Cryptoransomware

Cryptoransomware is one of the pertinent issues in cybersecurity today. Cybercriminals use this form of malware like CryptoWall and CryptoLocker, to lock up crucial or personal data and charge ransoms for users to regain access.  According to the CryptoLocker article i chose, attackers have evolved and found a more natural way to monetize on crucial information on the web illegally. Initially, hackers breached security protocols, extracted data and sold in crimes exist to date. However, through ransomware, attackers now access data and encrypt it using public key infrastructure (Saiyed, 2016).

Ransomware attacks occur in several stages. A compromised site or installation contains an exploit kit that directs the victim’s browser to download malware from a shadowed domain. The malware copies or installs itself on the victim’s startup folder and starts automatically with each computer reboot.  After encryption, an attacker presents a victim with an extortive ransom note as he/she logs on to systems to access files.  The attacker holds a private key that decrypts the victim’s locked up, and the latter has to purchase it to regain access before a specified time.

The target for such attacks is the typical common document storage formats and drive-by downloads like Office and PDF.  Hackers still use emails as a vector for ransomware. The user opens the infected document which convinces victims that it’s protected and cannot be viewed unless they follow a specific set of instructions. The malware seemingly comes to the rescue, and the user obliviously activates the infection process.  Such corrupted zipped or unzipped documents heavily rely on script obfuscation techniques. Once attackers gain access, they move all location files into a compressed folder that’s protected with a password as they delete original files. They may also remove original data after they decrypt individual files or move them to a hidden folder (Kansagra et al.,2015).

Currently, attackers take advantage of a vast array of sites like blogs since they are built with basic templates and security standards. Such websites and their ads appear harmless and are the source for most infected drive-by downloads.  Such sites load malicious Flash movies that run through JavaScript in the background. Additionally, the malware is found in a one-time use subdomain of a legitimate domain that an attacker generates through a process called domain shadowing.

According to Saiyed (2016), once a user’s computer is infected, there are four options.  The victim can pay the ransom through cryptocurrencies like Bitcoin. The attackers increase the ransom if payment isn’t made before time elapses.  Between 2014 and 2015, the FBI reported an estimated $18 million in losses as desperate users paid ransoms to attackers. Users can also brute force the key, but it’s an infinite process on a simple desktop computer.  As mentioned above, attackers rely on public key cryptography that cannot exist on a victim’s machine. Thirdly, users may back up and restore data from uninfected removable drives. In resignation,most users choose to lose their compromised files.

In my opinion, the evolution of cybercrime, especially crypto ransomware is anintriguingsubject. Attacks of this nature are on the rise with an estimated 4000 daily attacks globally (Ojeda, 2017).  Interestingly, paying ransoms is like a game of Russian roulette since victims risk losing their data regardless of payments. Furthermore, attackers are not only after economic gains, but they yearn for recognition in the dark web. For instance, the United States reveres programmers who write such malicious code which means such cybercrime will continuously prevail. This situation doesn’t guarantee anyone’s safetyon the web. As a cybersecurity professional, attack victims require my services to protect them from such malware.

I chose the CryptoLocker article because it is a concise, in-depth discussion of ransomware. I have gained knowledge and skills on ransomware, its mechanisms, and prevention, recovery and mitigation measures against it.Prevention of ransomware attacks is an uphill task since they are quick, untraceable and most victims are unaware of this infection. Fortunately, ransomware isn’t entirely fool-proof. In addition to updated email security and web browsing measures, there are other several preventive precautions that I can take. I can disable Flash from untrusted websites on web browsers.  Furthermore, I can create and implement a whitelist of screened legitimate sites. Emails should also be filtered to identify zip file documents, and I can disable macros in Office Suite to prevent attacks.

Additionally, I canrecognize potential ransomware threats through detective mechanisms like firewallsand anti- ransomware tools.Installing these tools ensures that computers continually monitors and blocks ransomware. Enterprise management systems can monitor malware like CryptoLocker that leave breadcrumbs and patterns in directories. Similarly, quality intrusion detection systems recognize malware patterns as well and alert an administrator.  To mitigate attacks, IT specialists like me should centralize data backups compared to personal desktop storage. Lastly, I can also use administrator permissions to reduce the risk of ransomware infections. In case of an attack, I should implement an objectively and carefully considered recovery measures to protect web users from future attacks.

 
Do you need high quality Custom Essay Writing Services?

Custom Essay writing Service

Stuck with Your Assignment?

Save Time on Research and Writing

Get Help from Professional Academic Writers Now