Ransomware Attacks and Its Alternatives Assessment Answer
Ransomware attack is regarded one software attack, in which an individual or a company should encounter with a ransomware. Ransomware is defined as a kind of virus, which is extended to the computers or systems through infected websites. It is also spread through clicking links, which belong to unknown sender, via email attachments and other related sources. Sometimes, it happens that a user, without knowing about the consequences explores a website, which is infected. Along with that, the user, mistakenly downloads the malware to its system and finally installs it to its personal computers, which remains beyond its knowledge. Because of this, occasionally, people come across to a situation where he/she is unable to retrieve the information anymore as installation of ransomware has lacked the data down. For getting access to the data, the user is required to pay for the ransom (Taylor et al. 2017). Yet thousands and hundreds of the systems have fallen in the classification of ransomware attack. Other kinds of malware could be flashed out; however, ransomware is unable to be eradicated by flashing BIOS. The user or the sufferer is required to pay the ransom for getting access back to his data. The information was locked through a key, decryption key of which is maintained in the server of the hacker. In case any person imitates to make certain modifications in the program for getting access to the locked information, the decryption key would automatically be deleted and the user would not be able to get access to the encrypted information in the file anymore (Grant and Parkinson 2018). On the other side, if the ransom is paid at an appropriate time, the files which are encrypted would be decrypted as well as the data could be accessed by that victim or user.
Ransomware attack could be detrimental for overall productivity of the business. Unless all the confidential and price-sensitive files are restored, the business activities remain on hold. Infection of computers by the ransomware attack could create a negative impact on the sensitive data, as the information could be easily manipulated or erased permanently from the system. It would create a negative impact on the business growth of the organisation, as no client would prefer to crack business deals with organisations, which are suffering from data breaches. Like this, any business could face issues in carrying out business activities effectively and maintaining confidential data successfully when it would be attacked by the ransomware. Furthermore, ransomware attack might enhance the budget of the organisation as its might need to pay penalties or fines for inability of implementation of effective security measures for controlling the data breach issues or the ransomware attack.
Three current alternatives of the ransomware attacks
Since many years, the ransomware tends to be enhancing from one small level to a major issue. The development of ransomware is caused by high applicability of methods associated with payments, which are untraceable such as bit coin (Paquet-Clouston et al. 2019). This section would discuss about three different alternatives of the ransomware attacks, which are developed since past few years. They are elaborated as follows:
- NotPetya: It is also a type of ransomware infection. It encrypts target system and shows a message to the victim’s computer that how to pay in bitcoins to remove this virus and get their data back. It will infect a system by sending a simple redirection links that crash and reboot a system like CHKDSK screen. It encrypts the user drive and install its own boot loader so that the user is unable to get access of his system without paying money to the attacker.
- Wannacry: This ransomware was infected a large number of systems in may 2017. It targets the computer that are running Microsoft windows OS and encrypt the data they are holding. After blocking the computers, they demand for money in bitcoins. Microsoft has released a patches to provide protection against these threads but the infection was done on the systems that not installed these patches.
- Ryuk: This alternative of ransomware targets the organisation in which data security arrangements stands at a vulnerable position for the downtime in the year 2019. The downtime tolerance involves struggling for utility of water subsequent to hurricane Florence along with daily newspapers. The prime of this alternative is disabling the restore option of the system of windows over the computers on which ransomware has created a negative impact. It becomes very difficult to the decrypt the encrypted information without payment of ransom. The amount of ransom tends to be excessively high in accordance with the victim’s value. Source code for the Ryuk is generated from the Hermes, which is the commodity of North Korea’s Lazarus Group. Nevertheless, certain people assumed that source code was procured from the supplier who speaks in Russian language.
Ransomware’s working mechanism
Ransomware could be spread to the computers by a quantum of different vectors. Ransomware attack is supposed to be completed in five different phases.
- The attacker to the user or victim through mail (Kharaz et al. 2016) conveys wicked ransomware files. For effective attack, malicious program requires a system where ransomware files could be executed. Phishing is defined as the dispatch of the malicious file through email. The user gets the mail and clicks over the link provided over mail by presuming the mail to be from a known user. Subsequent to click on the link on the mail, a page redirect towards the website which, the hackers control it completely as well as the web server of the attacker’s initiates communication with the system of user for finding out different java versions through conveyance of requests regarding the versions of software. The attack could also be performed by kit of angler exploit.
- In case the attacker finds weak versions, the respective kit imitates to exploit the weakness. Once it succeeds in exploitation of weak version of software, it would put malicious file of ransomware .exe in the computer of the user or victim for execution of the file in the device of the user. The procedure would consume seldom five seconds for getting it completed.
- Once the computer of the victims or user executes the code, after some seconds, ransomware attacks over backup folders along with the files, which are applicable over the computer of the victim and eliminates the files or folders for disrupting them towards restore of files from the backup (Sgandurra et al. 2016). Deleting folders or files is the exclusiveness of ransomware, which other kinds of the crime ware do not bother. The procedure would consume seldom ten seconds for getting it completed.
- After backup files are removed, the malicious program would perform encryption procedure, which exchanges secure key with the server for developing encryption keys for using local system. PowerShell is used for spreading files’ copies in the system. The specific extension files would be found and encrypted. Powershell.exe would create 3 copies of the malware binary which is in the appdata directory, start directory and root C: directory. The procedure would consume seldom two minutes for getting it completed.
- Once the files of victim are encrypted, the respective key would be sent to control and command server by the malware. The ransom demands would be presented by alert where user would provided with time otherwise decryption would be destroyed. Therefore, it eliminates the opportunity of data recovery from victim. For getting back data access, the victim needs to pay ransom amount and subsequent to payment of amount, attacker would unchain machine to be applied by victim by provision of decrypting key. Therefore, the victim could achieve the access to files again. The procedure is known as “user notification and Clean up” procedure, which would consume seldom fifteen minutes for getting it completed.
Ransomware’s potential threats
Ransomware is regarded as one of the biggest threats, which the organisations, at present are facing in their business and data security management. Since previous few years, the scale and size of this virus or malware tends to be significantly enhancing. In the year 2018, it was observed that around sixty-nine percent of the organisations are facing issues of ransomware attacks, which costs the globe probably around eighty billion dollars. It is known as a virus or malware, which disrupts the user in getting access to their information through their systems or the computers. The system files are encrypted by it and the users are required towards payment of ransom for getting access to the encrypted files. The cyber attackers demand the ransom amount for payment within particular time. Inability of payment of ransom by the user or victim would result in failure of getting the decryption key and thereby data loss. The attack is spread by clicking over any link got over the mail from any unknown user. Such attack is known as phishing attack. Yet the ransomware’s average cost in the UK is around 30000 euros that is merely a nominal percent of damage. There are certain upcoming threats of the Ransomware, some of which would be examined as under:
1. Operation of business free of downtime or interruption, would lead to achievement of high revenues and profits, however, disrupted business activities could also lead to reduction of profitability and sales volume.
2. Ransomware attacks results in loss of data. The user needs to lose data in case of non-payment of ransom amount in stipulated time by ransomware attacker.
3. Ransomware attack in an organisation could exercise an unfavourable effect on the corporate image of the organisation in the market. No client would prefer to crack business deals with organisations, which are suffering from data breaches.
4. Not only the data, but also the devices are damaged by ransomware attack. The replacement cost of the infected devices would be summed up to the budget and thereby increase costs of the organisation, which reduce profits.
5. Companies might have to pay penalties ad fines for non-maintenance of effective measures of security in office premises, which could sum up to the budget and thereby increase costs of the organisation, which reduce profits. It would create a negative impact on the business growth of the organisation, as no client would prefer to crack business deals with organisations, which are suffering from data breaches.
6. In summation with different security measures, organisation needs to invest a substantial amount of money in training its employees in order to help them enhance skills for effectively responding towards the attacks of ransomware (Kharraz et al. 2015). It sums up to the budget and thereby increase costs of the organisation. The organisation might also require to employ experts associated with cyber security measures which could train employees regarding guiding them to enhance skills for effectively responding towards the attacks of ransomware.
As the report ends, it can be concluded that ransomware attack is regarded one software attack, in which an individual or a company should encounter with a ransomware and it creates a significant impact over the society. The report concludes about the different alternatives of the ransomware such as NotPetya, Ryuk and WannaCry, which exercise significant influence over business and community. The report also provided proper details of the ransomware’s working mechanism, which was performed in five different phases. We have discussed successfully, in the following report, about the upcoming threats of the ransomware and the ways by which it attacks the users or victims.