Figure 4 - uploaded by Jason Thomas
Content may be subject to copyright.
Source publication
Ransomware is the fastest growing malware threat and accounts for the majority of extortion based malware threats causing billions of dollars in losses for organizations around the world. Ransomware is a global epidemic that afflicts all types of organizations that utilize computing infrastructure. Once systems are infected and storage is encrypted...
Context in source publication
Context 1
... early dedicated locking malware programs were based on the Trojan.Randsom.C paradigm, spoofing itself as Windows Security Center, Microsoft Security Essentials and other valid OEM-based security tools (Richardson & North, 2017). Figure 4 is a screenshot of locker ransomware spoofed as Microsoft Security Essentials. Locker ransomware evolved from offering to remove fake errors to creating problems ( Savage et al., 2015). ...
Citations
... According to the 2020 TrustWave global security report, over half of the recent global information security incidents involved corporate environments being hacked. Some of these incidents have resulted in billions of losses worldwide annually due to ransomware [1]. Despite the availability of international information security standards, such as ISO 2700x and BS 7799, many small and startup enterprises frequently neglect to maintain and update their information security architecture and policies. ...
Artificial intelligence algorithms and big data analysis methods are commonly employed in network intrusion detection systems. However, challenges such as unbalanced data and unknown network intrusion modes can influence the effectiveness of these methods. Moreover, the information personnel of most enterprises lack specialized knowledge of information security. Thus, a simple and effective model for detecting abnormal behaviors may be more practical for information personnel than attempting to identify network intrusion modes. This study develops a network intrusion detection model by integrating weighted principal component analysis into an exponentially weighted moving average control chart. The proposed method assists information personnel in easily determining whether a network intrusion event has occurred. The effectiveness of the proposed method was validated using simulated examples.
... A ransom is demanded by the attackers from the victims before their data is released. [5] One of the ways to prevent catastrophic situations like these is to execute regular backup operations. [1] Backup strategies are usually measured using Recovery Point Objective (RPO) and Recovery Time Objective (RTO) metrics. ...
... [6] A backup strategy that utilizes a sufficient timedelineated and low RPO capability is preferred to address ransomware attacks. [5] Despite the advantages of the technology, such as the development of highly available storage systems and availability of cloud technologies, which have dramatically reduced recovery times, [7] the disaster recovery techniques still lack a technique to recover complex information systems if a catastrophe strikes. Assuming data recovery efforts begin, another frequently overlooked issue is where to restore the data. ...
... The cloud enables organizations to design flexible and scalable backup recovery plans, allowing them to meet their RTO and RPO targets. [5] In the cloud, users can automate the provisioning of cloud resources, like servers and networks, using a technique called Infrastructure-as-Code (IaC). [8] Mixing the cloud with Infrastructure as Code (IaC) techniques permits the organization to restore not only its data backups but also its underlying virtual machines, database systems, firewalls, and network subnets by defining and representing the infrastructural entities through codes driving the restoration procedure to be fully automated. ...
Data is a crucial asset for organizations in the modern digital age. Successful companies rely on information at every stage of their decision-making process. However, with the increasing importance of data comes a rise in threats to its security and integrity. These threats, such as software or hardware failures, natural disasters, or human errors, can be unplanned. To address these risks, regular backups are essential. While data recovery systems may function as intended, there is another challenge that often goes overlooked: determining where to restore the data. In this study, the researcher proposes combining a cloud data backup strategy like Warm Standby, Backup & Restore, and Pilot Light with infrastructure-as-code (IaC) implementation. This approach aims to reduce the risk of data loss and enable businesses to recover easily in case their main systems go offline due to ransomware attacks. IaC automates the provisioning and managing of infrastructure resources such as servers and networks through code. By leveraging IaC alongside cloud-based backup strategies, organizations can enhance their ability to protect critical data and ensure business continuity in challenging scenarios.
... As a consequence, these SMEs may find it impossible to properly execute complete IS backup system operations on their own; then, they would consider spending money on hiring external manufacturers to provide such professional services. Subsequently, the proper maintenance of the security of enterprise data through IS backup systems would substantially lower the losses suffered by companies in the event of IS incidents [17,18]. However, based on our comprehensive survey, the relevant literature in recent years has always discussed the topic of enterprises establishing an information system, but very few studies have profoundly focused on the issue of a relevant IS backup system for SMEs. ...
Backup system work represents “the last mile” of information security (IS). To avoid data loss or damage, enterprises should execute data backup periodically to ensure the integrity and availability of such data. Additionally, due to the continuous emergence of IS incidents featuring malicious attacks in recent years, major firms in countries around the world have successively reported being under attack by ransomware viruses. In particular, small and medium enterprises (SMEs) became the potential targets of malicious attacks based on their different types of IS awareness and degrees of digitalization; therefore, IS work has become one of the essential topics with special significance for numerous SMEs. To this end, this paper studied the factors influencing SMEs’ adoption of IS backup systems in the hope that the critical decision-making behaviors of SMEs regarding the issue of IS could be learned. Practical suggestions can be made for the marketing schemes adopted by IS manufacturers concerning the planning of IS backup systems. Thus, this study used three methodological stages to address the exciting issue of IS backup systems for SMEs. In the first stage, 11 factors at two hierarchies involving three constructs influencing SMEs’ adoption of IS backup systems were summarized via a literature review. The constructs included financial consideration (FC), the IS incident, and business IS decision making (BISD-M). In the second stage, an expert questionnaire was applied; an advanced hybrid modified Delphi method (MDM) and analytic hierarchy process (AHP) with expert input were constructed to identify the sorting of overall weights based on the 11 factors included in the first stage. Following the empirical conclusions, the top three critical factors were “disaster loss amount”, “enterprise’s downtime”, and “supplier’s contractual requirements”. The conclusions of this study indicated that two factors were included in the FC construct; thus, the FC construct influenced IS the most, and the BISD-M construct took second place. In the final stage, through re-checking three actual cases, the results of this study were verified with specific respect to the FC. In conclusion, to popularize IS backup systems among SMEs and fully implement IS, manufacturers may start from the FC in the hope that the severe impact caused by IS incidents featuring malicious attacks can be slowed down and the losses encountered can be lowered. The empirical results and conclusions of this study can be used for reference by SMEs, and both theoretical and empirical foundations have been provided for further studies in academic circles; the results above also show a significant application contribution of this study.
... Genç et al. (2018) created an access control method based on the understanding that ransomware, when lacking access to genuine randomness, depends on the fake or pseudo-random number generators modern operating systems provide to produce keys for its operations. The suggested technique aims to reduce ransomware attacks by recognizing the false generators of random numbers functions as crucial assets, regulating access to their APIs, and preventing unauthorized applications from using them (Genç et al., 2018 Thomas and Galligher (2018) looked at ransomware in depth, several paradigms for functional backup design, and how well backups protected against ransomware. They went on to say that information security risk assessments should be better and that ransomware should be a particular focus. ...
The past few decades have seen a rise in internet use and digital transformations in organizations. Digital platforms have been fully integrated into daily life activities. Nonetheless, cybercriminals have taken advantage of internet overreliance, by devising different forms of cyberattacks. Ransomware is one of the common types of cyberattacks. In this research, a systematic literature review was conducted to examine different effective strategies for preventing and mitigating ransomware attacks. Twenty-four articles were sourced from databases like PubMed, ScienceDirect, and ACM Digital Library and reviewed. The analysis revealed five key themes; ransomware detection methods, user awareness and training, access and control measures, data backup strategies, and the implementation of security policies. Based on these themes, it was evident that organizations could safeguard their systems and networks from ransomware attacks through measures like using data backup, enforcing access control measures, ensuring employee awareness of security threats, and enforcing robust security policies.
... A successful archiving strategy ensures the following [7,8,9]: ...
When delivering digitalization of educational services, a specific administration plan should be established, designed for maximum access, quick recovery from failure, and lowering the length of time it is unavailable, all while guaranteeing good security performance. It should include responsibilities such as providing dedicated servers for digitizing educational services, increasing security by using encryption and security-compliant network protocols, and database administration. To speed up the digitization of educational services, it is recommended that all databases be placed on a single server that will serve as the publisher, and that separate databases be distributed to three different servers that will act as the subscribers.
... For example, malware and ransomware can lead to intentional data corruption and hardware or software problems (such as improper encryption) that can lead to unintentional data corruption (West, 2018). Backing up data regularly in the cloud and or other storage mediums off-farm is an easy approach to ensure that any issues with the data at farm do not impact the data backups (Thomas and Galligher, 2018). This strategy allows data to be restored from backup copies from an earlier point in time. ...
The growth in the use of Information and Communications Technology (ICT) and Artificial intelligence (AI) has improved the productivity and efficiency of modern agriculture, which is commonly referred to as precision farming. Precision farming solutions are dependent on collecting a large amount of data from farms. Despite the many advantages of precision farming, security threats are a major challenge that is continuously on the rise and can harm various stakeholders in the agricultural system. These security issues may result in security breaches that could lead to unauthorized access to farmers' confidential data, identity theft, reputation loss, financial loss, or disruption to the food supply chain. Security breaches can occur because of an intentional or unintentional actions or incidents. Research suggests that humans play a key role in causing security breaches due to errors or system vulnerabilities. Farming is no different from other sectors. There is a growing need to protect data and IT assets on farms by raising awareness, promoting security best practices and standards, and embedding security practices into the systems. This paper provides recommendations for farmers on how they can mitigate potential security threats in precision farming. These recommendations are categorized into human-centric solutions, technology-based solutions, and physical aspect solutions. The paper also provides recommendations for Agriculture Technology Providers (ATPs) on best practices that can mitigate security risks.
... This tool, which could recover files successfully, is evaluated based on test-traffic records of 18 different families. The work presented in [53] presents a tool to perform evaluations for Ransomware backup systems during securityrisk assessment; this study would make auditors analyze backup systems effectively and improve organizational abilities to detect and recover from Ransomware attacks. ...
In recent years, various platforms have witnessed an unprecedented increase in the number of ransomware attacks targeting hospitals, governments, enterprises, and end-users. The purpose of this is to maliciously encrypt documents and files on infected machines, depriving victims of access to their data, whereupon attackers would seek some sort of a ransom in return for restoring access to the legitimate owners; hence the name. This cybersecurity threat would inherently cause substantial financial losses and time wastage for affected organizations and users. A great deal of research has taken place across academia and around the industry to combat this threat and mitigate its danger. These ongoing endeavors have resulted in several detection and prevention schemas. Nonetheless, these approaches do not cover all possible risks of losing data. In this paper, we address this facet and provide an efficient solution that would ensure an efficient recovery of XML documents from ransomware attacks. This paper proposes a self-healing version-aware ransomware recovery (SH-VARR) framework for XML documents. The proposed framework is based on the novel idea of using the link concept to maintain file versions in a distributed manner while applying access-control mechanisms to protect these versions from being encrypted or deleted. The proposed SH-VARR framework is experimentally evaluated in terms of storage overhead, time requirement, CPU utilization, and memory usage. Results show that the snapshot size increases proportionately with the original size; the time required is less than 120 ms for files that are less than 1 MB in size; and the highest CPU utilization occurs when using the bzip2. Moreover, when the zip and gzip are used, the memory usage is almost fixed (around 6.8 KBs). In contrast, it increases to around 28 KBs when the bzip2 is used.
... After their terms are met and payments have been made the ransomware establishes the connection to the C&C and the decryption key is sent and the data files are decrypted. Furthermore, the ransomware intelligently tries to eradicate itself from the system well enough to make sure when computer security professional look at the systems from a forensic standpoint they do not see any trace or evidence in the system that links to the ransomware [13]. ...
... As previously mentioned, one of the ransomware's setup behaviors is environment mapping. If the analysis is carried out on a virtual machine, which saves money and resources, the ransomware may notice and stop displaying all of its behaviors [13]. ...
As the number of people who utilize technology grows, so does the risk of cyber-attacks. This article expresses a survey of the techniques, policies, and infrastructure to combat ransomware attacks. Ransomware is a type of malware that targets a device and its data or files and locks them until the victim pays a fee or a ransom. This research is done by reviewing relevant articles and methodologies to recommend possible countermeasures for ransomware attacks in today's dynamic cyberspace. This article covers the history and types of ransomware attacks, countermeasures, example cases of ransomware attacks, as well as the technical details involved in a ransomware attack. Furthermore, the article highlights the impact of ransomware attacks on its victims.
... This is a major reason why determining what contributes to information insecurity has proven to be complex in nature because such activities required to handle threats to the organizations' data: confidentiality, integrity, and availability are also complex (Fenz, et al., 2014). Findings identified identity theft as the signature crime of the Information Technology age (Thomas, & Galligher, 2018;Zaeem, et al., 2017), with malicious programs, as one of the most preferred and effective vectors by phishers (Farina, K. (2015;Zaeem, et al., 2017). According to Nagunwa (2014), phishing provides a good platform for identity theft. ...
... Malware, empowered through spear-phishing techniques (Hille, et al., 2015), are being used by hackers to enable other malware, spy and stealing of identity information of their host users' data and possibly reconfigure and deny users access to the operating system (OS) or to some applications (Govindaraj, et al., 2018). It is therefore important that more research and information be engaged to help combat spearphishing attacks and the resultant negative consequences such as ransomware and identity theft (Thomas, & Galligher, 2018). As stated by Thomas and Galligher (2018), one method to help combat identity theft that merits exploration is empowering users with preventive and countermeasure strategies to resist spear phishing attacks. ...
... It is therefore important that more research and information be engaged to help combat spearphishing attacks and the resultant negative consequences such as ransomware and identity theft (Thomas, & Galligher, 2018). As stated by Thomas and Galligher (2018), one method to help combat identity theft that merits exploration is empowering users with preventive and countermeasure strategies to resist spear phishing attacks. Spear phishing is one of the highest challenges faced by IT departments in combatting identity theft (Goel, et al., 2017). ...
The growing and ubiquitous reliance of technological innovations for electronic file-sharing networks across all business transactions over the internet has increased the magnitude of identity theft. In Nigeria, this is more pronounced by lack of agile learning processes, poor knowledge sharing practices, and high illiteracy rate of 40.33% for adults aged 15 years and older. A positive relationship exists between high internet access, poor knowledge sharing practices, illiteracy, and increased identity theft. Knowledge sharing practices and technology awareness strategies required for identity theft prevention in Nigeria are still largely undeveloped, outdated, and non-sustainable despite the huge cyber-security innovations. This study highlights the gaps created by high illiteracy rate, poor knowledge sharing practices, and identity theft prevention awareness, in curbing identity theft, and strategies to close them. A narrative review methodology was adopted in this study that reviewed prior research works of literature that revealed significant information on identity theft prevention in Nigeria. Also, peer-reviewed articles within the last five years were extracted from electronic databases, using some keywords such as "Identity theft", "Identity theft prevention", "consequences of identity theft", etc. Results show that identity theft in Nigeria can be prevented through improved literacy level, agile learning processes, good knowledge sharing practices, and excellent adherence to cyber-security policies. Findings from this study may extend proper knowledge sharing practices and proper identity theft prevention strategies in Nigeria.
... Thomas and Galligher [62] conducted a literature review of the ransomware process, functional backup architecture paradigms, and the ability of backups to address ransomware attacks. They also provided suggestions to improve the information security risk assessments to better address ransomware threats, and presented a new tool for conducting backup system evaluations during information security risk assessments that enables auditors to effectively analyze backup systems and improve and organizations ability to combat and recover from a ransomware attack. ...
The COVID-19 pandemic has witnessed a huge surge in the number of ransomware attacks. Different institutions such as healthcare, financial, and government have been targeted. There can be numerous reasons for such a sudden rise in attacks, but it appears working remotely in home-based environments (which is less secure compared to traditional institutional networks) could be one of the reasons. Cybercriminals are constantly exploring different approaches like social engineering attacks, such as phishing attacks, to spread ransomware. Hence, in this paper, we explored recent advances in ransomware prevention and detection and highlighted future research challenges and directions. We also carried out an analysis of a few popular ransomware samples and developed our own experimental ransomware, AESthetic, that was able to evade detection against eight popular antivirus programs.