1

Ransomware

Student

University

Course

Professor

Date
 2

Abstract

Malware is any harmful and destructive file or program that infects the computer system. The

programs are developed by cybercriminals and displayed in many forms like ads, executable

files, and genuine-like applications. Once the system user installs or clicks the harmful file or

program, their systems start misbehaving, or even the system gets locked, denying the user

access. Common malware types include ransomware, worms, viruses, bots, spyware, trojan

horses, and adware. Computer users install firewall security in their computers for malware

protection. Ransomware is malware that attacks vectors using trojan malware. Cybercriminals

demand money from the victims to allow access to their infected computer systems. The

computer user victims choose to either pay the money, remove the malware, or restart the device.

The two popular ransomware are locker ransomware and crypto-ransomware. Locker

ransomware blocks the computer's essential functions, denying the user access to the desktop.

Crypto ransomware encrypts critical users' data without interfering with normal computer

functions. The user has to prevent attacks by installing security software with high sophistication

before they face cyberattacks. The user should avoid clicking and installing files from unknown

and untrusted sources. The trends used by ransomware attackers are currently fileless, different

from the traditional file-based malware.

Key Words: Ransomware, Malware, cyberattacks, and computer systems.

 3

Ransomware

Introduction

Malware is the short form for malicious software. It is intrusive software in the form of a

file or code developed and delivered over a network. It infects, explores, steals, and conducts

destructive activities virtually on computers, phones, and computer systems (Alhayani, 2019).

Cybercriminals develop malware to hack and steal data and destroy phones and computers.

Types of Malware

Common malware is worms, viruses, spyware, trojan horses, ransomware, and adware.

Worms are malware spread through phishing attacks and software weaknesses. They come in

treacherous forms and install themselves in the memory into users' devices (Kumar et al., 2019).

They infest the computer system and the network. Worms damage devices by; modifying and

deleting files, installing malicious software on computers, stealing and sharing data, installing a

weak point for hackers, and replicating themselves repeatedly to deplete system resources. They

can infect different devices using the same network when they extend to the network.

Viruses require an infected working program or operating system to perform their

attacks. They usually attach to a word document or an executable file. They often navigate

through infected websites, email attachment downloads, and file sharing. The virus waits until

the affected program or file is activated. The virus can now duplicate itself and circulate through

the system (Plucar et al., 2021). It hijacks software applications and uses them to send infected

files to the contact list. People in the contact list might become vulnerable to the sent files and

install them on their devices, leading to more damage.

Trojan horses is a program with malicious intents that appears as a legitimate file. They

take the forms of trusted applications for users to download (Jimada et al., 2021). They are a
 4

weak point for hackers and need a host to function for hackers to access the device. The hackers

enter the machine, capture, modify and delete data, access the network, and harvest the device.

Ransomware denies access to a user's files. It then claims payment to let the user in. In

2017, an attack spread across many countries, compromising thousands of computers in one day.

The 'WannaCry' attack caused billion-dollar damage. It affected Microsoft operating systems

with no latest patch installed for a known vulnerability (Hassan, 2019). To prevent ransomware

attacks, keep the system's antivirus software updated, keep the operating system updated, back

up the essential files, and not view attachments from unidentified sources. Adware is the best-

known type of malware that pops up and displays advertisements that are not relevant. Some

users that need to use free software like games are the most affected. They annoy and slow down

the computer and can link unsuspecting users to sites with harmful downloads. The adware may

also transport spyware and is hacked easily to make the host devices an easy target used by

hackers, scammers, and phishers.

Spyware is a familiar threat distributed as shareware or freeware with an appealing role

on the front-end and a secret mission unnoticed in the background. It secretly records a user's

online activity, harvests data, and collects personal passwords, usernames, and surfing habits. It

carries out credit card fraud and identity theft (Ioanid et al., 2017). The spyware transfers the

user's data to cybercriminals and advertisers. Some of them even install malware that changes the

system's settings. Phishing is a typical social cyberattack that uses emails, messages, and

weblinks that look like from trusted sources. Cybercriminals send them to access financial and

personal information (Alhayani et al., 2021). They access the contact list, and their messages

may appear trustable. Others appear as spam messages and emails that are easily recognized as

spam.
 5

Ransomware Types and History

Ransomware is a class of malware developed by cybercriminals to attack vectors used by

Trojan malware. It includes the remote desktop protocol, vulnerable software, and phishing

emails. The attacks can affect companies and individuals by blocking access to their systems or

encrypting data (Jimada et al., 2021). Cybercriminals demand money to allow access to the

systems and data. Victims of the attack have to either pay the ransom money, restart the device,

or remove the malware.

There are two popular types of ransomware; locker ransomware and crypto-ransomware.

The locker ransomware is malware that blocks the computer's essential functions, like denying

desktop access while the keyboard and the mouse are partially disabled (Sharma et al., 2020).

This allows interaction with the demand window to pay the ransom while the computer remains

inoperative. The main aim is to lock the user out, and therefore there is no destruction of data.

Crypto ransomware aims to encrypt critical user's data but not interfere with the computer's

essential functions. The criminals add fear to the affected users and add a countdown to the

demand (Kok et al., 2019). Because of ignorance of cloud storage or physical backups, crypto-

ransomware can significantly impact numerous victims paying the money to recover the files.

Ransomware Attacks and How they Happen

Ransomware attacks are projected by cybercriminals and ask for money (Herrera et al.,

2019). Some critical attacks ask for more money if the criminal has information that the files

they blocked have a substantial financial effect on the victim company (Ali, 2017). Hackers earn

large amounts of money through ransom attacks. Forensic experts eventually restore data, but

after a bit of damage has occurred with a compromise of data. Ransomware as a Service grants
 6

attackers with fewer abilities a chance to strike. The malware is available to customers, leading

to reduced risks and improved profits to the software programmers.

How Ransomware is Installed in Computers

Ransomware attacks appear in different forms. The attack vector becomes an essential

determinant for the forms of ransomware employed (Sajjan et al., 2017). Once the user clicks or

installs malicious files, their computer system or web server starts to misbehave. To evaluate the

extent and size of the intrusion, it is always important to examine what data is vulnerable to be

published or deleted. It is crucial to back up data safely and install trusted security software to

reduce the attack effects.

Prevention of Ransomware

When a user notices some unfamiliar activities on their computer, it is an indication that

malware may be on the device. These signs are as follows; blue screen of death, inadequate

storage even when not full, slow crashing computer, applications opening and closing

themselves, increased pop-ups, and messages and emails sent without prompt (Richardson et al.,

2017). Attackers use many strategies to compromise networks, and systems and therefore,

security software patterns need to be applied like user awareness to eliminate attack threats.

Ways to Protect Computers

Users need to install advanced security software and keep their computer operating

system up-to-date. Users should be careful not to click links or install applications from

unknown sources (Ali, 2017). The system firewall will warn the user when they are about to

install applications outside their application store and recommend careful consideration before

trusting executable files. To prevent ransomware attacks, keep the system's operating system and

antivirus software up-to-date, back up the essential files, and do not open attachments from
 7

unidentified sources. It is necessary to protect the system with multiple security layers and

quality network intelligence to monitor and detect malware.

Things To Do After a Ransomware Attack

The user needs to uninstall any application with malicious signs like slowing down the

computer and showing many suspicious pop-ups. The user needs to restart the device after

removing the malware (Zhang-Kennedy et al., 2018). The user needs to clear the web cache

when they notice website pages opening by themselves.

Trends on Ransomware and Examples of Recent Attacks

After improving cybersecurity countermeasures on the users' side, the threat developers

have also moved from traditional file-based means to sophisticated fileless malware. Fileless

malware does not use traditional executables to carry out its operations (Patten, 2017). Some

well-known examples of ransomware attacks are WannaCry, which spread over one hundred and

fifty countries in 2017 (Ioanid, 2017). It was developed to take advantage of a security hitch in

Windows and conducted by the Shadow Brokers. The second example is Locky, a malicious

attack in 2016 led by organized hackers. It encrypted one hundred and sixty file types and was

distributed through fraudulent emails with virulent attachments. Many users became victims and

installed ransomware on their computers (O'Kane et al., 2018).

Bad Rabbit, a ransomware attack that happened in 2017, spread through drive-by attacks.

The attack used insecure websites where a user could visit a genuine website, unaware of the

compromise by hackers. Petya is a malicious attack that happened in 2016 and reappeared in

2017 as GoldenEye. The ransomware encrypted the user's entire hard disk instead of specific

files. This made the hard disk files inaccessible. GandCrab, undesirable ransomware that

happened in 2018 threatened to publish the online porn habits of the victims. The claims were of
 8

hacking the webcam of the victims and later demanding ransom. Police officers plus security

providers designed malware decryption software to help recover data from GandCrab.

B0r0nt0k is crypto-ransomware that specifically focuses on Linux and Windows servers.

The malicious ransomware encrypts files on the server and attaches a '.rontok' file extension. It is

a threat to computer files, making startup changes, disabling applications and functions, and

adding registry entries, files, plus programs. Dharma Brrr is new ransomware manually installed

to hack into the desktop utilities with internet connections. The ransomware encrypts present

files once the hacker activates (O'Kane et al., 2018). The encrypted data has the file extension

‘id-[id].[email].brrr’. Fair Ransomware is another malware that aims at data encryption. All

user's private files and documents are encrypted using a robust algorithm. The files assume the

extension '.FAIR RANSOMWARE'.

Conclusion

In conclusion, users have to be careful with the security of their computer systems

because once the attacks happen, they cause a tremendous amount of losses and compromise of

data. Users must keep their systems up-to-date, avoid unnecessary clicks to unknown files or

programs, and install highly sophisticated security software.

 9

References

Alhayani, B., Abbas, S. T., Khutar, D. Z., & Mohammed, H. J. (2021). Best ways computation

intelligent of face cyber attacks. Materials Today: Proceedings.

Ali, A. (2017). Ransomware: A research and a personal case study of dealing with this nasty

malware. Issues in Informing Science and Information Technology, 14, 087-099.

Hassan, N. A. (2019). Ransomware revealed: a beginner's guide to protecting and recovering

from ransomware attacks. Apress.

Herrera Silva, J. A., Barona López, L. I., Valdivieso Caraguay, Á. L., & Hernández-Álvarez, M.

(2019). A survey on situational awareness of ransomware attacks—detection and

prevention parameters. Remote Sensing, 11(10), 1168.

Ioanid, A., Scarlat, C., & Militaru, G. (2017, September). The effect of cybercrime on Romanian

SMEs in the context of WannaCry ransomware attacks. In European Conference on

Innovation and Entrepreneurship (pp. 307-313). Academic Conferences International

Limited.

Jimada, S., Nguyen, T. D. L., Sanda, J., & Vududala, S. K. (2021). Analysis of Ransomware,

Methodologies Used by Attackers and Mitigation Techniques. In Research in Intelligent

and Computing in Engineering (pp. 379-387). Springer, Singapore.

Kok, S. H., Abdullah, A., Jhanjhi, N. Z., & Supramaniam, M. (2019). Prevention of crypto-

ransomware using a pre-encryption detection algorithm. Computers, 8(4), 79.

Kumar, N., Mukhopadhyay, S., Gupta, M., Handa, A., & Shukla, S. K. (2019, August). Malware

classification using early-stage behavioral analysis. In 2019 14th Asia Joint Conference

on Information Security (AsiaJCIS) (pp. 16-23). IEEE.

 10

O'Kane, P., Sezer, S., & Carlin, D. (2018). Evolution of ransomware. IET Networks, 7(5), 321-

327.

Patten, D. (2017). The evolution of fileless malware. Retrieved from.

Plucar, J., Frank, J., Walter, D., & Zelinka, I. (2021, June). Intelligent Malware-Trends and

Possibilities. In MENDEL (Vol. 27, No. 1, pp. 18-22).

Richardson, R., & North, M. M. (2017). Ransomware: Evolution, mitigation, and

prevention. International Management Review, 13(1), 10.

Sajjan, R. S., & Ghorpade, V. R. (2017, March). Ransomware attacks: Radical menace for cloud

computing. In 2017 International Conference on Wireless Communications, Signal

Processing and Networking (WiSPNET) (pp. 1640-1646). IEEE.

Sharma, S., Kumar, R., & Krishna, C. R. (2020, April). Ransomanalysis: The evolution and

investigation of android ransomware. In Proceedings of International Conference on IoT

Inclusive Life (pp. 33-41). Springer.

Zhang-Kennedy, L., Assal, H., Rocheleau, J., Mohamed, R., Baig, K., & Chiasson, S. (2018).

The aftermath of a crypto-ransomware attack at a large academic institution. In 27th

{USENIX} Security Symposium ({USENIX} Security 18) (pp. 1061-1078).