Professional Documents
Culture Documents
Ransomware
Ransomware
Ransomware
Student
University
Course
Professor
Date
2
Abstract
Malware is any harmful and destructive file or program that infects the computer system. The
programs are developed by cybercriminals and displayed in many forms like ads, executable
files, and genuine-like applications. Once the system user installs or clicks the harmful file or
program, their systems start misbehaving, or even the system gets locked, denying the user
access. Common malware types include ransomware, worms, viruses, bots, spyware, trojan
horses, and adware. Computer users install firewall security in their computers for malware
protection. Ransomware is malware that attacks vectors using trojan malware. Cybercriminals
demand money from the victims to allow access to their infected computer systems. The
computer user victims choose to either pay the money, remove the malware, or restart the device.
The two popular ransomware are locker ransomware and crypto-ransomware. Locker
ransomware blocks the computer's essential functions, denying the user access to the desktop.
Crypto ransomware encrypts critical users' data without interfering with normal computer
functions. The user has to prevent attacks by installing security software with high sophistication
before they face cyberattacks. The user should avoid clicking and installing files from unknown
and untrusted sources. The trends used by ransomware attackers are currently fileless, different
Ransomware
Introduction
Malware is the short form for malicious software. It is intrusive software in the form of a
file or code developed and delivered over a network. It infects, explores, steals, and conducts
destructive activities virtually on computers, phones, and computer systems (Alhayani, 2019).
Cybercriminals develop malware to hack and steal data and destroy phones and computers.
Types of Malware
Common malware is worms, viruses, spyware, trojan horses, ransomware, and adware.
Worms are malware spread through phishing attacks and software weaknesses. They come in
treacherous forms and install themselves in the memory into users' devices (Kumar et al., 2019).
They infest the computer system and the network. Worms damage devices by; modifying and
deleting files, installing malicious software on computers, stealing and sharing data, installing a
weak point for hackers, and replicating themselves repeatedly to deplete system resources. They
can infect different devices using the same network when they extend to the network.
attacks. They usually attach to a word document or an executable file. They often navigate
through infected websites, email attachment downloads, and file sharing. The virus waits until
the affected program or file is activated. The virus can now duplicate itself and circulate through
the system (Plucar et al., 2021). It hijacks software applications and uses them to send infected
files to the contact list. People in the contact list might become vulnerable to the sent files and
Trojan horses is a program with malicious intents that appears as a legitimate file. They
take the forms of trusted applications for users to download (Jimada et al., 2021). They are a
4
weak point for hackers and need a host to function for hackers to access the device. The hackers
enter the machine, capture, modify and delete data, access the network, and harvest the device.
Ransomware denies access to a user's files. It then claims payment to let the user in. In
2017, an attack spread across many countries, compromising thousands of computers in one day.
The 'WannaCry' attack caused billion-dollar damage. It affected Microsoft operating systems
with no latest patch installed for a known vulnerability (Hassan, 2019). To prevent ransomware
attacks, keep the system's antivirus software updated, keep the operating system updated, back
up the essential files, and not view attachments from unidentified sources. Adware is the best-
known type of malware that pops up and displays advertisements that are not relevant. Some
users that need to use free software like games are the most affected. They annoy and slow down
the computer and can link unsuspecting users to sites with harmful downloads. The adware may
also transport spyware and is hacked easily to make the host devices an easy target used by
on the front-end and a secret mission unnoticed in the background. It secretly records a user's
online activity, harvests data, and collects personal passwords, usernames, and surfing habits. It
carries out credit card fraud and identity theft (Ioanid et al., 2017). The spyware transfers the
user's data to cybercriminals and advertisers. Some of them even install malware that changes the
system's settings. Phishing is a typical social cyberattack that uses emails, messages, and
weblinks that look like from trusted sources. Cybercriminals send them to access financial and
personal information (Alhayani et al., 2021). They access the contact list, and their messages
may appear trustable. Others appear as spam messages and emails that are easily recognized as
spam.
5
Trojan malware. It includes the remote desktop protocol, vulnerable software, and phishing
emails. The attacks can affect companies and individuals by blocking access to their systems or
encrypting data (Jimada et al., 2021). Cybercriminals demand money to allow access to the
systems and data. Victims of the attack have to either pay the ransom money, restart the device,
There are two popular types of ransomware; locker ransomware and crypto-ransomware.
The locker ransomware is malware that blocks the computer's essential functions, like denying
desktop access while the keyboard and the mouse are partially disabled (Sharma et al., 2020).
This allows interaction with the demand window to pay the ransom while the computer remains
inoperative. The main aim is to lock the user out, and therefore there is no destruction of data.
Crypto ransomware aims to encrypt critical user's data but not interfere with the computer's
essential functions. The criminals add fear to the affected users and add a countdown to the
demand (Kok et al., 2019). Because of ignorance of cloud storage or physical backups, crypto-
ransomware can significantly impact numerous victims paying the money to recover the files.
Ransomware attacks are projected by cybercriminals and ask for money (Herrera et al.,
2019). Some critical attacks ask for more money if the criminal has information that the files
they blocked have a substantial financial effect on the victim company (Ali, 2017). Hackers earn
large amounts of money through ransom attacks. Forensic experts eventually restore data, but
after a bit of damage has occurred with a compromise of data. Ransomware as a Service grants
6
attackers with fewer abilities a chance to strike. The malware is available to customers, leading
determinant for the forms of ransomware employed (Sajjan et al., 2017). Once the user clicks or
installs malicious files, their computer system or web server starts to misbehave. To evaluate the
extent and size of the intrusion, it is always important to examine what data is vulnerable to be
published or deleted. It is crucial to back up data safely and install trusted security software to
Prevention of Ransomware
When a user notices some unfamiliar activities on their computer, it is an indication that
malware may be on the device. These signs are as follows; blue screen of death, inadequate
storage even when not full, slow crashing computer, applications opening and closing
themselves, increased pop-ups, and messages and emails sent without prompt (Richardson et al.,
2017). Attackers use many strategies to compromise networks, and systems and therefore,
security software patterns need to be applied like user awareness to eliminate attack threats.
Users need to install advanced security software and keep their computer operating
system up-to-date. Users should be careful not to click links or install applications from
unknown sources (Ali, 2017). The system firewall will warn the user when they are about to
install applications outside their application store and recommend careful consideration before
trusting executable files. To prevent ransomware attacks, keep the system's operating system and
antivirus software up-to-date, back up the essential files, and do not open attachments from
7
unidentified sources. It is necessary to protect the system with multiple security layers and
The user needs to uninstall any application with malicious signs like slowing down the
computer and showing many suspicious pop-ups. The user needs to restart the device after
removing the malware (Zhang-Kennedy et al., 2018). The user needs to clear the web cache
After improving cybersecurity countermeasures on the users' side, the threat developers
have also moved from traditional file-based means to sophisticated fileless malware. Fileless
malware does not use traditional executables to carry out its operations (Patten, 2017). Some
well-known examples of ransomware attacks are WannaCry, which spread over one hundred and
fifty countries in 2017 (Ioanid, 2017). It was developed to take advantage of a security hitch in
Windows and conducted by the Shadow Brokers. The second example is Locky, a malicious
attack in 2016 led by organized hackers. It encrypted one hundred and sixty file types and was
distributed through fraudulent emails with virulent attachments. Many users became victims and
Bad Rabbit, a ransomware attack that happened in 2017, spread through drive-by attacks.
The attack used insecure websites where a user could visit a genuine website, unaware of the
compromise by hackers. Petya is a malicious attack that happened in 2016 and reappeared in
2017 as GoldenEye. The ransomware encrypted the user's entire hard disk instead of specific
files. This made the hard disk files inaccessible. GandCrab, undesirable ransomware that
happened in 2018 threatened to publish the online porn habits of the victims. The claims were of
8
hacking the webcam of the victims and later demanding ransom. Police officers plus security
providers designed malware decryption software to help recover data from GandCrab.
The malicious ransomware encrypts files on the server and attaches a '.rontok' file extension. It is
a threat to computer files, making startup changes, disabling applications and functions, and
adding registry entries, files, plus programs. Dharma Brrr is new ransomware manually installed
to hack into the desktop utilities with internet connections. The ransomware encrypts present
files once the hacker activates (O'Kane et al., 2018). The encrypted data has the file extension
‘id-[id].[email].brrr’. Fair Ransomware is another malware that aims at data encryption. All
user's private files and documents are encrypted using a robust algorithm. The files assume the
Conclusion
In conclusion, users have to be careful with the security of their computer systems
because once the attacks happen, they cause a tremendous amount of losses and compromise of
data. Users must keep their systems up-to-date, avoid unnecessary clicks to unknown files or
References
Alhayani, B., Abbas, S. T., Khutar, D. Z., & Mohammed, H. J. (2021). Best ways computation
Ali, A. (2017). Ransomware: A research and a personal case study of dealing with this nasty
Herrera Silva, J. A., Barona López, L. I., Valdivieso Caraguay, Á. L., & Hernández-Álvarez, M.
Ioanid, A., Scarlat, C., & Militaru, G. (2017, September). The effect of cybercrime on Romanian
Limited.
Jimada, S., Nguyen, T. D. L., Sanda, J., & Vududala, S. K. (2021). Analysis of Ransomware,
Kok, S. H., Abdullah, A., Jhanjhi, N. Z., & Supramaniam, M. (2019). Prevention of crypto-
Kumar, N., Mukhopadhyay, S., Gupta, M., Handa, A., & Shukla, S. K. (2019, August). Malware
classification using early-stage behavioral analysis. In 2019 14th Asia Joint Conference
O'Kane, P., Sezer, S., & Carlin, D. (2018). Evolution of ransomware. IET Networks, 7(5), 321-
327.
Plucar, J., Frank, J., Walter, D., & Zelinka, I. (2021, June). Intelligent Malware-Trends and
Sajjan, R. S., & Ghorpade, V. R. (2017, March). Ransomware attacks: Radical menace for cloud
Sharma, S., Kumar, R., & Krishna, C. R. (2020, April). Ransomanalysis: The evolution and
Zhang-Kennedy, L., Assal, H., Rocheleau, J., Mohamed, R., Baig, K., & Chiasson, S. (2018).