Cybersecurity and Ransomware
Cybersecurity and Ransomware
Cybersecurity and Ransomware
A Note
Cybersecurity threats are real. As per the Global Cybersecurity Index report by International
Telecommunication Union, there are 3.5 billion people online. The estimated storage used is
44 Zettabytes. There is no risk of shortage of storage due to cloud computing. E-government
services are also proliferating. Industry 4.0 is here, and the economies have gone digital. A
lot of traditional work has shifted into cyberspace(International Telecommunication Union,
2020). This has led to more cyberattacks. Global losses due to cyberattacks and cybercrimes
are estimated at around $1 trillion in 2020 and $6 trillion in 2021. The scale of these losses
makes it an imperative to study cybersecurity threats and their implications. This article will
provide an overview of the aforementioned points.
An important threat to cybersecurity is a ransomware attack. Ransomware is a form of
malware that encrypts victim’s files. The attacker demands a ransom from the victim to restore
access to the files. The instructions for payment are displayed and are demanded in bitcoins.
After the payment is made, decryption key is sent to the victim. Ransomware attack can
deny access to the entire network too. The estimated global damage from ransomware attacks
increased from around $8 billion in 2018 to $20 billion in 2020. Ransomware attack may lead
to even death. In 2020, a hospital in Germany was locked out of their systems and unable to
treat patients. A woman who needed urgent care had to be rerouted to another hospital 20
miles away but did not survive(Cybersecurity Trends, 2021).
There is a close linkage between cybersecurity and ransomware. It would be interesting
to understand how these have evolved over the years.
Academia Letters, February 2022 ©2022 by the author — Open Access — Distributed under CC BY 4.0
1
Cybersecurity threats are all pervasive. In the automotive industry, technological change
has led to modifications in the industry structure. The basis of competition has shifted from
features and performance to functionalities. Organizations are reliant on new knowledge for
progress. Modern computerized vehicles have invited cybersecurity threats. To counter these
threats, knowledge sharing in the industry is required(Morris et al., 2020). Power systems
across the world are facing cybersecurity issues. Information and Communication technolo-
gies (ICT) are deployed across all levels of power systems. This has led to improvement in the
efficiency of systems, but this also make them vulnerable to cyberattacks. In 2015, a cyber-
attack against the Ukrainian power grid led to a loss of over 130 MW of load and more than
50 substations were affected(Liu et al., 2020).
The universal access to information, increasing connections and interdependencies be-
tween organizations and their ICT systems has led to the blurring of technical boundaries
between organizations and clients. Although, this provides a business advantage, it also in-
troduces a weakness from the cybersecurity point of view. These weaknesses are exploited
by cybercriminals. A lack of effective control over their access leads to organizations lending
themselves vulnerable to such attack(Hoffmann et al., 2020). There are studies that demon-
strate various attack techniques. A keyboard data protection technique using random keyboard
data generation is also suggested. An offensive machine learning-based technique could ob-
tain keyboard data with 96.2 % accuracy(Lee & Yim, 2020). Understanding these techniques
and preventing or mitigating these attacks would be advantageous. This article would discuss
this.
Ransomware attack is a subset of cyberattacks and hence an important piece in the cyber-
security puzzle. The threat of ransomware attacks continues to grow both in terms of number
of affected victims as well as the cost incurred by the people and organizations impacted in
a successful attack. There are only two options for the victims; pay the ransom or lose their
data. There are studies that say at some point in the execution of the ransomware attack, the
attacker will attempt to encrypt the users’ files. Some studies offer a solution by demonstrat-
ing techniques that can identify when these encrypted files are being generated. This would
apply to any ransomware(Davies et al., 2021).
An attack called WannaCry affected the British Health care system. Various solution are
provided but most of them have limitations(Bhagwat & Patil, 2020). WannaCry attack targets
the Windows operating system. This attack could be prevented by running a security patch that
Microsoft released. Those who didn’t run this security patch suffered. In addition to affecting
the British Health care system, this attack affected the Spanish mobile company, Telefonica.
Various solutions provided were updating the software and operating systems regularly, not
clicking on suspicious links, not opening untrusted email attachments, not downloading from
Academia Letters, February 2022 ©2022 by the author — Open Access — Distributed under CC BY 4.0
2
untrusted websites, and avoiding unknown USBs(Kaspersky, 2021).
There are approaches provided in literature to detect ransomware attacks. Signature-based
and heuristic-based detection approaches are fast and efficient. The problem is the signature-
based approaches sometimes fail to detect unknown ransomware. Other approaches like
behavior-based, model-checking based, and cloud-based approaches perform well for some
complicated and unknown malware. There are deep learning-based, mobile devices-based,
and IoT-based approaches can also detect some attacks. However, none of these approaches
are fool proof(Aslan & Samet, 2020).
Research articles on cybersecurity and ransomware started getting published around the
year 2016. There was research offering a defense plan to protect oil and gas automation and
control systems. Dynamic deception was the plan. It provided real-time visibility into threats
that have bypassed firewalls. Such a solution would confuse, delay, and redirect a cyberattack.
It would also reduce the attack detection time(Crandall, 2016). A socio-technical approach
to address ransomware attacks was also proposed. A four-step process was suggested to se-
cure electronic health record (EHR) system. These steps were 1) adequate system protection,
2) more reliable systems by implementing user-focused strategies, 3) monitoring computer
and application use continuously and 4) respond adequately to and recover quickly from ran-
somware attacks. The first step entailed ‘whitelisting’ specific programs that were allowed to
run. It was suggested to block email messages with weaponized attachments viz. *.exe, *.zip,
*.js, *.wsf, etc. The second step involved an approach to opening links and attachments. First
hover on the link, take a second to think, and only when sure, click. The third step provides a
superficial approach like conducting surveillance for suspicious activities or continuous mon-
itoring of the external environment. The fourth step suggests disconnecting the infected com-
puter from the network and turning off the wireless functionality of the infected machine. In
case of a widespread attack, the IT department should shut down all network operations(Sittig
& Singh, 2016).
While it is difficult to prevent cyberattacks and ransomware, the following steps can be
taken:
Operating systems, software, and firmware need to be updated with the latest patches.
User permissions for installing and running software applications need to be restricted. All
emails need to be scanned. Firewalls need to block access to known malicious IP addresses.
Training and awareness programs need to be conducted to educate teams. Having backups
will be useful.
Once cyberattack is detected, organizations need to isolate the infected device. Backups
need to be secured by taking them offline. All available log information needs to be collected.
Change online account and network passwords after removing the system from the network.
Academia Letters, February 2022 ©2022 by the author — Open Access — Distributed under CC BY 4.0
3
With all the above steps, the damage can be minimized.
Academia Letters, February 2022 ©2022 by the author — Open Access — Distributed under CC BY 4.0
4
References
Aria, M., & Cuccurullo, C. (2017). bibliometrix: An R-tool for comprehensive science
mapping analysis. Journal of Informetrics, 11(4), 959-975 %@ 1751-1577.
Aslan, Ö. A., & Samet, R. (2020). A comprehensive review on malware detection approaches.
Ieee Access, 8, 6249-6271 %@ 2169-3536.
Börner, K., Chen, C., & Boyack, K. W. (2003). Visualizing knowledge domains. Annual
review of information science and technology, 37(1), 179-255 %@ 0066-4200.
Casadesus-Masanell, R., & Ricart, J. E. (2011). How to design a winning business model.
Harvard Business Review, 89(1/2), 100-107.
Chen, G., & Xiao, L. (2016). Selecting publication keywords for domain analysis in biblio-
metrics: A comparison of three methods. Journal of Informetrics, 10(1), 212-223 %@
1751-1577.
Chen, G., Xiao, L., Hu, C.-p., & Zhao, X.-q. (2015). Identifying the research focus of
Library and Information Science institutions in China with institution-specific keywords.
Scientometrics, 103(2), 707-724 %@ 0138-9130.
Cobo, M. J., López‐Herrera, A. G., Herrera‐Viedma, E., & Herrera, F. (2011). Science
mapping software tools: Review, analysis, and cooperative study among tools. Journal
of the American Society for information Science and Technology, 62(7), 1382-1402 %@
1532-2882.
Crandall, C. (2016). New security solutions meet cybersecurity challenges [Article]. Pipeline
and Gas Journal, 243(3).
Cybersecurity Trends. (2021). 10 cyber security trends you can’t ignore in 2021. https://
purplesec.us/cyber-security-trends-2021/
Davies, S. R., Macfarlane, R., & Buchanan, W. J. (2021). Differential Area Analysis for
Ransomware Attack Detection within Mixed File Datasets. Computers & Security, 102377
%@ 100167-104048.
Dehghantanha, A., Karimipour, H., & Azmoodeh, A. (2021). Cybersecurity in Smart Farm-
ing: Canada Market Research. arXiv preprint arXiv:2104.05183.
Academia Letters, February 2022 ©2022 by the author — Open Access — Distributed under CC BY 4.0
5
Elango, B., & Rajendran, P. (2012). Authorship trends and collaboration pattern in the marine
sciences literature: a scientometric study. International Journal of Information Dissemi-
nation and Technology, 2(3), 166 %@ 2229-5984.
Ellegaard, O., & Wallin, J. A. (2015). The bibliometric analysis of scholarly production:
How great is the impact? Scientometrics, 105(3), 1809-1831 %@ 1588-2861.
Hoffmann, R., Napiórkowski, J., Protasowicki, T., & Stanik, J. (2020). Risk based approach
in scope of cybersecurity threats and requirements. Procedia Manufacturing, 44, 655-662
%@ 2351-9789.
Junquera, B., & Mitre, M. (2007). Value of bibliometric analysis for research policy: A case
study of Spanish research into innovation and technology management. Scientometrics,
71(3), 443-454 %@ 0138-9130.
Lee, K., & Yim, K. (2020). Cybersecurity threats based on machine learning-based offensive
technique for password authentication. Applied Sciences, 10(4), 1286.
Liu, Z., Wei, W., Wang, L., Ten, C.-W., & Rho, Y. (2020). An actuarial framework for power
system reliability considering cybersecurity threats. IEEE Transactions on Power Systems,
36(2), 851-864 %@ 0885-8950.
Mahler, T., Nissim, N., Shalom, E., Goldenberg, I., Hassman, G., Makori, A., Kochav, I.,
Elovici, Y., & Shahar, Y. (2018). Know your enemy: Characteristics of cyber-attacks on
medical imaging devices. arXiv preprint arXiv:1801.05583.
Morris, D., Madzudzo, G., & Garcia-Perez, A. (2020). Cybersecurity threats in the auto
industry: Tensions in the knowledge environment. Technological Forecasting and Social
Change, 157, 120102 %@ 120040-121625.
Nahmias, D., Cohen, A., Nissim, N., & Elovici, Y. (2020). Deep feature transfer learning
for trusted and automated malware signature generation in private cloud environments.
Academia Letters, February 2022 ©2022 by the author — Open Access — Distributed under CC BY 4.0
6
Neural Networks, 124, 243-257 %@ 0893-6080.
Nissim, N., Cohen, A., Wu, J., Lanzi, A., Rokach, L., Elovici, Y., & Giles, L. (2019). Sec-lib:
Protecting scholarly digital libraries from infected papers using active machine learning
framework. IEEE Access, 7, 110050-110073 %@ 112169-113536.
Nissim, N., Lahav, O., Cohen, A., Elovici, Y., & Rokach, L. (2019). Volatile memory analysis
using the MinHash method for efficient and secured detection of malware in private cloud.
Computers & Security, 87, 101590 %@ 100167-104048.
Okoli, C., & Schabram, K. (2010). A guide to conducting a systematic literature review of
information systems research.
Saharkhizan, M., Azmoodeh, A., Dehghantanha, A., Choo, K.-K. R., & Parizi, R. M. (2020).
An ensemble of deep recurrent neural networks for detecting iot cyber attacks using net-
work traffic. IEEE Internet of Things Journal, 7(9), 8852-8859 %@ 2327-4662.
Sakhnini, J., Karimipour, H., & Dehghantanha, A. (2019). Smart grid cyber attacks detection
using supervised learning and heuristic feature selection.
Sittig, D. F., & Singh, H. (2016). A socio-technical approach to preventing, Mitigating, and
recovering from Ransomware attacks [Article]. Applied Clinical Informatics, 7(2), 624-
632. https://doi.org/10.4338/ACI-2016-04-SOA-0064
Zupic, I., & Čater, T. (2015). Bibliometric methods in management and organization. Orga-
nizational Research Methods, 18(3), 429-472 %@ 1094-4281.
Academia Letters, February 2022 ©2022 by the author — Open Access — Distributed under CC BY 4.0