LITERATURE REVIEW

CHAPTER 2. LITERATURE REVIEW

I need to add one more study or two and fill their gaps based on my research questions.

Ransomware is considered a new phenomenon in cybercrime, and it is having a major impact on today’s society. The global threat from ransomware attacks has led to huge concerns among large institutions, including IT security companies, cybersecurity professionals, and governmental agencies (Kharraz, Robertson, Balzarotti, Bilge, & Kirda, 2015).This literature review includes prior studies, books and peer-reviewed articles related to ransomware network-based analysis, although some of these may not be very adequate and sufficient to provide assistance in preventing future attacks. Only a few studies have examined ransomware attacks, and how these attacks could potentially affect the economies of countries. Much of the prior studies have struggled to investigate the purpose behind its propagation all over the world. For instance, a large number ofprevious studies have failed to address the issues behind its rapid growth, instead they have focused on alternative solutions such as recovery plans and detection.

Don't use plagiarized sources. Get Your Custom Essay on
LITERATURE REVIEW
Just from $13/Page
Order Essay

This literature review will first examine previous researches to measure their outcomes in detecting ransomware especially in its early stages, and also how to provide effective prevention strategies. Previous techniques and methods that have been used to infect computers with malicious files will also be explored from among these previous studies to help attain a better understanding of the ransomware process. Understanding the dynamics of the ransomware phenomena will help in developing a strong analysis of previous and new attack methods.

Prior Research

Research conducted by Muslim, Dzulkifli, Nadhim, and Abdellah (2019) sought to provide a comprehensive study of ransomware attacks, including both the history behind its evolution and some useful strategies for prevention. The study starts by defining the role of ransomware for encrypting other users’ files and data to demand money. It has been conclusively shown that the evolution of ransomware has impacted the growth of our societies by disrupting business operations and damaging computer systems. It started with the first ransomware attack, which was in 1989, called AIDS Trojan. This type of ransomware was poorly implemented and propagateddue to the fact that there were a low percentage of computersat that point in time. Years later, malicious ransomware was developed by hackers and became more efficient since cybercriminals started receiving payments via untraceable channels. Ensuring that identities are hidden is the successful key factor of digital currency, which led to the emergence of a new currency called Bitcoin. Bitcoin is a preeminent cryptocurrency that was invented in 2008 by an unknown person seeking to form a lottery-based system (Yermack, 2015)The modern version of ransomware that the authors have detailed based on its evolution is known as Crypto-Locker,which was created by Slavik. Crypto-Locker is considered to be an advanced type of ransomware attack that has multiple functions, like implementing the encryption of files and locking a screen, along with leaving notes requesting a payment at the same time. The literature indicates that the evolution of ransomware is still showing strong developments until today by creating new, different viruses.

Major types of Ransomware

Moving onwards, the research has tended to focus on illustrating the different types and phases of ransomware to identify the reason behind its growth. The three basic types of ransomware are Hybrid, Locker Ransomware, and Crypto Ransomware,which is considered to have the largest impact on businesses (Muslim, Dzulkifli, Nadhim, &Abdellah, 2019). Hybrid ransomware mainly functions to maximize profits as much as possible by encrypting a computer’s system and locking every device that has been targeted. Whereas, Crypto Ransomware is about locking only specific files on a computer rather than not enabling individuals to control their devices or operating entirely. The last type is Locker Ransomware, which is implemented to prevent a computer user from running his/her system, and to access files at the same time until the ransom is paid. This type of ransomware has a different procedure for encrypting internet users through sending spam via emails that have malicious attachments. These three types are known as the most threatening attacks that usually target both individuals and organizations for the sake of making money and stealing sensitive information.

Phases of Ransomware

In addition to the major types of ransomware, five phases of ransomware attacks can be noted, which are as follows: exploitation, delivery and execution, damaging backup files, encrypting of files, and lastly, notifying users and demanding money(Muslim, Dzulkifli, Nadhim, &Abdellah, 2019). Understanding each phase will help to mitigate the effect of the attacks and reach a successful protection approach.

Figure 4: Stages of ransomware attacks Adapted from “Systematic literature review and metadata analysis of ransomware attacks and detection mechanisms”. Retrieved from https://doi.org/10.1007/s40860-019-00080-3

Crypto and Locker Ransomware

The methodology of the study of the study by Muslim et al (2019) involved collecting secondary data from Symantec to measure the impact of both Crypto and Locker ransomware attacks among different countries. The result, as shown in the study, indicates that the United States has remained the country most affected by ransomware attacks. Therefore, this shows that the U.S is the most valuable country to be hit by cyber-attacks because of its economic development. The discussion in the study provides some strategies for ransomware prevention to help mitigatethe vast majority of risks from such cyber-attacks. Furthermore,the purpose of this paper was to understand the evolution process of ransomware in order to help society to be better informed about cybercrime. In relation to efficacy of the method, Muslim, Dzulkifli, Nadhim andAbdellah(2019) only investigated the two ransomware attacks (Crypto and Locker) and failed to address other emerging security threats, which has led to neglecting theelimination of crimeware in its tracks, either now or in the future. Even so, the strength of the study is that it has provided detailed information regarding how ransomware works to encrypt IT systems, with alternative preventiontechniques suggested. Moreover, the findings of this study must be examined in light of some potential limitations, for example, one of the major limitations that could be addressed in future research is that the method of analysis and the techniques used provided a framework for understanding only two specific types of ransomware attacks that frequently affect the United States, and focusing only on specific types of attack could cause a lack of attention being paid to other emerging factors that need to be eliminated to overcome the issue of ransomware propagation. While several studies have addressed only previous attacks’ methods, this research aims to identify effective strategies to reduce the possibility of all recent existing cyberthreats based on both quantitative and qualitative analysis. These methods will be explored in the following to understand and highlight the phenomena and to fulfill the need for future additional research.

 

 

 

Cuckoo SandboxProcess Monitor Programs

An initial study conducted by Kardile (2017) presents a new dynamic approach for the analysis of ransomware in order to help in detecting encryption issues. Cuckoo Sandbox and Process Monitor are the two programs that have been implemented to provide a safelaboratory environment and detect any suspicious activities such as identifying ransomware in its early stages before being encrypted(Kardile, 2017). The ultimate goal of these analysis programs is to track an unknown and untrusted source into an isolated file, thereby preventing malware attacks before they occur. According to OktaviantoandMuhardianto(2013), “Cuckoo is an open source automated malware analysis system that allows you to perform analysis on sandboxing malware” (p.34). It is mainly used to identify polymorphic analysis and to determine risky behavior that can be produced from an IP address, and file hashes of malware (Chen & Bridges, 2017). The program has been designed and developed to innovate new methods for analyzing files such as URLs, PDF documents, Microsoft Office documents, and so on. Cuckoo can achieve several types of results, including the following;

  • Making full memory dumps from the machines.
  • Network traffic trace in PCAP format.
  • Restoring all files that have been either created or deleted by malware during its effects.

In addition to the Cuckoo program, which handles malware execution, Process Monitor is another program that has been created by Windows Sysinternals, which records all actions that may affect the functioning of Microsoft Windows (see Figure 5 below) (Kruger, Chen, & Sandoz, 2006).

Figure 5: How Process Monitor works[Digital image]. (n.d.). Retrieved from https://borncity.com/win/2017/01/03/process-monitor-how-to-enable-windows-10-boot-logging/

Kardile(2017) states that this type of program mainly functions to identify unusual process behavior within a computer, like analyzing some suspicious malware and hunting for it. It is also designed to track and monitor all calls received by the system, or even network activities, in order to accomplish finding a hack that a computer user may not be aware of. There are several features of using Process Monitor, including filtering any suspicious events to avoid encryptions, and control over a system’s processes to identify and delete any viruses(Kardile, 2017). This shows the importance of the Windows platforms in protecting users against malicious software.

Kardile (2017)utilized data samples listed from VirusTotal where the author was able to analyze around 479 ransomware cases in order to measure the detection rate of using both the Process Monitor and Cuckoo platforms. VirusTotal is a free tool implemented to diagnose files and URLs from any malicious substances. In addition, Kardile (2017) examined a list from MD5 associated with VIrusTotal, and if these lists had been alerted from at least four antivirus platforms, he considered them to be ransomware samples. This procedure helps to filter out any untrusted sources and also to focus on monitoring the access of a file system, which leads to detecting any malicious attacks. The study’s results indicate that that was about a 96.7% rate of detection, and this success was due to the use of the two Windows platforms (Process Monitor and Cuckoo), as which they provide a better performance, especially on malware analysis systems. This finding has implications for limiting any untrustworthy sources from expanding and infecting computer users with malicious ransomware. There are several possible explanations for this result. For instance, if a person experiences a lack of awareness of such external cyber-attacks, these monitoring programs will help alert suchindividuals of any attempted encryptions so it can be solved immediately. Moreover, the detection rate was based on evaluating samples in real-world data feed with the probability of false rejection, which makes the results more reliable and accurate.

Kardile’s research has investigated some techniques for detecting either insignificant or technically sophisticated ransomware attacks. One practical advantage of this method is that it can be used in future prevention strategies to limit the propagation of ransomware. One of the primary benefits of this approach is to identify any malicious samples in its early stages before interacting with other file systems. However, the research was limited only to addressing prevention strategies and did not consider other important cybercrime issues related to ransomware, such as the reason behind its propagation. In order to overcome the problem of ransomware in the future, it is necessaryto understand the dynamic of ransomware first by providing better information related to the motivation of criminals that could be eliminated afterward.

Research Questions

Q1: Who are the victims in ransomware attacks and what is their vulnerability from these attacks?

Q2: Which states are the most vulnerable within the US in terms of number of cases, victim loss, and subject counts?

Q3: What is the response of the Federal Government to deal with ransomware attacks?      

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Q3: What is the response of the Federal Government to deal with ransomware attacks?      

The answer below is about the state level. Instead I need an answer from the federal level and this link might be helpful for the answer

file:///C:/Users/Ayidh/Downloads/Ransomware%20Prevention%20and%20Response%20for%20CISOs%20(1).pdf

Both local and state law enforcement have not made a sufficient effort to address cybersecurity vulnerabilities and reduce their risk. They do not always support paying ransoms because payment does not guarantee data being recovered. Instead, as informed by local agencies, it encourages cyber-criminals to target more victims all over the world. Due to the numerous cyber onslaughts against the U.S’ networks and systems, the Governor of California signed an executive order to establish the California Cybersecurity Integration Center (Cal-CSIC) during the year 2015 (Hubbard). The new center is made up of from four agencies, which are the Office of Emergency Services (OES), California National Guard, the California Department of Technology, and California Highway Patrol. The primary mission of Cal-CSIC is to serve as the central organizing hub that aims to reduce the possibility and severity of cyber incidents that could have a negative impact on California’s economy, networks and organizations. They also coordinate with other institutions by sharing important information regarding cybersecurity activities. According to Hubbard (2020), the intensive cyber onslaught needs to have a cyber leadership in order to defend against major cyber-attacks and to provide alternative operational plans in case of the freezing a network system. Not only will a centralized coordination mechanism between private and public entities across the state during a cyberattack limit the impact of the severity of incidents, but it will also help to ensure a speedy recovery (Tresh&Kovalsky, 2018).

For most ransomware attacks in 2019, the Cal-CSIC did not advocate paying a ransom because it would encourage criminals to launch more attacks (Tresh&Kovalsky, 2018). Also, there are certain strategic procedures that CSIC follows once they receive a cyber incident report. Threat response, affected entity response, intelligence support, and asset response are the four major lines that are investigated and responded to during and after any cyber onslaught (California-Joint Cyber Incident Response Guide 2018). These lines are well implemented to guide planning and response to a multiple cyber incident in order to provide stability to the state prior to any future threats.

 

5- write a limitation for my study if you can such as ( Lack of previous studies in the research area, limited access to ransomware incidents, companies are afraid to report in order to protect their reputation.

The Homework Labs
Calculate your paper price
Pages (550 words)
Approximate price: -

Our Advantages

Plagiarism Free Papers

We ensure that all our papers are written from scratch. We deliver original plagiarism-free work. To guarantee this, we submit all work alongside a plagiarism report.

Free Revisions

All our papers are completed and submitted before the deadline. We ensure this to provide you with enough time to go through the work and point out any sections or topics that may need revision or polishing. We provide unlimited revision services for free.

Title-page

All papers have a title page providing your personal and institutional information. We do not charge you for this title page.

Bibliography

All papers have a bibliography or references page. This page is a requirement for academic and professional documents. We provide this page at no cost for all our papers.

Originality & Security

At Thehomeworklabs, we guarantee the confidentiality and security of your information. We value our clients and take confidentiality seriously. All personal information is treated with confidentiality and stored safely to ensure that no third parties gain access to it. We also provide original work and attach an originality/plagiarism report alongside all papers.

24/7 Customer Support

Our customer support team is available 24/7 to provide you with any necessary assistance when you need it. You can contact us at any time, day or night, via email or through the live chat button.

Try it now!

Calculate the price of your order

Total price:
$0.00

How it works?

Follow these simple steps to get your paper done

Place your order

Fill in the order form and provide all details of your assignment.

Proceed with the payment

Choose the payment system that suits you most.

Receive the final file

Once your paper is ready, we will email it to you.

Our Services

We provide our customers with the best experience in the academic and business writing field.

Pricing

Flexible Pricing

We provide the best quality of service at affordable prices. We also allow our clients to make partial payments for their orders. You can also contact our customer support team in case you need to discuss a different payment plan.

Communication

Admission help & Client-Writer Contact

We realize that sometimes clarification is necessary to ensure that quality work is done. Therefore, we provide a button for clients and writers to communicate in case some clarification is needed.

Deadlines

Paper Submission

We ensure that we submit all papers ahead of their respective deadlines. This allows you to go through the documents and request any revision, corrections, or polishing before the paper is due.

Reviews

Customer Feedback

We encourage customer feedback, positive or negative. We can identify the various areas that we need to improve to provide even better services through your feedback. Please feel free to give us feedback.