POLYTECHNIC SULTAN MIZAN ZAINAL ABIDIN

DEPARTMENT OF INFORMATION AND COMMUNICATION TECHNOLOGY

DFP40263
SECURE MOBILE COMPUTING

TOPIC CHAPTER 3&4

ASSESMENT CASE STUDY
1) AHMAD YUSUF FARHAN BIN AWANG
NAME 2) MUHAMAD SYAFIQ IKRAM BIN MOHAMAD TARMIZI
3) MUHAMMAD HIDAYAT BIN AB AZIZ

1) 13DDT20F2008
REG NO 2) 13DDT20F2056
3) 13DDT20F2036

PROGRAMME DDT4 S1

INSTRUCTIONS:
1. Answer ALL the questions
2. Submit the assessment on

MARKING SCHEME
CLO 3 PLO 8
/30
TOTAL

THE ENTIRE QUESTION IS BASED ON JTMK’S QUESTION BANK APPROVED BY PROGRAMME

LEADER. SIGNATURE IS NOT REQUIRED.

DEPARTMENT OF INFORMATION & COMMUNICATION

TECHNOLOGY
 CASE STUDY | SESSION I 2022/2023

COURSE CODE: DFP40263 COURSE NAME: SECURE MOBILE COMPUTING

NAME & REGISTRATION NO:

1. AHMAD YUSUF FARHAN BIN AWANG (13DDT20F2008)

2. MUHAMMAD HIDAYAT BIN AB AZIZ (13DDT20F2036)

3. MUHAMAD SYAFIQ IKRAM BIN MOHAMAD TARMIZI (13DDT20F2056)

CLO 3: Demonstrate best practices in developing mobile security computing in context of

social environment (A3, PLO8)

Instructions:

Security Testing and Evaluation of Ransomware

A particularly insidious type of malware is ransomware, which is secretly installed on your

windows systems and locks the system down. That lockdown is inevitably accompanied by a
message demanding payment if the systems owner ever wants to access the files again.
Unless you are very lucky (or the hacker spectacularly incompetent), everything important on
your hard drive will be effectively lost to you, unless you pay up. Examples of ransomware are
Locky, WannaCry, Bad Rabbit, Ryuk, Troldesh, Jigsaw, CryptoLocker, Petya, GoldenEye and
GandCrab.

You are provided three (3) articles as follows:

1. A Study of Ransomware Attacks: Evolution and Prevention (2019);
2. Ransomware Attacks Critical Analysis, Threats, and Prevention methods (2019);
3. Ransomware Evolution, Target and Safety Measures (2018).

Perform a group consisting of 3 members. You are required to do a case study on how to
identify the ransomware attack, types of ransomware and how to mitigate ransomware attack.
Prepare your group’s presentation slide and present your findings. Each of team member is
required to show the leadership and team work skills.

2
 TABLE OF CONTENT

NO TITLE PAGE
1 INTRODUCTION AND IDENTIFICATION OF MAIN 4
ISSUES
2 ANALYSIS AND EVALUATION OF ISSUES 5-7
3 RECOMMENDATIONS ON EFFECTIVE 8
4 CONCLUSION 9

3
INTRODUCTION

Ransomware is a very dangerous threat. To overcome the threat of Ransomware is not an easy matter.
Ransomware can be considered as a serious threat when it comes to protection of information assets.
The main targets are internet users. Ransomware hijacks user files, causes difficulties and then requests
some funds through extortion for decryption purposes Ransomware can be categorized as malware
which can affect the vulnerability of the user's system, allowing the system to be accessible individually
and eventually encrypts all the files that have been targeted.

The world was initially unprepared to deal with the attacks as it was difficult for to become widespread
then due to personal computers usage factor and the Internet was still in its infancy. In addition,
encryption technology was still limited . Ransomware creators and distributors are aware that they could
earn a much higher ransom when the main targets are companies and organizations rather than
individual users . They achieve the goal of gaining more profits through computers at police
departments, city halls, schools. Things become more critical when hospitals are also targeted .

4
ANALYSIS AND EVALUATION OF ISSUES

Types of Ransomware

There are a lot of Ransomware know days that danger for our system because it can attack without in
silent. Ransomware is known as the most popular Cybercrime in the world. Ransomware is kind of
category from malware that spreads like a worm and inhibits or limits users from accessing their system
either by locking the systems screen or encrypting and locking users' files unless after ransom is paid .
There are some types of ransomware that can be categorized in basic type which is Crypto Ransomware,
Locker Ransomware and Hybrid Ransomware. The first type of ransomware is Crypto Ransomware.
This ransomware deals with complex algorithm and it blocks users from accessing specific files. Users
need to pay ransom by using bitcoins in order to decrypt the data. There is also another encrypting
ransomware called WannaCry Ransomware that force user to pay via online banking method . Other
type of ransomware is . The attack begin when user surfing the internet such as watching movies. The
ransomware then displays a malicious message in user computer. The third type and the most
aggressive ransomware is Hybrid ransomware. This ransomware is the most aggressive ransomware as it
uses all possible means to maximize profits. Hybrid ransomware that attacks and causes encryption and
locks mechanisms, is more dangerous because it will cause data and device functionality to be
compromised.

5
Ransomware Phases

There are a phases when Ransomware start to attack which is they will attack when the attacker
download malicious software which prevents users from accessing computer system until ransom is
paid. Their most target is business and industries because they sure that the company have a lot of
money .There are five phases of ransomware attack. The first ransomware phase is exploitation. In the
first phase, files that contain ransomware are usually deleted from computer. This exploitation is
executed through exploit kit and phishing email. The second ransomware phase is delivery and
execution. This is the phase where the ransomware executing files arrive in the computer systems of the
victims and start the attacking process. This phase only takes a couple of minutes to complete. This
process will encrypt key servers in order to retrieve the loss data. Third ransomware phase is damaging
of backup files. The ransomware will search for important files in the system such as JPG, Doc, and
PDF. The fourth ransomware phase is encrypting of files. Criminals will move and rename the target
files. After that, they will encrypt and rename the files after a successful encryption . When the backup
files cannot be opened by users, criminals will perform secure key exchange. This key will give
command to users and control the server. The last ransomware phase is notifying users and demanding
for money. Criminals will notify users about the payment the latter have to make after the ransomware
has deleted the backup files. The demand for payment will be prompted with the payment instructions to
clear the ransomware. After locking the files or system, criminals will demand for payment which is
usually high. Usually, the ransom value to unlock the infected files will be raised if the payment is not
made within the stipulated time.

6
How to identify the ransomware attack

Ransomware uses different channels to attack its victims or businesses. The common attack methods are
exploit kit, malicious email attachments and malicious email links. When victims visit a website, exploit
kits are executed and malicious codes are activated in the system. Thus, victims will get a spam email
and a notification that their computer has been locked. Malicious email attachments can occur when a
recipient opens an attachment thinking the email is sent from a trusted source. Victims will open the
files and unknowingly download the ransomware. Then the system will be infected and the files inside
the system will be held. After victims clicked the URL, malicious files will be downloaded from the
web. Then, criminals will send ransom notification after holding back the files. Thus, ransomware attack
can be transmitted via emails, software, download activity and exploit kit. Phishing is one of the most
popular and common methods to deliver malware to victims' machines. Criminals or attackers will
design a legitimate email and send them to victims. This attack if successful is considered as a huge
achievement to criminals because malware is delivered via spear phishing that enables criminals to
gather various information about individuals or companies. Criminals always look for vulnerability in
software or network. This is because they want to find out weaknesses in the software that will provide
opportunities for them to exploit and gain full access for the whole network.

7
RECOMMENDATIONS ON EFFECTIVE

How to mitigate ransomware attack

The most common way to spread ransomware is through phishing attacks. The owner must be careful by
avoiding from clicking on undisclosed and suspicious links or opening attachments in spam emails
Using ad blockers, turning off Java and Java Script will help data owners to avoid Those malicious
advertisements. Operating systems and security software must also be kept up to date from time to Time.
This measure is essential in order to ensure the system is secured by the latest security updates and
ensure the Safety of network in an organization. The updated system and latest security software will
help to minimize the risk of Ransomware infections Computer system must be kept unconnected to the
network as soon as possible in order to prevent spread of ransomware infections to the whole systems in
organizations. The suspected infected systems must be checked and repaired by authorized personnel
before they can be connected to the network and restart their normal operation. Ransomware tools
available in the market to handle and mitigate the risk of ransomware Attacks on personal computers or
an organizations’ network system. The first one is Trend Micro Lock Screen Ransomware Tools. It is
designed to track and subsequently remove lock-screen ransomware. This ransomware is a Type of
malware that obstructs users from operating on their computer or network systems. Similar to modus
operandi. Other common ransomware , users are forced to pay certain amount of money in order to get
access to their files again. The software operates in two situations; the first one is when computers’
normal mode is blocked even though they can Still access those files in safe mode. The second one is
when lock screen ransomware blocks both normal and safe Mode. In this situation, the tools will clean
and remove the infected files followed by a reboot. The second anti-Ransomware is Avast Anti-
Ransomware Tools which is designed to detect and fight against malware and ransomware Threats. Not
all ransomware threats are similar and work in the same way. Avast descriptors are free of charge and
detect Viruses at the same time. It provides a decryption wizard and ask users for two copies of files.
The files are then Separated into two; which are with password and without password protection. Bit
Defender Anti- Ransomware Tools is also considered as an important tool to provide a full protection
against attacks Once the software has been loaded to a computer, it will detect any infection as it starts
and stops the ransomware before it spreads to other files in the computer. The splash screen in the
software is clean and infected section will stop executable from running to certain locations and turn on
protection from boot. The software does not act to replace any existing anti- virus software, but instead
work together with it. The last one is Kaspersky Anti- Ransomware Tools. It has been designed for small
and medium size enterprises (SME). It comes with tools that can prevent ransomware from attacking
computers and frosting the entire system network. The tools operate and monitor network activities
regularly by detecting any suspicious behavior and patterns. The tools are also suitable for businesses as
they are free of charge for commercial uses and simple to operate and provide a good level of protection
to the network system.

8
CONCLUSION

From the article that we have discuss , we can ensure that a lot of ransomware existence day by day that
can cause danger to us from be threats by ransomware. The cyber criminal or known as hacker always
find the way to create a new ransomware and improvise the it to make sure no one can disable their
ransomware easily. The hacker mostly target to sent the ransomware to computer that from business
company because they know the company will give the money to the hacker because the company have
classified information and the company have money. So the company does not have choice to get their
own information by giving money to hacker . Most of the ransomware are attack cases involved
resetting of Internet and system of the device which make the devices facing a problem and cannot be
use until the ransomware disappear or disable. Then, the solution to this problem is first by detecting the
device, making inspections before the devices are attacked. Previous ransomware attack occurred when
the devices were unable to upload extensions or certain files that have a specific name as an identifier.

When applying full security to a devices needs the systems for not being infected easily to ransomware
throughout the application lifecycle. In addition, the to protection of the system in device will perform
function, monitor, control and rearrange by only working within the network. It would not be surprising
if ransomware would change for the next few years. If we not take seriously about the capable of
ransomware, it will capabilities of disabling entire infrastructure of businesses but has the potential to
disable an entire city or possibly a country until the demanded ransom is paid. The hacker will use the
method of hacking to control the system and infrastructure to aim disabling ecosystems and not just the
network..

Ransomware already has an attack record against hospitals and transport providers. Hacker are able to
target larger targets in the future such as industrial robots that have been widely used in the
manufacturing or infrastructure sectors that connect smart cities. Extensions via online are seen to be
bound as the online system is very sensitive and easy to attack including smart devices or critical
infrastructure. The hacker are capable of creating, launching, and making huge profits from this
cybercrime threat to continue in the future.

9
Report format
Report format
 Font size: 12
 Font type: Time New Roman
 Paragraph:
 Alignment: Justify
 Line spacing: Single
 Page number: Bottom right side /Plain number 3

References APA format

References APA
Please refers
http://www.apastyle.org/learn/quick-guide-on-references.aspx
 DFP40263 SECURE MOBILE COMPUTING
CASE STUDY
MARKING RUBRIC
CLO 3 : Demonstrate best practices in developing mobile security computing in context of social environment

EXCELLENT GOOD MODERATE WEAK WEIGHTAGE

CRITERIA STANDARD SCORE
4 3 2 1 (%)
Excellent explanations of Clear explanations of the Moderate explanations Vague explanations of
Introduction and the introduction and introduction and of the introduction and the introduction and
Identification of identifies a sophisticated demonstrates an identifies acceptable identifies weak
10%
Main Issues / understanding of the main accomplished understanding of some understanding of some
Problems issues/problems in the understanding of most of of the issues/problems of the issues/problems
case study. the issues/problems in the case study. in the case study.
Provide insightful and
Analysis and Provide a thorough Provide a superficial Provide an incomplete
thorough analysis of all
Evaluation of analysis of most of the analysis of some of the analysis of some of the 30%
identified
Issues / Problems issues identified. identified issues. identified issues.
issues/problems.
Supports dianogsis and Supports research and
opinions with strong opinions with limited
Little action suggested No action suggested
Recommendations arguments and well- reasoning and evidence;
and/or inapproproate and inappropriate
on Effective documented evidence; present a somewhat one-
solutions proposed to solutions proposed to 40%
Solutions / provide a balanced and sided argument;
the issues in the case the issues in the case
Strategies critical view; demonstrates little
study. study.
interpretation is both engagement with ideas
reasonable and objective. presented.
Specific and effectively
Specific and clear but Clear but does not Moderate conclusion
summarizes the case
Conclusion only shows a few show the objectives are but without clear 10%
study. Objectives are
objectives are achieved. achieved. closure.
achieved.

Responsibility Able to fulfill task Able to fulfill task Able to fulfill task
Able to fulfill task
- Task according to scope and according to scope and according to scope and
according to scope and
Requirement exceed expectations with somehow meet some meets minimal 10%
meets expectations with
- Team Work emphasis on excellent expectations and less requirement with poor
good work quality.
- Quality of Work work quality. work quality. work quality.

GRAND TOTAL (100%)

(Total Score/100) * 30 30

11