Attackers are always searching for new attack vectors and vulnerabilities. Most of these attacks target computing systems to gain access to information. In recent years a new type of cybercriminal focuses on monetary gain. Ransomware is one type of monetary gain tool used by cybercriminals. Identify at least three attacks that are current. What did they do? Where they successful? How where they spread? Would you recommend to a client to pay the ransom or not? How can you protect yourself from this type of attack?
ANSWER:
Ransomware is a type of malware program which use cryptography and threatens to issue the victim’s information or perpetually block access to it till the payoff is rewarded.
Ransomware focuses on monetary increase of the cybercriminals.
several types of ransomware are:
i.WannaCry ransomware :
Wannacry ransomware was a May 2017 cyberattack which targeted MS Windows systems by infecting them with the WannaCry ransomware cryptoworm and encrypted data and demanded ransom expenses in the Bitcoin cryptocurrency.
ii.Petya (malware) :
it is one more encrypting ransomware discovered in 2016 and target Microsoft Windows-based systems and infects the master boot record to implement a payload and encrypts a hard drive's file system table and prevents Windows from booting.
Petya(maleware) also demands the client to create a expense in Bitcoins to regain access to the system.
ii.Locky
it is another ransomware malware released in 2016 which is deliver by email and contains Microsoft Word document that contains malicious macros.
at what time the user enable macros and runs the file the actual encryption Trojan encrypt all files that match particular extensions.The hackers then demand 0.5 and 1 bitcoins for the files to be unlocked.
every one of the beyond 3 Ransomwares be successful until they were made conscious by the authorities.
The Ransomwares encrypted the system and users might not login and make use of the system and also a number of users were made to pay the ransom in the image of that they can unlock their system.
The Ransomwares mainly spread via emails, Ad-s, unverified downloads and other file transfer means.
No, would not recommend a client to pay the ransom as paying the ransom is unethical and paying the ransom also has no guarantee that the computer will be unlocked.
We can protect our self from this type of attack by maintaining security measures, installing OS patches and updates regularly, maintain security software on the systems and not visiting and downloading unknown and unsecured records and websites.
Attackers are always searching for new attack vectors and vulnerabilities. Most of these attacks target computing...
CHapter 8 from 978-0-13-408504-3 (Security in Computing 5th Edition) 1. Explain the differences between public, private, and community clouds. What are some of the factors to consider when choosing which of the three to use? 2. How do cloud threats differ from traditional threats? Against what threats are cloud services typically more effective than local ones? 3. You are opening an online store in a cloud environment. What are three security controls you might use to protect customers’ credit card...
A new version of the operating system is being planned for installation into your department’s production environment. What sort of testing would you recommend is done before your department goes live with the new version? Identify each type of testing and describe what is tested. Explain the rationale for performing each type of testing. [ your answer goes here ] Would the amount of testing and types of testing to be done be different if you were installing a security...
Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around risk and threat management, fostering an environment in which objectives seem clear: manage risk, manage threat, stop attacks, identify attackers. These objectives aren't wrong, but they are fundamentally misleading.In this session we'll examine the state of the information security industry in order to understand how the current climate fails to address the true needs of the business. We'll use those lessons as a foundation...
IT's About Business 4.1 The Heartbleed Bug What Is Heartbleed? OpenSSL, an open-source software package, is a popular type of transport layer security (TLS) software (discussed later in this chapter) that secures numerous websites around the world. Web servers use OpenSSL to encrypt sites. Such sites show up in browsers with a “lock” icon and the “https” prefix in the address bar. The encryption protects Internet sites offering banking, shopping, email, and other private communications. Roughly two out of three...