future Attacks
 
Cybersecurity in BFSI - Top Threats & Importance
Cybersecurity in BFSI - Top Threats & ImportanceCybersecurity in BFSI - Top Threats & Importance
Cybersecurity in BFSI - Top Threats & Importance
 
Datto stateofthechannelransomwarereport2016 rh
Datto stateofthechannelransomwarereport2016 rhDatto stateofthechannelransomwarereport2016 rh
Datto stateofthechannelransomwarereport2016 rh
 
2. Cyber Intelligence in online gambling final
2. Cyber Intelligence in online gambling final2. Cyber Intelligence in online gambling final
2. Cyber Intelligence in online gambling final
 
Intelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionIntelligence-Driven Fraud Prevention
Intelligence-Driven Fraud Prevention
 
A1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecurityA1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for Cybersecurity
 
True Cost of Ransomware to Your Business
True Cost of Ransomware to Your BusinessTrue Cost of Ransomware to Your Business
True Cost of Ransomware to Your Business
 
Security in e-commerce
Security in e-commerceSecurity in e-commerce
Security in e-commerce
 

Recently uploaded

Digital Communication Essentials: DPCM, DM, and ADM .pptx
Digital Communication Essentials: DPCM, DM, and ADM .pptxDigital Communication Essentials: DPCM, DM, and ADM .pptx
Digital Communication Essentials: DPCM, DM, and ADM .pptx
pritamlangde
 
Electromagnetic relays used for power system .pptx
Electromagnetic relays used for power system .pptxElectromagnetic relays used for power system .pptx
Electromagnetic relays used for power system .pptx
NANDHAKUMARA10
 
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments""Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
mphochane1998
 
Online food ordering system project report.pdf
Online food ordering system project report.pdfOnline food ordering system project report.pdf
Online food ordering system project report.pdf
Kamal Acharya
 
Standard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayStandard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power Play
Epec Engineered Technologies
 
School management system project Report.pdf
School management system project Report.pdfSchool management system project Report.pdf
School management system project Report.pdf
Kamal Acharya
 
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills KuwaitKuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
jaanualu31
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ssuser89054b
 

Recently uploaded (20)

Signal Processing and Linear System Analysis
Signal Processing and Linear System AnalysisSignal Processing and Linear System Analysis
Signal Processing and Linear System Analysis
 
Digital Communication Essentials: DPCM, DM, and ADM .pptx
Digital Communication Essentials: DPCM, DM, and ADM .pptxDigital Communication Essentials: DPCM, DM, and ADM .pptx
Digital Communication Essentials: DPCM, DM, and ADM .pptx
 
Introduction to Data Visualization,Matplotlib.pdf
Introduction to Data Visualization,Matplotlib.pdfIntroduction to Data Visualization,Matplotlib.pdf
Introduction to Data Visualization,Matplotlib.pdf
 
Employee leave management system project.
Employee leave management system project.Employee leave management system project.
Employee leave management system project.
 
Electromagnetic relays used for power system .pptx
Electromagnetic relays used for power system .pptxElectromagnetic relays used for power system .pptx
Electromagnetic relays used for power system .pptx
 
Augmented Reality (AR) with Augin Software.pptx
Augmented Reality (AR) with Augin Software.pptxAugmented Reality (AR) with Augin Software.pptx
Augmented Reality (AR) with Augin Software.pptx
 
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments""Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
 
Introduction to Geographic Information Systems
Introduction to Geographic Information SystemsIntroduction to Geographic Information Systems
Introduction to Geographic Information Systems
 
Hostel management system project report..pdf
Hostel management system project report..pdfHostel management system project report..pdf
Hostel management system project report..pdf
 
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptxHOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
 
Online food ordering system project report.pdf
Online food ordering system project report.pdfOnline food ordering system project report.pdf
Online food ordering system project report.pdf
 
Standard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayStandard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power Play
 
Linux Systems Programming: Inter Process Communication (IPC) using Pipes
Linux Systems Programming: Inter Process Communication (IPC) using PipesLinux Systems Programming: Inter Process Communication (IPC) using Pipes
Linux Systems Programming: Inter Process Communication (IPC) using Pipes
 
Online electricity billing project report..pdf
Online electricity billing project report..pdfOnline electricity billing project report..pdf
Online electricity billing project report..pdf
 
School management system project Report.pdf
School management system project Report.pdfSchool management system project Report.pdf
School management system project Report.pdf
 
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills KuwaitKuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
 
Theory of Time 2024 (Universal Theory for Everything)
Theory of Time 2024 (Universal Theory for Everything)Theory of Time 2024 (Universal Theory for Everything)
Theory of Time 2024 (Universal Theory for Everything)
 
Computer Networks Basics of Network Devices
Computer Networks Basics of Network DevicesComputer Networks Basics of Network Devices
Computer Networks Basics of Network Devices
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 
Worksharing and 3D Modeling with Revit.pptx
Worksharing and 3D Modeling with Revit.pptxWorksharing and 3D Modeling with Revit.pptx
Worksharing and 3D Modeling with Revit.pptx
 

Ransomware: Attack, Human Impact and Mitigation

  • 1. Ransomware: Attack, Human Impact and Mitigation Maaz Ahmed CSIT Department, NED UET NED UET Karachi Pakistan maazshaikh437@gmail.com Waqas Ahmed CSIT Department, NED UET NED UET Karachi Pakistan waq.ahmed01@gmail.com Sheroz Khan Department of Telecommunications, IICT MUET Jamshoro Pakistan sherozk867@gmail.com Abstract - Ransomware is one of the types of malware which is the result of sophisticated effort to compromise the modern computer structures. In this paper we examine the current history of ransomware and its growth to the recent form of large-scale ransomware attacks (ones that interrupt whole organizations). Within that timeframe, public reporting, articles, and news media reporting on large- scale ransomware attacks is reviewed to create an experimental analysis of ransom payments, circumstances that led to those payments, and if data was eventually recovered through a literature study for the people victimized by ransomware. Increasing threats due to ease of transfer of ransomware over internet are also talk over. Finally, low level awareness among company professionals is confirmed and reluctance to payment on being a victim is found as a common trait. Keywords- Ransomware; Extortion; Malware I. INTRODUCTION Ransomware is a type of malware that creates files on a victim’s computer isolated and then demands the victim to pay a ransom (commonly in the method of bitcoins) in order to recover access to the lost files. In 2013, the first popular conventional ransomware called Crypto locker spread through the Internet [1]. Since then, the threat and danger has grown-up and is now a common-place incident constructing headlines regularly. Among the concerns that are frequently expressed is the ethical concerns of giving ransoms and how persons who do pay are merely funding the next attacks. On one hand, limited the profitability of such attacks would lessen their occurrence. On the other hand, it would need organizations to agree the permanent loss of data or to be potentially shut down permanently. II. IMPACT OF RANSOMWARE: Generally, ransomware attack is seen from the prism of business, commercial and financial environments. The ransom is monetary, and the costs involved with recovery are monetary [1]. Ransomware utilizes techniques to inforce victim into paying the demanded quantity in Bitcoins (usually undetectable Crypto Currency) or providing personal information. Still, there are many times in which files aren't decrypted even after a charge has been paid. The ultra-modern consensus is that ransomware maintains in vital categories which may be crypto and locker [2]. This contains that the victim retaining of the laptop machine is done by way of both encrypting documents and locking the computer or by either one of them. In a subset of cases, a ransom payment may mean the difference among a business continuing to exist or to close. There are also other non-financial interests to consider. A modern study into the effects of ransomware attacks on hospitals indicated that hospitals that suffered breaches as well as ransomware frequently had longer times to given that critical services that has led to a measurable growth in mortality rates of those services compared to those that did not suffer a breach or ransomware infection. Government organizations were more likely to not pay the ransom as finish is not a possible effect for them. There is also the individual impact of executives in charge of IT or IT security on their future careers and the intangible costs to organizations for reputational damage that may occurs as being identified as a victim of ransomware [1]. Although difficult to calculate, those making selections in addressing ransomware have the clear real costs mentioned above, they are likely to involve in choices that do not badly disturb their employability or company’s future reputation unnecessarily. It is practical to accept the cause that most public reports for ransomware attacks involve certain industries is that many have no choice to report International Journal of Computer Science and Information Security (IJCSIS), Vol. 18, No. 12, December 2020 73 https://sites.google.com/site/ijcsis/ ISSN 1947-5500
  • 2. and have the capability to hide the disruption from the public, thus they have no reason to reveal. III. ANALYSIS: Targets which can, from the attacker’s opinion, be seen as feasible targets are a minor subset of the total group of victims. Feasible targets are victims who have lost important data, need the technical skills to make a payment and are also ready to do so. It can consequently be assumed that most ransomware distributors use a ‘shotgun approach’ in the hope of finding some feasible targets and, in practice, create a lot of cyber damage. The Internet provides the key role in pressing threat for easier spread of ransomware. Some of the statistics of Ransomware highlights the interesting variations. Revealing about their focus where they see greatest opportunity for return, and also variations in countries in their ransomware defenses [ 4]. Figure 2. Organization Hit Ransomware Figure 1. Countries Hit Ransomeware Figure 3. Countries Paid Ransomware 60% 56% 55% 54% 50% 49% 49% 48% 46% 45% MEDIA,LEISURE, ENTERTAINMENT IT,TECHNOLOGY, TELECOMS ENERGY,OIL/GAS, UTILITIES OTHER BUSINESSAND PROFESSIONAL… CONSTRUCTION ANDPROPERTY RETAIL, DISTRIBUTION… FINANCIAL SERVICES MANUFACTURING ANDPRODUCTION PUBLICSECTOR PERCENTAGE OF ORGANIZATIONS HIT BY RANSOMWARE IN THE LAST YEAR 82% 65% 63% 60% 59% 58% 57% 55% 53% 52% 49% 48% 48% 45% 42% 41% 40% 39% INDIA BRAZIL TURKEY SWEDEN U.S. MALAYSIA GERMANY NETHERLANDS SPAIN FRANCE UAE UK AUSTRALIA CHINA JAPAN ITALY SINGAPORE CANADA PERCENTAGE OF COUNTRY HIT BY RANSOMWARE IN THE LAST YEAR 66% 50% 31% 28% 28% 25% 22% 19% 16% 15% 13% 13% 12% 12% 11% 6% 4% INDIA SWEDEN JAPAN BRAZIL SINGAPORE U.S. NETHERLANDS FRANCE UAE CHINA MALAYSIA UK GERMANY AUSTRALIA CANADA ITALY SPAIN COUNTRIES THAT ARE PAID RANSOMEWARE International Journal of Computer Science and Information Security (IJCSIS), Vol. 18, No. 12, December 2020 74 https://sites.google.com/site/ijcsis/ ISSN 1947-5500
  • 3. IV. RANSOMWARE ATTACKS TYPES, WORKING FUNCTIONALITIES TABLE I. TYPE TYPE WANNACRY Cryptowarm GRANCRAB Ransomware-as-a-Service (Raas) SAMSAM Automated Active Adversary DHARMA Automated Active Adversary BITPAYMER Automated Active Adversary RYUK Automated Active Adversary LOCKERGOGA Automated Active Adversary MEGACORTAX Automated Active Adversary ROBBINHOOD Automated Active Adversary SODINOKIBI Automated Active Adversary NETWALKER Ransomware-as-a-Service (Raas) TABLE II. PRIVILEGES ESCALATION PRIVILEGES ESCALATION WANNACRY Exploit GRANCRAB Credentials SAMSAM Credentials DHARMA Credentials BITPAYMER Exploit RYUK Credentials LOCKERGOGA Credentials MEGACORTAX Credentials ROBBINHOOD Credentials SODINOKIBI Exploit NETWALKER Exploit TABLE III. CIPHER CIPHER WANNACRY No GRANCRAB No SAMSAM No DHARMA No BITPAYMER No RYUK No LOCKERGOGA Yes MEGACORTAX Yes ROBBINHOOD No SODINOKIBI No NETWALKER No TABLE IV. FILE ENCRYPTION FILE ENCRYPTION WANNACRY Copy, in place GRANCRAB In-Place SAMSAM Copy DHARMA Copy BITPAYMER In-Place RYUK In-Place LOCKERGOGA In-Place MEGACORTAX In-Place ROBBINHOOD Copy SODINOKIBI In-Place NETWALKER In-Place TABLE V. RENAME RENAME WANNACRY After the attack GRANCRAB After the attack SAMSAM After the attack DHARMA After the attack BITPAYMER After the attack RYUK After the attack LOCKERGOGA Before the attack MEGACORTAX Before the attack ROBBINHOOD After the attack SODINOKIBI After the attack NETWALKER After the attack TABLE VI. ENCRYPTION BY PROXY ENCRYPTION BY PROXY WANNACRY No GRANCRAB Yes SAMSAM No DHARMA No BITPAYMER No RYUK Yes LOCKERGOGA No MEGACORTAX Yes ROBBINHOOD No SODINOKIBI No NETWALKER No International Journal of Computer Science and Information Security (IJCSIS), Vol. 18, No. 12, December 2020 75 https://sites.google.com/site/ijcsis/ ISSN 1947-5500
  • 4. V. RANSOMWARE ATTACKS IN COVID-19 After the 1st quarter of 2020 the entire world is facing COVID-19 pandemic situation and all the organizations regardless that they are public or private, were forced to shift their approach to work from home. This surge in users results in the internet world being turned into an open ground for attackers to testing with malicious tools and to exploit on the organizations with weaker cyber security controls. A massive amount of ransomware was attacked in 2020. This increase is due to a combination of weaker controls on home IT and a higher likelihood of users clicking on COVID-19 themed ransomware lure emails given levels of anxiety [6] Some of the attacks are given below: • ColdLock Ransomware • RangarLocker Ransomware • Maze Ransomware • DopplePaymer Ransomware • Nemty Ransomware And many others had hits the OT/IT market to disturb them. VI. MITIGATION OF THE RANSOMWARE Mitigation of the ransomware can be performed in several ways: Off-site backups, capable anti-virus software and user training [3]. And the point has come forward that awareness of basic cyber security best practices is particularly low. As such it looks that a lot of improvement can be prepared by educating computer users of how to create safe backups and how to identify threats on the internet. It is also becoming apparent that in a commercial setting mostly users will assume that any computer problem is the responsibility of the IT department. Whilst this notation is indeed acceptable to some extent, but this attitude has also leads to carelessness and irresponsible behavior. Therefore, firms could most certainly benefit from training their employees in basic cyber security practices. VII. IF YOU ARE THE VICTIM OF RANSOMWARE ATTACK: If you suffer a ransomware attack, you must to understand that all credentials currently on these endpoints are now available to attackers, whether the accounts linked with them were active during the attack or not. Determining the effect of a ransomware attack will not be sufficient because threat performers are identified to change their tools and methods once they can identify their victims’ detection abilities. After primary identification has been done the following steps are necessary: • Quarantine affected system as soon as possible by eliminating the systems from the network or shut down to stop more ransomware attacks all over the network • Quarantine or Shut down the affected devices that have up till now to be completely corrupted to gain more time to clean and recover data • Starting backup data and System offline instantly • All account and network passwords will be change, when the ransomware is removed from the devices/system, you must to change all devices/system/network passwords again. I was found a website on internet i.e. https://www.nomoreransom.org/ this website was providing decrypting software free of cost and even though you do not know about the ransomware, you have to just upload a file that was encrypted if there is a decrypting software is available for that encryption technique they will provide it to victim. VIII. CONCLUSION: Cybersecurity at that time, faces many type of threat and risk coming regularly from consciously done malware and Cyber-attacks. There are quite a lot of incidents of cyber threat to era and it has on the go disturbing more vital zones such as medicine, energy etc. The latest infamous form of cyber threat is ransomware and this is aiming different zones because it is sophisticated and is an undetectable way to get “easy” money via compromising devices and extorting multimillion budget organizations [2]. The transfer of malware has become easy with increasing Internet based facilities and services. In company environments, high irresponsibility of the employees and dependence on the IT department for malware attacks is confirmed. [3] Hackers have already started to move attention on industries using ransomware nature of attack. Taking access to industry and processes, cyber attackers could become riskier due to the interruption they may impose on the businesses which in turn, may effect to vital procedure and human security of the organizations. Information security International Journal of Computer Science and Information Security (IJCSIS), Vol. 18, No. 12, December 2020 76 https://sites.google.com/site/ijcsis/ ISSN 1947-5500
  • 5. around the world is not sufficient to handle these cyber-attacks and malware, if infection of ransomware spread extremely across the world. The best example of it is WannaCry ransomware that has been attacking worldwide and was only stopped after frequent times of trials by cyber security specialists [5]. However, researching the nomenclature and strategies it is might be possible to be prepared at hand. We could apply those techniques and strategies for defensive and preventive countermeasures and move one step forward. REFERENCES: [1] Bambenek J.C., Bashir M. (2020) Ethics, Economics, and Ransomware: How Human Decisions Grow the Threat. In: Corradini I., Nardelli E., Ahram T. (eds) Advances in Human Factors in Cybersecurity. AHFE 2020. Advances in Intelligent Systems and Computing, vol 1219. Springer, Cham. [2] Maxwell Mago and Farai Fransisco Madyira, “Ransomware Software: Case of WannaCry,” International Research Journal of Advanced Engineering and Science, Volume 3, Issue 1, pp. 258-261, 2018. [3] Rhythima Shinde, Pieter Van der Veeken , Stijn Van Schooten and Jan van den Berg “Ransomware: Studying Transfer and Mitigation” 2016 International Conference on Computing, Analytics and Security Trends (CAST) College of Engineering Pune, India. Dec 2016 [4] Sophos “THE STATE OF RANSOMWARE” https://secure2.sophos.com/en-us/content/state-of- ransomware.aspx . [Accessed 10/05/2020]. [5] Usman Javed Butt, Maysam Abbod, Anzor Lors Hamid Jahankhani, Arshad Jamal, Arvind Kumar “Ransomware threat and its impact on SCADA” 2019 IEEE 12th International Conference on Global Security, Safety and Sustainability (ICGS3) [6] David Ferbrache “The rise of ransomware during COVID-19” https://home.kpmg/xx/en/home/insights/2020/05/rise-of- ransomware-during-covid-19.html [Accessed 22/06/2020]. International Journal of Computer Science and Information Security (IJCSIS), Vol. 18, No. 12, December 2020 77 https://sites.google.com/site/ijcsis/ ISSN 1947-5500