Order Now
Uncategorized

Report Of Ransomware In The Network System: Challenges And Mitigation Tools

10 min read
Posted on 
April 25th, 2025
Home Uncategorized Report Of Ransomware In The Network System: Challenges And Mitigation Tools

Discussion

The report intends to discuss the challenges due to ransomware in the network system. This report is prepared by a network analyst for the Regal Security Solutions Company. The increase in the use of network system raises the concerns for network security. Ransomware is a malicious software which blocks the access of the user to their own systems. It is used to threaten the victim to pay if they do not want their data to be published [1]. The advanced version of ransomware uses the technology known as cryptoviral extortion. The concept of ransomware was introduced by Adam L Young at the Columbia University. Adam Young presented the file-encrypting ransomware at the IEEE security and privacy conference. The impact of ransomware on the society is extreme. It affects all the aspect of society from individual users to the large-scale business. It leads to permanent or temporary loss of the confidential data. The ransomware disrupts the regular operation of the business and incurs financial loss to them [14]. The cases of data security can harm the reputation of an organization facing this issue. The impact of ransomware in the healthcare industry is loss of medical history of patient and laboratory results.

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

This malicious software is available in the number of variants and specifications. Some of the variants of ransomware are discussed as below.

WannaCry: It is an extensively spread ransomware campaign which affected much organization across the globe. This ransomware is also known as WannaCrypt or WCry. The WannaCry ransomware attack of May 2017 targeted about 125,000 organizations of 150 countries and loss of more than hundred million is estimated [2]. It affected the systems used by the organizations having Microsoft Windows operating system. Eternal Blue is an exploit in the older windows version, and it was used for the propagating of WannaCry. This attack was stopped with the help of release of emergency patches by Microsoft.

Petya: The term ‘Petya’ is taken from a movie of James Bond where Petya is a satellite of the Soviet Union.  This strain of ransomware was discovered in the March 2016, and it affected the entire computer system. It infected the master boot record system and executed a payload for encrypting the system [3]. This malware prevents the system of the victims from booting. The propagation of the Petya was done through infected email attachments.

Bad Rabbit: This ransomware affected the organizations of the Ukraine and Russia, and it was not widely spread. It spread through tricking the users for adobe flash update in October 2017. The victims of the infected machine were taken to a payment gateway which demanded about 285 dollars or 0.5 bitcoins for the decryption [4]. In order to top this attack, the sites used for spreading this fake flash update were removed.

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

Variants of Ransomware

CryptoWall: It is a major Trojan which targeted the windows system in the year 2014. It was propagated through the advertisements from major websites, and these ads redirected the users to the malicious websites which used plugins to download the payload. The Cryptowall 3.0 downloads the executables in jpg format. It deletes the copy and gets access to the spyware which is used to steal the wallets and passwords. In June 2015, a loss of about 1.8 million dollar was estimated due to this variant of ransomware [5].

Jigsaw: It is a type of encrypting ransomware which deletes the file in a progressive manner until the payment of ransom. It was initially termed as ‘Bitcoin Blackmailer’ in 2016. It was given the name Jigsaw because it featured the picture of Billy the puppet. The number of file deleted from the infected system increases exponentially every hour, and after 72 hours all the files are wiped from the system [8]. The attempt of rebooting the infected computer would lead to deletion of about 1000 files.

The working mechanism of ransomware can be explained in three phase between the attacker and the victim.

First Phase: The first phase is the attacker to victim phase, and in this phase, the attacker places the public key in malware and release the malware. The operation is carried out with the help of Trojan entering in to a computer system through the malicious mail or poor network system.

Second Phase: The second phase is victim to attacker phase, and in this phase, the cryptoviral extortion attack is carried out. The released malware is used to generate a symmetric key randomly for the encryption of data from the victim’s system. The symmetric key is encrypted by using the public key in the malware, and this process is known as hybrid encryption. This process results in both symmetric and asymmetric encryption of data of the victim. It resets the symmetric key and original data in order to prevent the data recovery [7].  It sends an instruction to the user about the method of sending the ransom or the pay. The victim pays the money and asymmetric text to the attacker by the instructed method.

Third Phase: The third phase of the ransomware mechanism includes the receiving of payment by the attacker and sending of the symmetric key to the victim. The attacker decodes the asymmetric ciphertext with the private key available with them and provides the symmetric key to the victim. The victim decodes the encrypted data with the help of the required symmetric key [12].

The Working Mechanism of Ransomware

The potential threats posed by ransomware are System lockup and encryption and deletion of files. The threats can be explained in details as follows.

System Lockup: The most common threat imposed by the ransomware is system lockup. The system of the victims are locked by the attacker, and a ransom is demanded to decrypt the system [13]. Some ransomware is used for just locking the system which is not difficult for a person having knowledge of network security to reverse the attack.

Encrypting and Deleting the Files: The advanced version of malware uses the cryptoviral extortion technique, and it is used for encrypting and deleting the files and data of the victim. In the process of encryption, the attackers encode the information and make it inaccessible to the victims [9].  This type of threats is used by the attackers for demanding the ransom for protecting the confidential and sensitive data of the victims. The Jigsaw ransomware is used by the attacker for deleting the files. The threat of deleting the files forces the victim to pay the ransom.

This section of report would consider the recent SamSam ransomware attack in Hancock regional hospital of Indiana, US. The officials of this healthcare had to pay a whopping amount of 55,000 dollars as ransom. This ransomware attack took place on 11th January 2018 in which the attackers used the SamSam ransomware for encrypting the files stored in the system of this healthcare department, and they renamed this files with the phrase ‘I’m sorry’ [10]. This strain of ransomware is known for targeting the healthcare industry, government and education for a long time. The reports revealed that hackers gained access to the system of the hospital with the help of a remote access portal. The attackers used the login credentials of a vendor for accessing the portal. It affected the normal operation of the hospital to an adverse extent and forced the staffs to use pen and paper for storing data. The CEO of the Hancock health stated that data was recoverable, but they paid the ransom of 4-bit coin as the recovery process would have taken about a week [10].

The recommendations of the mitigation tools and strategies that can be used for protection from ransomware are as follows.

Network Segmentation and backup of Data: It is used to limit the communication between the network segments by restricting the unauthorized access. The network segmentation prevents the ransomware to traverse the whole network system of the organization. It is recommended to keep a secured backup of data and files in a system other than the targeted system. It is recommended to the organizations to have 2 copies of file on a different external system [6]. The organizations can also store one copy of the data and files offsite.

Use of Firewall, Antivirus and toggle setting: The bulk spam campaign is carried out by the attackers through attractive attachments like payroll, CV selection mails, misleading delivery reports and invoices. This issue can be solved by customizing the server of the webmail in a way that it blocks the inefficient incoming messages with .exe, .bat and .vbs. The use of firewall is efficient as it helps in monitoring traffic, unusual activities and malicious sites [11]. The Trojan requires proactive exchange of data with their server. This communication between the ransoms and server can be effectively determined by the firewall. The firewall can thus take further actions such as alerting the user about the malicious activity or blocking this activity. The use of authentic antivirus for the system can protect the data and files from the ransomware. The users are recommended to configure and change the toggling settings of the antivirus for more accurate recognition of malicious files.

Software Whitelisting: The whitelisting is used to define the set of sites which are allowed on a system instead of blocking the malicious sites. There is a tool available for allowing the users to create the required list known as Window App Locker.

It can be concluded from this report that it is efficient is explaining the required aspects of ransomware. It efficiently describes ransomware as malicious software which is a threat to the network security and its impact on the different fields of society. The discussion portion provides the detailed analysis of the variants of ransomware which are recently developed. The variants of recently developed ransomware discussed here are WannaCry, BadRabbit, Petya, Jigsaw and Cryptowall. It provides the working mechanism of the ransomware in three phases of attacker and victim. The report discusses the encryption and deletion of files and system lockup by the attackers as the potential threat posed by the ransomware. It considers the case of study of SamSam ransomware attack of January 2018 in Hancock regional hospital of US in order to provide a recent analysis of the topic. The efficient discussion of the mitigation tools to avoid and tackle the ransomware attack makes the report appropriate as it provides a proper recommendation. Therefore it can be summarized that the report effectively discusses the ransomware.

References 

  • B Pathak and Yeshwant Mahavidyalaya Nanded, “A dangerous trend of cybercrime: ransomware growing challenge,” International Journal of Advanced Research in Computer Engineering & Technology (IJARCET) Volume5, 2016.
  • Mattei, A Tobias, “Privacy, Confidentiality, and Security of Health Care Information: Lessons from the Recent WannaCry Cyberattack.” World neurosurgery104, 2017: 972-974.
  • Perlroth, Nicole, Mark Scott, and Sheera Frenkel, “Cyberattack Hits Ukraine Then Spreads Internationally,” The New York Times, 2017.
  • Bosasi Wabali, Dave, “Crypto-Ransomware Cycle,” 2018.
  • Cabaj, Krzysztof, and Wojciech Mazurczyk, “Using software-defined networking for ransomware mitigation: the case of cryptowall,” IEEE Network30, no. 6, 2016: 14-20.
  • B. Christensen and Niels Beuschau, “Ransomware detection and mitigation tool,” 2017.
  • Liao, Qinyu. “Ransomware: a growing threat to SMEs,” In Conference Southwest Decision Institutes, pp. 360-366. 2008.
  • Nieuwenhuizen, Daniel, “A behavioural-based approach to ransomware detection,”  MWR Labs Whitepaper, 2017.
  • Richet, Jean-Loup, “Extortion on the internet: the rise of crypto-ransomware.” Harvard, 2016.
  • “SAMSAM Ransomware Hits US Hospital, Management Pays $55K Ransom – Security News – Trend Micro IN”, com, 2018. [Online]. Available: https://www.trendmicro.com/vinfo/in/security/news/cyber-attacks/samsam-ransomware-hits-us-hospital-management-pays-55k-ransom. [Accessed: 24- Aug- 2018].
  • Scaife, Nolen, Henry Carter, Patrick Traynor, and Kevin RB Butler, “Cryptolock (and drop it): stopping ransomware attacks on user data.” In Distributed Computing Systems (ICDCS), 2016 IEEE 36th International Conference on, pp. 303-312. IEEE, 2016.
  • “Here’s what to do if your computer gets taken over by ransomware – a form of malware taking over the internet”, Business Insider, 2018. [Online]. Available: https://www.businessinsider.in/Heres-what-to-do-if-your-computer-gets-taken-over-by-ransomware-a-form-of-malware-taking-over-the-internet/articleshow/47617975.cms. [Accessed: 24- Aug- 2018].
  • Abedin, Khuram, “Ransomware: Hostage Situation,” 2018.
  • Hampton, Nikolai, and Zubair A. Baig. “Ransomware: Emergence of the cyber-extortion menace,” 2015.

Order an Essay Now & Get These Features For Free:

Turnitin Report

Formatting

Title Page

Citation

Outline

Place an Order
Calculate the price
Pages (275 words)
$0.00
Course Scholars
Company
Legal
How Our Service is Used:
Course Scholars essays are NOT intended to be forwarded as finalized work as it is only strictly meant to be used for research and study purposes. Course Scholars does not endorse or condone any type of plagiarism.
Subscribe
No Spam
© 2025 Course Scholars. All rights reserved.
Course Scholars will be listed as ‘Course Scholars’ on your bank statement.

Order your essay today and save 15% with the discount code GINGER

Order Now