Order Now
Uncategorized

Employees To Resist Spear Phishing To Prevent Ransomware Attacks

9 min read
Posted on 
April 25th, 2025
Home Uncategorized Employees To Resist Spear Phishing To Prevent Ransomware Attacks

Discussion

Ransom ware is a type of malware where the information in a victim’s computer is deleted or locked. This attack is done by encryption and the hackers demand a particular amount if ransom to be paid for retrieving the data [1]. The main motive of ransom ware is always monetary. In this type of attack, the user is notified regarding the damaged caused to the data along with the ways by which it can be resolved. The payment is done in virtual currency like bit coin. This helps the hacker to stay anonymous. The motive of ransom ware is not just to target home users but also businesses, which results in negative consequences such as permanent or temporary loss of confidential data. The disturbance caused in everyday operations. Ransom ware causes financial losses for retrieving the files that were hacked. It also causes harm to the reputation of the company. The report would discuss regarding the variants of ransom ware and their working principle. It also recommends some ways by which ransom are can be prevented.

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

Some variants of ransom ware are as follows

  • WannaCry: WannaCry is a ransom ware that has affected various organizations all over the world. This attack has hit around 150 countries [2]. This ransom ware is also known as WanaCrypt0r and WCry and it affects machines running on Windows with the help of EternalBlue, which is a Microsoft exploit.
  • ZCryptor: It is a malware strain that has the ability to self-propagate. It consists of behavior similar to worms that encrypt data and infects some flash drives as well as external drives in order to distribute to various computers.
  • TorrentLocker: This ransom ware is distributed via email campaigns and it targets users through emails and messages that are delivered to some specific geographical regions. It is also referred to as CryptoLocker. It uses the AES algorithm in order to encrypt data [3]. Along with encoding the files, the hackers also tracks the email ids of the users in order to spread malware apart from the first infected machine. This system is unique and only used by TorrentLocker.
  • Spider: This ransom ware had spread all over Europe through spam emails. This malware is hidden in the documents of MS Word. It is installed when the file is downloaded. This malware is disguised as an important document such as a notice for debt collection.
  • TeslaCrypt: This ransom ware also uses AES algorithm for encrypting files [4]. It is distributed by Angler exploit kit in order to attack the vulnerabilities in Adobe. After exploiting the vulnerability, it is installed in the Microsoft temp folder.

Ransom ware can seek the help of various vectors in order to get access to a computer. Phishing fraud is the most common system for delivery. The victim receives attachments through email. This file looks legitimate to the user and he clicks on it, but the link redirects the user to an unexpected site [5]. After the file is downloaded, the hackers take over the user’s computer. This ransom ware exploits various security loopholes in order to infect the computer. The hacker does not need to trick the user. The hackers, after taking over the user’s computer, encrypt the data in the machine. A key that is only known by the hacker can decrypt the data that has been encrypted. The hacker is ensured that the key would be provided to him if he paid a ransom amount to hacker [5]. The attacker is provided a message regarding this information. The attacker also threatens the user to expose data to the the public if the ransom is not paid.

Some threats imposed by ransom ware are as follows

  • Data revealed: The ransom ware threat, is very dangerous for organizations. The hackers might reveal the data that they had encrypted [6]. This can be done even if the ransom amount is paid. The hackers do not guarantee that the user would retrieve the data if they pay the ransom. The data might be permanently lost.
  • Disruption in operations: The ransom ware threat creates a disruption in the operations of the organization. Operations of an organization are interrupted when it faces a ransom ware attack. The employees and higher authorities look for ways to get out of the situation and retrieve the data. It is a long process and risky as well, because it is not guaranteed that the hackers would give access to data after the ransom amount is paid [6]. This as a result is very time to consume because if the organization does not want to pay the ransom and want to find some alternative to get out of the situation.
  • Financial loss: If the wants to pay the ransom and get back the data as per the hacker’s advice, they would face a financial loss [6]. This financial loss would take place in order to retrieve the data.

A recent attack by ransom ware includes WannaCry. WannaCry had attacked numerous organizations for some years. In 2017, an updated version of WannaCry named “WanaCrypt0r 2.0” had attacked a health institute in United Kingdom named United Kingdom’s National Health Service (NHS). They have also attacked the internet service provider named Telefonica and some more organizations across the world [7]. Every victim received a message, which was sent by the hacker, and it demanded $300 in the form of bit coins. Fulfilling their demands did not guarantee that the hackers would give back the access to data. Researchers found out that, WannaCry carried out the attacks with the help of the exploitation of EternalBlue. EternalBlue is a vulnerability that Microsoft had patched in security bulletin at around March 2017. WannaCry affected around 300,000 organizations across the world. The hackers forced the doctors of the health institute to turn away the patients as well as to cancel appointments. The institutes did not have any evidence that the hackers accessed the data. The attack resulted in a breakdown in the email server and computers [8]. After that, they received a message regarding the amount of ransom to be paid. The message also said that if the payment were not made, hackers would delete the data permanently. This attack caused a huge problem for the services as well as the people there. Patients with only medical emergencies were treated. The attack had also affected the institute’s X-ray machine, phone systems, administration system of patients and results of pathology tests.

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

Variants of ransomware

NHS Digital did not believe, the intention of attack was to target the health services, it also states that the NHS Digital has been working with National Cyber Security Centre which is the Department of Health as well as NHS England for supporting affected organizations and ensure the safety of patients [9]. Their aim is to support various organizations for managing incidents decisively and swiftly. Inspite of that, they would stay in contact with colleagues from NHS and share data so that it is available.

Various steps can be followed in order to prevent the machines from ransom ware infection [10]. The steps include better practices of security and many more. Some ways by which ransom ware can be prevented are as follows

  • Updated: The operating system as well as applications used by the system for various purposes should be updated [10]. This results in fewer chances of vulnerabilities that can affect the computer as well as the entire system.
  • Software installation: Software should not be installed unless people are familiar with it and its working principles.
  • Antivirus: Antivirus software should be installed which would be able to detect any malicious program such as ransom ware [11]. They detect ransom ware when they arrive. The systems should also have white listing software that would prevent the execution of unauthorized applications. These softwares are very important for an organization in order to keep hackers away from their systems.
  • Backup: An organization consists of various data regarding different departments and their functions. This data should be backed up for future use. The backup would also help the organization to retrieve data even if it is lost for some reason [12]. The file should be backed up automatically and frequently. It would not immune the organizations from malware attacks, but it would make the attack less significant. Not much data would be lost if the files are backed up.

Conclusion

From the above report, it can be concluded that ransom ware has been a devastating attack faced by the organizations. Ransom ware has proved that these attacks can be outrageous for small as well as big businesses. The ransom demanded by the hackers should never be paid because the payment does not guarantee that hackers would give the access of data to the owner. There have been cases when, the users have provided ransom to the hacker but they were not provided with the decryption key. Various measures can be taken in order to prevent the ransom ware attacks are mentioned above in the report.

References

[1] Sittig, Dean F., and Hardeep Singh. “A socio-technical approach to preventing, mitigating, and recovering from ransomware attacks.” Applied clinical informatics 7, no. 2 (2016): 624.

[2] Brewer, Ross. “Ransomware attacks: detection, prevention and cure.” Network Security 2016, no. 9 (2016): 5-9.

[3]  Kamat, Pooja, and Apurv Singh Gautam. “Recent Trends in the Era of Cybercrime and the Measures to Control Them.” In Handbook of e-Business Security, pp. 243-258. Auerbach Publications, (2018).

[4] Thomas, Jason. “Individual cyber security: Empowering employees to resist spear phishing to prevent identity theft and ransomware attacks.” (2018).

[5] Simmonds, Mike. “How businesses can navigate the growing tide of ransomware attacks.” Computer Fraud & Security 2017, no. 3 (2017): 9-12.

[6] Byrne, Dermot, and Christina Thorpe. “Jigsaw: An Investigation and Countermeasure for Ransomware Attacks.” In European Conference on Cyber Warfare and Security, pp. 656-665. Academic Conferences International Limited, 2017.

[7] Everett, Cath. “Ransomware: to pay or not to pay?.” Computer Fraud & Security 2016, no. 4 (2016): 8-12.

[8] Lord, Nate. “A History of Ransomware Attacks: The Biggest and Worst Ransomware Attacks of All Time.” URL: https://digitalguardian. com/blog/history-ransomware-attacks-biggest-and-worst-ransomware-attacks-all-time (2017).

[9] Kharraz, Amin, William Robertson, and Engin Kirda. “Protecting against Ransomware: A New Line of Research or Restating Classic Ideas?.” IEEE Security & Privacy 16, no. 3 (2018): 103-107.

[10] Pope, Justin. “Ransomware: minimizing the risks.” Innovations in clinical neuroscience 13, no. 11-12 (2016): 37.

[11] Youn, Jung-moo, Je-geong Jo, and Jae-cheol Ryu. “Methodology for intercepting the ransomware attacks using file i/o intervals.” Journal of the Korea Institute of Information Security and Cryptology 26, no. 3 (2016): 645-653.

[12] Gu, Lei, and Matt Boucher. “Systems and methods for protecting backed-up data from ransomware attacks.” U.S. Patent Application 14/938,868, filed May 18, (2017).

Order an Essay Now & Get These Features For Free:

Turnitin Report

Formatting

Title Page

Citation

Outline

Place an Order
Calculate the price
Pages (275 words)
$0.00
Course Scholars
Company
Legal
How Our Service is Used:
Course Scholars essays are NOT intended to be forwarded as finalized work as it is only strictly meant to be used for research and study purposes. Course Scholars does not endorse or condone any type of plagiarism.
Subscribe
No Spam
© 2025 Course Scholars. All rights reserved.
Course Scholars will be listed as ‘Course Scholars’ on your bank statement.

Order your essay today and save 15% with the discount code GINGER

Order Now