What is Ransomware and How it Affects Our Data Privacy

With so much discussion about ransomware in the media in recent times discuss how safe is our data?

Ransomware is a modern form of malicious software denoted as malware which takes control over the computer of a user and threatens to harm the system. The malware is invoked into system of the user such that the user is denied access to their data. A ransom is demanded by the attacker from the victim so that they are able to gain access to their data or personal information stored in their computer (Kruse et al. 2017). The users are provided instructions on their computer screen so that they can pay the fee for getting the decryption key to access their data. The cost or fee for the decryption key ranges from few hundred to thousand dollars which has to be paid by the victim in Bitcoin.

In this modern world of technology, there is abrupt changes in innovation and rise of emerging technologies however the safety and privacy of our data still remains a major concern. The data breach or criminal invasion is an unfortunate consequence of utilizing technology in the modern world. The information or data plays a significant role in our daily life as well as improving our living standards (Thomas and Galligher 2018). Our personal information is being used by most of the major technologies or applications to provide us with better services and functionalities. The information related to finance, healthcare and other services are being analyzed by experts so that they can develop predictions and models to improve our lifestyle based on decisions. Various information are being stored in data banks which is protected using some security application or technology however it may be vulnerable to attacks or data breach due to error by human or attack by intruders. With the recent growth of technology application, there is also rising incidents of hacking and data breaches.

One such incident of data breach is of Equifax which resulted into exposure of ten millions people financial information which can be misused as it included social security number, driver license and other valuable information (Green 2017). The data being held by the financial reporting agencies are significant and it is not the only information that can be stolen and misused. Our personal information is also stored by various applications that can be stolen or misused and even the healthcare sector is not safe from data breaches. The data breaches related to healthcare sector requires immediate response as the attackers may obtain vital information such as Credit card numbers, Social security and billing data along with other personally identifiable information. The services and technology providers have to have to ensure that the information of the customers are secured through secure firewalls, data encryption and monitoring on a constant basis (Scaife et al. 2016). There are various factors due to which data breaches may occur from which failures related to deployment is one of the major cause behind theft or misuse of personal information. The people should have trust and rely on various enterprises or databases that store personal information. The data should be kept secure and confidential with the help of proper encryption techniques or security mechanisms.

Major Incidents of Data Breaches

Now a days, the data breach has taken a new form in which the data or information in user computer is being encrypted through a malware that is ransomware. This malware restricts the user from accessing their data and the attacker demands for some fee or payment for the decryption key. The attacker can easily access and misuse personal information by gaining access to a victim’s computer. It is becoming a major concern in the present day due to widespread of data online (Yaqoob et al. 2017). There are various ways in which the attacker can invoke the ransomware in a victim’s computer. One of the common process is phishing spam that come as attachments to the victims through email as a file. Once the file is downloaded an opened by the victim, the attacker could easily gain control over computer of the victim. The malware can easily infect the victim’s computer if it is embedded with built-in social engineering tools which are capable of tricking the users so that they allow administrative privileges (Everett 2016). Other forms of ransomware are also there such as NotPetya that looks for security loopholes and exploits the victim’s computer without the need to trick the user.

 There are various ways the victim’s computer can be used once the malware infects the system. However, the most common type of threat is that some or all files in the user computer gets encrypted. The user is not able to access data in their computer and it can be decrypted only with the help of a mathematical key possessed by the attacker. A message is displayed on the user screen that explains to the users that the files in their computer are no longer accessible and it can be decrypted only after payment to the attacker in the form of Bitcoin.

In some instances, the attackers may represent themselves as a law enforcement agency that is shutting down the victim’s computer due to presence of pirated software or illegal content. The payment is being demanded by the attacker as a fine which ensures that there is less likelihood of reporting to the authorities by the victims (Gordon, Fairhall and Landman 2017). A variation also exists in this type of malware which is called leakware or doxware where the publicizing of the sensitive data on the hard drive of victim’s computer is threatened by the attacker. The attacker threatens that the data will be publicized unless a ransom is being paid by the victim. The encryption ransomware is the most common form of malware as finding and extracting such sensitive data from the victim’s computer is a tricky scheme for attackers.   

Preventing Ransomware Attacks

There are various ways in which the attackers choose their target for infecting with ransomware. In some instance, the attacker targets universities as there is smaller security teams but huge user base that access the networks for file sharing. The accessing of the network by huge number of users without proper security maintenance makes the system vulnerable and the attacker is able to easily penetrate their defense (Cohen, Hoffman and Adashi 2017). Further, some organizations are also being targeted as they are more likely to pay the ransom quickly. For example, government or healthcare agencies needs immediate access to their data and law firms or other relate agencies also fear compromise of sensitive data. The ransomware is also widely spreading across the internet and it may affect any individual accessing files in the web.

There are various ways in which ransomware infection can be prevented to ensure safety and privacy of our data (Continella et al. 2016). Some of the measures that can be taken to ensure prevention of ransomware attack are presented as below:

• The operation system should be kept updated and patched so that there is less chance of vulnerability that can be exploited.
• Unknown software should not be installed or given administrative privileges (Bhattacharya and Kumar 2017).
• Antivirus software should be installed for detecting malicious or unwanted programs so that unauthorized applications can be executed.
• Backup of files should be taken frequently and automatically to ensure that valuable information can be retrieved in case of any malware attack.

The fact of ransomware attacks is not unknown and despite of many research and efforts, the law enforcement agencies are still not capable of tracking the source of attacks. The payments are being made in the form of bitcoins so there is no trail of such attacks that can be identified from transactions. The law enforcement agencies strongly oppose the payment of ransomware as it only encourages the attackers and provides funding so that they are able to develop more ransomware (Yao 2018). The organizations being affected by the ransomware does not consider the long term impact and starts with a cost benefit analysis to measure the ransom value against the encrypted data. They find that their data is much valuable and the ransom is not of significant amount as the value of their data.

According to a research by Pope (2016), it has been found that 66% of companies verbally show that they prefer not to pay the ransom but the actual fact is that around 65% companies actually pay ransom when they face such attack. The attackers keep the ransom amount low within a limit of $700 to $1300 that can be easily paid by the companies. Some malware are such sophisticated such that it is able to detect the location of the victim’s computer and adjust the ransom so that it can match with economy of the located country. The attacker demands the ransom as rich countries will be able to pay more than the poor countries. In some situations, discounts are also being offered depending upon the response time so that the victims are encouraged to pay more quickly than expected. The price point of the ransom is set considering that it is sufficient for the criminal but it is low to the victim as compared to restoring or reconstructing their lost data so that they can easily make the payment. In the recent days, some companies are building the potential in their security plans so that they can easily pay the ransom (Maurya et al. 2018). For example, some large companies in the UK are not involved with cryptocurrency but holds some reserved bitcoins specially for making payments for ransom. There are also many tricks played by the attackers to get ransom as some malware maybe scareware that does not encrypts all data of the victim and only threatens them with a message of such attack. There is also a major concern that every time it is not guaranteed to get the data decrypted as the attacker may run away with the money. Some of the ransomware existed since 1990’s and throughout the past years, there has been significant evolution in the malwares (Huang et al. 2018). The major and worst malwares that are existing and impacting the data integrity are presented as below:

The Impact of Paying Ransom and Long Term Effect

CryptoLocker: This malware is attacked first in the year 2013 that infected almost 500,000 machines.

TeslaCrypt: This malware targets the gaming files and it has been constantly improving since the first attack (Butler 2017).

SimpleLocker: It is the first ransomware attack that widespread focusing on mobile devices.

WannaCry: It was being developed by NSA and then the attackers stole it which then expanded autonomously from computer to computer through EternalBlue.

NotPetya: It is also called as EternalBlue that is a part of cyberattack being directed by Russia against Ukraine.

Locky: It began to spread in 2016 and it was similar to the mode of attack that occurred in Dridex, a banking software.

Data security is one of the essential concern in this modern age of information and communication technology. Presently, the data of individuals are being widespread in the internet as those are gathered by many applications or services over the internet (Conti, Dargahi and Dehghantanha 2018). The security of our data is a major issue that is bothering both the individuals as well as organizations as they feat the loss or compromise of their valuable information. It has been found from many researches that security of confidentiality of data is ensured but there are no proper security measures to protect the data. The rise of social media and cloud computing is significantly contributing to the exposure of valuable information or personal data as those are stored in clouds that can be accessed by an attacker to get hold of huge customer information. There are various ways in which data security can be ensured from the perspective of end user as mentioned below:

• Updating and patching the operation system on a regular basis so that there is less chance of vulnerability that can be exploited.
• The users should not install or give administrative privileges to software or applications that are unknown to them (Keogh, Gordon and Marinovic 2018).
• Proper antivirus software or program should be installed so that malicious or unwanted programs can be detected to stop execution of unauthorized applications.
• Backup should be taken for valuable or sensitive data frequently and automatically to ensure that valuable information can be retrieved in case of any malware attack.
• The users must make use of strong password encryption mechanisms so that their credentials could not be easily accessed by the attacker.

One of the most common measure to ensure data security is robust backup such that only the valuable or sensitive information could be recovered in case of emergency or external attack (Stephen 2017). The protection of data from unauthorized access is one of the major consideration that should be taken care of for securing the data from externa attacks or ransomware. The most effective way to mitigate the threats being faced in this modern world due to the advancements in technology as well as malwares affecting data security is adoption of suitable cybersecurity methods. The data breach or encryption does not only causes financial impact but it also results into loss of services that are being offered to the customers. From the overall analysis, it can said that our data is not safe although the cloud service providers or other organizations guarantee data security and confidentiality (Martin et al. 2017). The attacks occurring using ransomware or other malwares are not easy to prevent however there is a need to take precautionary measures by individuals as well as organizations to ensure the safety and security of valuable data.                

Types of Malware and Their Evolution

References

Bhattacharya, S. and Kumar, C.R.S., 2017, February. Ransomware: The CryptoVirus subverting cloud security. In Algorithms, Methodology, Models and Applications in Emerging Technologies (ICAMMAET), 2017 International Conference on (pp. 1-6). IEEE.

Butler, J., 2017. Finding an Unlikely Combatant in the War against Ransomware: Opportunites for Providers to Utilize off-Site Data Backup within the HIPAA Omnibus and HITECH Amendments. . Louis UJ Health L. & Pol’y, 11, p.317.

Cohen, I.G., Hoffman, S. and Adashi, E.Y., 2017. Your Money or Your Patient’s Life? Ransomware and Electronic Health Records. Annals of internal medicine, 167(8), pp.587-588.

Conti, M., Dargahi, T. and Dehghantanha, A., 2018. Cyber Threat Intelligence: Challenges and Opportunities. Cyber Threat Intelligence, pp.1-6.

Continella, A., Guagnelli, A., Zingaro, G., De Pasquale, G., Barenghi, A., Zanero, S. and Maggi, F., 2016, December. ShieldFS: a self-healing, ransomware-aware filesystem. In Proceedings of the 32nd Annual Conference on Computer Security Applications (pp. 336-347). ACM.

Everett, C., 2016. Ransomware: to pay or not to pay?. Computer Fraud & Security, 2016(4), pp.8-12.

Gordon, W.J., Fairhall, A. and Landman, A., 2017. Threats to Information Security—Public Health Implications. New England Journal of Medicine, 377(8), pp.707-709.

Green, A., 2017. Ransomware and the GDPR. Network Security, 2017(3), pp.18-19.

Huang, D.Y., Aliapoulios, M.M., Li, V.G., Invernizzi, L., Bursztein, E., McRoberts, K., Levin, J., Levchenko, K., Snoeren, A.C. and McCoy, D., 2018, May. Tracking ransomware end-to-end. In 2018 IEEE Symposium on Security and Privacy (SP) (pp. 618-631). IEEE.

Keogh, K., Gordon, C. and Marinovic, P., 2018. Cyber security: Global developments in cyber security law: is Australia keeping pace?. LSJ: Law Society of NSW Journal, (42), p.82.

Kruse, C.S., Frederick, B., Jacobson, T. and Monticone, D.K., 2017. Cybersecurity in healthcare: A systematic review of modern threats and trends. Technology and Health Care, 25(1), pp.1-10.

Martin, G., Martin, P., Hankin, C., Darzi, A. and Kinross, J., 2017. Cybersecurity and healthcare: how safe are we?. Bmj, 358, p.j3179.

Maurya, A.K., Kumar, N., Agrawal, A. and Khan, R.A., 2018. Ransomware: Evolution, Target and Safety Measures.

Pope, J., 2016. Ransomware: minimizing the risks. Innovations in clinical neuroscience, 13(11-12), p.37.

Scaife, N., Carter, H., Traynor, P. and Butler, K.R., 2016, June. Cryptolock (and drop it): stopping ransomware attacks on user data. In Distributed Computing Systems (ICDCS), 2016 IEEE 36th International Conference on (pp. 303-312). IEEE.

Stephen, J., 2017. Beware the ransomware: Protecting your data more important than ever. Wisconsin Law Journal.

Thomas, J. and Galligher, G., 2018. Improving backup system evaluations in information security risk assessments to combat ransomware.

ur Rehman, H., Yafi, E., Nazir, M. and Mustafa, K., 2018, October. Security Assurance Against Cybercrime Ransomware. In International Conference on Intelligent Computing & Optimization (pp. 21-34). Springer, Cham.

Yao, D.D., 2018, June. Data Breach and Multiple Points to Stop It. In Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies (pp. 1-1). ACM.

Yaqoob, I., Ahmed, E., ur Rehman, M.H., Ahmed, A.I.A., Al-garadi, M.A., Imran, M. and Guizani, M., 2017. The rise of ransomware and emerging security challenges in the Internet of Things. Computer Networks, 129, pp.444-458.