Case Project 25 Ransomware Attacks Use the Internet to resea

Case Project 2-5: Ransomware Attacks
Use the Internet to research some of the different ransomware attacks that
have occurred recently. Identify at least three attacks that are current. What
do they do? Why are they so successful? How are they being spread? What
can users do to protect themselves? How can ransomware be removed from a
computer? Write a one-page summary of your research.

Solution

Ransomware attack

1.1 Introduction

Ransomware is malware for data kidnapping, an exploit in which the attacker encrypts the victim\'s data and demands payment for the decryption key.

Ransomware spreads through e-mail attachments, infected programs and compromised websites. A ransomware malware program may also be called a cryptovirus, cryptotrojan or cryptoworm.

Attackers may use one of several different approaches to extort money from their victims:

1.2 Ransomware attacking process and their impact

There are different types of ransomware. However, all of them will prevent you from using your PC normally, and they will all ask you to do something before you can use your PC.

They can target any PC users, whether it’s a home computer, endpoints in an enterprise network, or servers used by a government agency or healthcare provider.

Ransomware can:

Ransomware will demand that you pay money (a “ransom”) to get access to your PC or files. We have also seen them make you complete surveys.

There is no guarantee that paying the fine or doing what the ransomware tells you will give access to your PC or files again.

2. Case studies:

2.1 Ransomware attack hits St Louis Public library

A ransomware attack struck the library’s server, preventing some 700 PCs at 16 of library locations from working properly, and preventing the checking out of books.

Ransomware doesn’t discriminate – it hurts the luckiest in society, and the most disadvantaged. It doesn’t care whose computers it infects, and what impact it has on their users. Its only interest is earning as much money as possible for its criminal creators as possible.

Thankfully, the library does not keep its book catalog on the infected computer system, and so it escaped being put at risk. In addition, the server did not store personal information, or indeed financial information, of the library’s users or staff.

The other good piece of news is that the library had a backup, which means that they haven’t been forced into a corner, and can – if they wish – choose to avoid paying their extortionists.

The library has informed the FBI about the attack. Again, that’s a good decision. A crime has been committed, and even if the chances of capturing the perpetrators might be remote it’s important that evidence about attacks is collected.

2.2 Hollywood Presbyterian Medical Center

Hollywood Presbyterian is a large hospital in Southern California with almost 500 beds.

Earlier this year it was hit by a massive ransomware attack. Specifically, the hospital’s computer systems were infected by a malware program called Locky. Locky is typically sent to an unsuspecting user via email, and recipient opens an infected Word document in order to infect their system.

In the case of Hollywood Presbyterian, it’s not clear who downloaded the malware, but it doesn’t matter. Soon after, staff members were soon locked out of their computers and cybercrooks were demanding an unusually large ransom for a ransomware attack: $17,000 (40 Bitcoin).

2.3 Mobile ransomware

With the increased popularity of ransomware on PCs, there has also been a significant increase in the volume of ransomware affecting smart phones, particularly Android devices. (iOS devices are protected by Apple Inc.’s restrictions of what applications they allow on the iOS App Store.)

Unlike ransomware on desktop computers, where encrypting ransomware is more widespread than non-encrypting ransomware, mobile devices have almost no encrypting ransomware because most of the crucial data is stored in clouds. When data is backed up in cloud storage, there is no need to pay a ransom. For this reason, non-encrypting ransomware (or ‘blockers’, because they block access to the device) are much more popular on mobiles.

Mobile ransomware usually spreads by pretending to be a legitimate app in third party stores; however, they can also spread through other means such as infected emails, and unsecure websites. They act by overlaying the interface of every app with the malware’s own, which prevents the user from using any application. Blockers are also more effective on mobile devices because the hard drive is usually soldered onto the motherboard, whereas on PCs one could simply unplug the hard drive from the infected PC and use another PC to retrieve its data. One thing that is unique to mobile ransomware is that it can hijack the phone’s PIN and use the device’s own security against the user. To protect a phone from ransomware, one can either scan for malware on the phone regularly, or avoid suspicious links and applications.

2.4 Protect yourself from ransomware

As with other attacks, you can work to avoid ransomware. Experts advise taking these steps to avoid attacks or protect yourself after an attack:

Use reputable antivirus software and a firewall. Maintaining a strong firewall and keeping your security software up to date are critical. It’s important to use antivirus software from a reputable company because of all the fake software out there.

Back up often. If you back up files to either an external hard drive or to an online backup service, you diminish the threat, says Eisen. “If you back up your information, you should not be afraid to just turn off your computer and start over with a new install if you come under attack.” Eisen backs up his data regularly, so every six months, he simply restores his computer’s system to default and starts afresh. “I would highly recommend it,” he says.

Enable your popup blocker. Popups are a prime tactic used by the bad guys, so simply avoid even accidentally clicking on an infected popup. If a popup appears, click on the X in the right-hand corner. The buttons within a popup might have been reprogrammed by the criminals, so do not click on them.

Exercise caution. Don’t click on links inside emails, and avoid suspicious websites. If your PC does come under attack, use another computer to research details about the type of attack. But be aware that the bad guys are devious enough to create fake sites, perhaps touting their own fake antivirus software or their de-encryption program.

Disconnect from the Internet. If you receive a ransomware note, disconnect from the Internet so your personal data isn’t transmitted back to the criminals, says Eisen. He recommends simply shutting down the computer. If you have backed up your data, you can re-install software. If you don’t feel comfortable doing so or you are unable to start fresh, you may need to take your computer to a reputable repair shop, says Eisen.

Alert authorities. Ransomware is a serious form of extortion. “Local police are probably not equipped to deal with this,” explains Siciliano. “However, the local FBI would want to know about it.”

Don’t be tempted to give in and pay the ransom, warns Siciliano. “Paying them would be a mistake because they will further extort you and most likely not release your information.” Taking precautions to protect your information and maintaining vigilance are the best solutions to avoid becoming a victim in the first place.

2.5 Conclusion

The advancement in ransomwares is going at a very high pace. With no apparent

hurdle, it can become a crisis in few years. Ransomware can hit mobile devices and

Internet of Things (IoT). The day is not far when ransom will become a major threat to

Privacy and Personally Identifiable Information (PII) data. Criminals will not only

encrypt the data but they will also exfiltrate a copy of data from our computers, mobile

devices and (possibly) cloud storage. This data will be used to blackmail the users and

collect ransom in periodic installments.

Intelligent cars, automated homes, and personal wearables record every aspect of

our life. Most of the users do not know that their hi-tech life is being recorded with

accurate timestamps including all the secrets that we would protect at any cost. We need

to understand the value of our personal data, realize the risk associated with it and

actively devise ways to manage, track, monitor and secure personal data interactions and

Transactions.

We must take precautionary measures to secure our data from malware and instead of paying ransom pay on providing security to our personal and professional information. Using software or other security policies to block known payloads from launching will help to prevent infection, but will not protect against all attacks. Keeping \"offline\" backups of data stored in locations inaccessible to the infected computer, such as external storage drives, prevents them from being accessed by the ransomware, thus accelerating data restoration.