GRD Journals- Global Research and Development Journal for Engineering | Volume 5 | Issue 3 | February 2020 ISSN: 2455-5703
Analysis of Ransomware and its prevention A. D. C Navin Dhinnesh Department of Computer Applications Mepco Schlenk Engineering College, Sivakasi – 626005, India
Abstract The cyber attack technology is changing in a drastic manner. The attacks are increasing in a higher rate. The attacks are not pertaining to a particular individual, but also many organizations and institutions are also involved. To prevent from these types of attacks, lot of security measures are implemented by several organizations. They put into practice various security levels to protect from these attacks. The most ferocious attack now a days is considered to be Ransomware. This paper explains the history and the evolution of ransomware. Also it discusses about why encryption was chosen for ransomware attack. In this paper the author explains about how to avert ransomware and to respond to the attack. Keywords- Ransomware, Cyber Attack, Internet of Things, Cybercriminals, Encryption
I. INTRODUCTION Ransomware is making heavy havoc from the time it was first discovered in the year 2000 [1]. It is considered to be a serious threat not only to many organizations, but also to institutions [2]. It can be in any form, say in the form of malicious code, or may be worms, or viruses. Few ransomware appears to destroy the user’s data from their computer. As the technology booms, the threat to computer system also rises. The field of Internet of Things (IoT) [3] is now connecting people with various devices. Once people of connected to those devices they are exposed to attacks too. Ransomware is similar to a worm. It will not allow the users to access their system, either the screen will be locked or the files of the user will be encrypted. After this they will demand a huge ransom from the user. It is very difficult to decrypt a ransomware affected file. Initially they will enter an organizations system and will start encrypting their important files. After this they will ask for ransom to be paid for decrypting the affected files. Ransomware will be using assorted type of techniques to attack the victim.
II. HISTORY AND EVOLUTION Ransomware was first identified in the year 2005 in Russia [4]. The victim`s file were hacked and was access denied by the attacker [5]. They also demanded huge amount to be paid by the victim in order to make the files work. After few years the ransomware was made to affect mobile phones too [6]. Once if we need to boot a system, the computer must need a boot file to start the system. Ransomware will prevent the operating system (OS) from being booted [7]. Subsequently cybercriminals started using forged antivirus programs. These programs will mislead the applications used by the users [8]. These will look like original programs but they will perform mock operations, and will inform the users that the system has numerous amounts of threats and lacks in several security. The user will be asked for some fee to be paid for rectifying the problems. The user will also be asked to pay for the annual maintenance. But few users happened to ignore these kinds of alerts. The next stage of cybercriminals was to disable the systems access. They will purposely lock the system so that the user could not use it. The charge asked to be paid by the user will be heavy if the user wishes the criminals to unlock the system. The success of ransomware is due to encryption techniques used by the criminals. They use encryption as a tool to attack victims [9]. The advantage of using encryption is that they give access only to the users those hold the secret key for accessing or retrieving the data. As soon as a system is affected by a ransomware, the criminals start to change the entire files present in the system. They change it in a manner that the files can be read only when they are restored back to their initial state. For doing these kind of things, the cybercriminals need a key. Hence they choose encryption for performing these kinds of attacks. After attacking the victims system they demand huge amount in ransom. The cybercriminals perform two types of encryption: i) symmetric and ii) asymmetric. In the former, for performing encryption and decryption, the victims use the same secret key. But in the latter, a private key is involved. The public key is used when encryption is done. But during decryption private is needed. The cybercriminals uses both the above types when they decide to attack a victim. Figure 1 shows the sample model of encryption done in a ransomware.
All rights reserved by www.grdjournals.com
1
Analysis of Ransomware and its prevention (GRDJE/ Volume 5 / Issue 3 / 001)
Fig. 1: Sample model of encryption done in ransomware
III. AVERTING RANSOMWARE There are few techniques to be followed to avert ransomware attacks. The following points will explain how to avert from ransomware. A. Do not click the unknown links When you happened to receive any unknown links or spam emails, do not try to click it. It may be a ransomware. As soon as if you happened to click the links then automatically download starts on you system and it could be affected. When you system is affected by ransomware then it will start encrypting you files. Then it will start demanding huge ransom from the victim for recovering the encrypted data. But it is not an assurance that once you pay the ransom to the cybercriminal he will release back your original files [10]. B. Never open unknown email attachments This is a different way of getting the ransomware into the victim`s system by means of an email attachment. One should not open any of the email attachments that are received from unknown senders. Make sure the attachment is genuine before opening it. If not sure, then ignore it or never open it. Sometimes, if you happened to open the attachment, and if that attachment is being infected, then the malware will immediately take control of the victim`s system. C. Download from the websites which you trust At any cost do not try to download any files from unidentified websites. If you wish to download then visit the trusted website then download your files. Trusted websites could be recognized by https. And also one can see a lock symbol in trusted websites. This shows that the websites are secured one. Same thing applies to mobile phones too. D. Do not give your personal details If from any websites, if you happened to receive an email asking you to provide your personal details, please avoid giving it. Most of the cybercriminals try to get the personal details so that they can ask for huge ransom from the victim. If you receive any, kindly ignore it. E. Use proper filtering One must use proper filtering in their emails to prevent ransomware. These filters will reduce the incoming spam emails to some extent. The infected malware files may also be filtered or deleted and it will not reach the inbox. F. Update software periodically The software used by the user must be properly updated periodically to avoid malware attacks. By updating the software, one can be updated with the latest antivirus software that will control the incoming malware. G. Periodic Data Back up The user`s data in the system must be backed up once in a while. The data must be copied to an external drive. That external drive should not be connected to the main system. Also one can store the data in a cloud environment. By backing up even if the data are encrypted one can get back their original data from the back up.
All rights reserved by www.grdjournals.com
2
Analysis of Ransomware and its prevention (GRDJE/ Volume 5 / Issue 3 / 001)
IV. RESPONDING TO AN ATTACK Till now, the prevention from ransomware was explained. Now let`s see how to respond to a ransomware attack. Once if you happened to experience a ransomware attack, follow the few things as follows to reduce the damage: A. Keep your System Isolated If you are experiencing any ransomware attack, just disconnect your system from the remaining systems and from the network. By doing this will reduce the attack. B. Avoid Paying Ransom Try to avoid paying the ransom to the cybercriminals. This will encourage the attackers to do more and more attacks.
V. ATTACKS IN A HOSPITAL There are number of hospitals being attacked with ransomware. These kinds of attacks make the hospital authorities to think about their systems security. The attackers will disable the emails of hospitals, there by affecting the scheduling details of patients to be attended and other related functions [11]. The attackers will also reschedule the surgery dates to be performed to the patients. The hospital management should keep their internet oriented systems highly secured. They should identify the attacks quickly and should respond to that as early as possible. They should keep away from opening unwanted emails. They should not click the links which are not known to them. The hospital people must take regular backups of their system data. Figure 2 shows the sample ransomware attack in a hospital.
Fig. 2: A sample of a Hospital attacked with ransomware
VI. CONCLUSION Always be proactive. The users in the organization and in any institutions must be taught about ransomware. They should be exposed to basic attacks and how to prevent it on their own to reduce the amount of attack. The users should be instructed not to open any untrusted links which they receive in their email. The organizations must implement few security measures for these types of attacks. Proper updating in their software must be carried out.
ACKNOWLEDGEMENTS The author acknowledges the support and encouragement by the Management, Principal and Director of Computer Applications department, towards this work.
REFERENCE [1] [2] [3] [4] [5] [6]
RansomwarePast, Present, and Future Technical Marketing Team, TrendLabs, https://documents.trendmicro.com/assets/wp/wp-ransomware-past-presentand-future.pdf Stephen Cobb, “RANSOMWARE: an enterprise perspective”, Ransomware white paper, 2018 Nadeem Shah, Mohammed Farik, “Ransomware - Threats, Vulnerabilities And Recommendations”, International Journal of Scientific and Technology Research Vol 6, No 06, 2017 TrendLabs.(2017).Threat Encyclopedia.“Ransomware.”Last accessed on 20 March 2017, https://www.trendmicro.com/vinfo/us/security/definition/Ransomware. Trend Micro Incorporated. (14 March 2006). TrendLabs Security Intelligence Blog. “Ransomware! Ransomware! Ransomware!” Last accessed on 20 March 2017, http://blog.trendmicro.com/trendlabs-security-intelligence/ransomware21-ransomware21-ransomware21/. Nart Villeneuve. (12 January 2011). TrendLabs Security Intelligence Blog. “SMS Ransomware Tricks Russian Users.” Last accessed on 20 March 2017, http://blog.trendmicro.com/trendlabs-security-intelligence/sms-ransomware-tricks-russian-users/.
All rights reserved by www.grdjournals.com
3
Analysis of Ransomware and its prevention (GRDJE/ Volume 5 / Issue 3 / 001) Cris Pantanilla. (12 April 2012). TrendLabs Security Intelligence Blog. “Ransomware Takes MBR Hostage.” Last accessed on 20 March 2017, http://blog.trendmicro.com/trendlabs-security-intelligence/ransomware-takes-mbr-hostage/. [8] Kevin Savage, Peter Coogan, Hon Lau, “The evolution of ransomware”, version 1.0, Symantec, August 2015 [9] Cassius Puodzius, “How encryption molded crypto-ransomware”, 2016 [10] https://www.kaspersky.co.in/resource-center/threats/how-to-prevent-ransomware [11] Ransomware Attack Disrupts Medical Care in 3 Alabama Hospitals, 2019, Available online: https://www.trendmicro.com/vinfo/au/security/news/cybercrime-and-digital-threats/ransomware-attack-disrupts-medical-care-in-3alabama-hospitals [7]
All rights reserved by www.grdjournals.com
4