Ransomware and Mitigation Strategies Literature Review
Introduction
In the past few years, Ransomware has stood to be one of the significant computer viruses globally. Compared to other viruses that were witnessed before the virus, Ransomware has become a substantial threat as it is said to have solicited funds from the victims. One of the most recent attacks, WannaCry, has internationally affected havoc, raising the need to solve the problem. Ransomware can be caused by people with a basic knowledge of computer, who can then use the experience in hacking other people, or it can result from advanced hacking, which is difficult for the most experienced users to circumvent. To have a better understanding of the threat, the paper will focus on a review of four articles, namely; Ransomware: Evolution, Mitigation, and Prevention, Advanced Petya Ransomware and Mitigation Strategies, Volenti non-fit injuria: Ransomware and its Victims, and finally, A brief study of WannaCry Threat: Ransomware Attack 2017.
Agreements with the Literature
Ransomware is one of the fastest spreading viruses that has cost individuals and organizations a large sum of money due to data loss and information. The attacks have mainly targeted business entities because they believe they can get a large sum of money from businesses compared to individuals. Some of the areas prone to ransomware attacks include the United States, Canada, Australia, India, and some Western countries like Italy, Netherlands, the United Kingdom, and Germany (Aidan et al.,2018).
Several factors contribute to the growth of the Ransomware. Some of these factors include encryption, effective infection vector, cryptocurrency &Raas, and other infection vectors. For a long time, Windows has been prone to be attacked by the ransomware virus, but there has been an attacking attack on other platforms. The attacks have occurred due to the attackers trying to reach out to target groups that have not been exploited. However, Windows stands a greater risk of being attacked since its users are likely to use security software or keep up with the latest security features. The attackers have also been targeting the android platform since there is an increase in smartphone usage (Aidan et al., 2018).
Usually, the Ransomware attacks one computer by encrypting crucial data that requires one to pay a ransom to access the information. In most cases, the ransom is rewarded in the form of bitcoins. Ransomware is classified under two primary sets, namely; crypto-ransomware and locker Ransomware. The crypto-ransomware is known for encoding data and other important information, while locker ransomware manes the whole mainframe or device, hindering the victims from logging into them. The locker ransomware locks a device leaving the data stored untouched. In instances where it’s impossible to do away with the malware, the information can always be recovered by moving the device used in storage or the hard drive into a different functioning computer (Richardson et al., 2017).
Disagreements with the Literature
From the above statistics, it is evident that the attackers are mainly concentrating on developed countries. I believe the results are not accurate because the less developed countries have high unemployment rates, and the citizens are likely to get into hacking to raise a living. The Ransomware attackers have gone to the extent of adding foreign techniques into the cyberworld as most attackers began coding in foreign languages like JavaScript, Python, PHP, and PowerShell. The languages are used to make it difficult for companies’ security departments to detect Ransomware’s presence. Even though coding languages are described as foreign barriers that make it difficult for companies to detect Ransomware, companies are also used by companies to protect confidential information. Besides, it is the additional features apart from coding languages added to the Ransomware family that have led individuals and companies into losing a lot of money. For instance, a cryptocurrency feature allows gathering information from one’s bitcoin wallet and forwarding it to the invader. Besides, chimera has come up with an extra feature that threatens victims by publicly exposing their files (Aidan et al., 2018).
Methodology
With the increase in the rate of hacking, I believe the study’s methodologies are appropriate as they consistently show the amount of funds that were lost as a result of Ransomware. For instance, research shows that between 2014 and 2015, the rates of ransomware attacks have increased by 17.7% while the attacks from crypto-ransomware rose by 448%. In October 2015, a report from the cyber threat alliance reported a $325,000,000 from ransomware attacks. Besides, using a Nessus tool is crucial in detecting Ransomware as it scans the vulnerability of a system to hackers and raises the alarm to the IT department. The samples used in the study are appropriate as the results can easily be matched to the increased number of ransomware attacks. One weakness detected in the study is that it mainly focuses on losses incurred by companies leaving out those incurred by individuals.
Analysis and Synthesis
In the past, Ransomware was seen as a form of prey and attack since the attackers had very little concentration on individuals. However, in the present, the attackers have concentrated on the target and have come up with various strategies to achieve their big hunting games. Due to an increase in cybercrime, the cybersecurity organization has opted to remain vigilant to develop ways of detecting and averting the ransomware attacks that have continuously been arising (Atapour-Abarghouei et al., 2019). The malware activities have widely been classified as either network level, system level, or both. A good example is andronio, which processes an approach used in recognizing any form of device barring or encryption actions in a process by coming up with code paths through a still taint investigation and symbolic execution. In some instances, abnormal file system activities are usually used in detecting Ransomware (Atapour-Abarghouei et al., 2019).
With the world being digital, a lot of information is stored where it can easily be retrieved. Everything is done in simplified ways such that a single click ensures that several processes and effortlessly and efficiently maintained. The world going digital has made it easy for various computer users. However, from the common phrase that nothing good lacks a negative side, digitization has led to an era where the company and individual confidential data is at risk of loss or exposure (Mohurle et al., 2017). Through digitization, several malware like spyware, trojan, phishing, spam, and intruders have emerged. Ransomware, for example, is a form of theft and, at the same time, a transmitted infection that is difficult to get out. There are, however, various preventative measures when it comes to Ransomware. Some of the steps include; using an updated antivirus, failing to open or reply to spam messages, often backing up data, keeping the windows firewall adequately turned off, and always configured and using a reputable security suite. Other preventative measures include always ensuring the unused wireless connections are switched off and always being cautious before using public WIFI (Mohurle et al., 2017).
The rise in cybercrime activities has made organizations more vigilant in coming up with ways of detecting and preventing attacks. Besides, there are various ways Ransomware can be controlled in an organization since most hackers tend to target companies compared to individuals. Some of these measures include using an updated antivirus. Ransomware is also said to have spread widely in 2006 as more attackers started to try their luck by stealing from victims. The impact ransomware has had on people has been increasing from an average of $294 in 2015 to $ 679 in 2016. From a report made by the FBI after receiving complaints from 2400 victims, it is reported that 24 million was lost to cybercrime in 2014 as opposed to 23 million, which was lost in 2015.