GRD Journals- Global Research and Development Journal for Engineering | Volume 5 | Issue 3 | February 2020 ISSN: 2455-5703
Analysis of Ransomware and its prevention A. D. C Navin Dhinnesh Department of Computer Applications Mepco Schlenk Engineering College, Sivakasi – 626005, India
Abstract The cyber attack technology is changing in a drastic manner. The attacks are increasing in a higher rate. The attacks are not pertaining to a particular individual, but also many organizations and institutions are also involved. To prevent from these types of attacks, lot of security measures are implemented by several organizations. They put into practice various security levels to protect from these attacks. The most ferocious attack now a days is considered to be Ransomware. This paper explains the history and the evolution of ransomware. Also it discusses about why encryption was chosen for ransomware attack. In this paper the author explains about how to avert ransomware and to respond to the attack. Keywords- Ransomware, Cyber Attack, Internet of Things, Cybercriminals, Encryption
I. INTRODUCTION Ransomware is making heavy havoc from the time it was first discovered in the year 2000 [1]. It is considered to be a serious threat not only to many organizations, but also to institutions [2]. It can be in any form, say in the form of malicious code, or may be worms, or viruses. Few ransomware appears to destroy the user’s data from their computer. As the technology booms, the threat to computer system also rises. The field of Internet of Things (IoT) [3] is now connecting people with various devices. Once people of connected to those devices they are exposed to attacks too. Ransomware is similar to a worm. It will not allow the users to access their system, either the screen will be locked or the files of the user will be encrypted. After this they will demand a huge ransom from the user. It is very difficult to decrypt a ransomware affected file. Initially they will enter an organizations system and will start encrypting their important files. After this they will ask for ransom to be paid for decrypting the affected files. Ransomware will be using assorted type of techniques to attack the victim.
II. HISTORY AND EVOLUTION Ransomware was first identified in the year 2005 in Russia [4]. The victim`s file were hacked and was access denied by the attacker [5]. They also demanded huge amount to be paid by the victim in order to make the files work. After few years the ransomware was made to affect mobile phones too [6]. Once if we need to boot a system, the computer must need a boot file to start the system. Ransomware will prevent the operating system (OS) from being booted [7]. Subsequently cybercriminals started using forged antivirus programs. These programs will mislead the applications used by the users [8]. These will look like original programs but they will perform mock operations, and will inform the users that the system has numerous amounts of threats and lacks in several security. The user will be asked for some fee to be paid for rectifying the problems. The user will also be asked to pay for the annual maintenance. But few users happened to ignore these kinds of alerts. The next stage of cybercriminals was to disable the systems access. They will purposely lock the system so that the user could not use it. The charge asked to be paid by the user will be heavy if the user wishes the criminals to unlock the system. The success of ransomware is due to encryption techniques used by the criminals. They use encryption as a tool to attack victims [9]. The advantage of using encryption is that they give access only to the users those hold the secret key for accessing or retrieving the data. As soon as a system is affected by a ransomware, the criminals start to change the entire files present in the system. They change it in a manner that the files can be read only when they are restored back to their initial state. For doing these kind of things, the cybercriminals need a key. Hence they choose encryption for performing these kinds of attacks. After attacking the victims system they demand huge amount in ransom. The cybercriminals perform two types of encryption: i) symmetric and ii) asymmetric. In the former, for performing encryption and decryption, the victims use the same secret key. But in the latter, a private key is involved. The public key is used when encryption is done. But during decryption private is needed. The cybercriminals uses both the above types when they decide to attack a victim. Figure 1 shows the sample model of encryption done in a ransomware.
All rights reserved by www.grdjournals.com
1