Case Study: The Ransomware Threat

The Ransomware Threat

Columbia Southern University

Facts

A ransomware threat is when malware is put on a computer that stops the user from using it to get to files or to use it at all (Glassberg, J. (2015)). Crypto-ransomware and winlocker ransomware are two types of commonly used ransomware. Crypto-ransomware encrypts all the files on a computer and stops the used from accessing them. Winlocker ransomware stops a user from using the computer itself. The ransomware has disabled the computer’s boot up function or has created a pop-up window that cannot be removed. The only way to get rid of the malware is by getting the key or password from the criminal that infected the computer (Glassberg, J. (2015)).

The person that is behind the malware are usually organized and sophisticated, unlike a normal hacker (Glassberg, J. (2015)). If the criminal has put malware on a computer they are have most likely developed it themselves, and it is very unlikely that they bought malware from the dark web known crimeware because they are not that many people that sell it. These hackers are most likely a part of an organized crime group, and very skilled seasoned hackers.

Issues

In the past couple of year’s law enforcement agencies have been targeted by ransomware attacks. They were locked out of their computers and were not able to access their most sensitive files and cases. One method used is when the hacker would send a phishing email to the computer intended for the hack. At that point the user of the computer would open the email the malware would start to download. There are more subtle methods that hacker have been turning to recently. The first one is called the drive-by download. The drive-by download is when a website is compromised by hacked who load it with malicious malware that attack users who visit the website. When the user enters the website the ransomware starts to download (Glassberg, J. (2015)). The second method is called botnet. Botnet is a group of computers that have a certain type of malware on it, and allows a criminal to remotely access them or control them. Botnets are sold on the dark web by hackers. Botnets are commonly used by gangs so they can infect someone with the malware without them knowing.

Solutions

It is said that the best way to defend against a ransomware threat is to focus on how to limit the damage caused by a hacker, and not actually trying to prevent the attack to start with. Ransomware attacks are very hard to prevent, because at some point a computer gets infected with a virus, and has to get it removed. An antivirus program will not be able to detect it if you have one. No one can keep their computer one hundred percent virus free all of the time (Glassberg, J. (2015)). To prevent ransomware from attacking make sure all computers are up-to-date on browser plug-ins, software programs, and operating systems. Make sure computers are set to auto-update when new versions of software are released. The network should have an up-to-date firewall. Having an aggressive malware detection protection is highly recommended. Finally, restricting inbound emails through whitelisting programs (which help prevent phishing), and using script blocking plugins in the internet browser to prevent from web-based attacks (Glassberg, J. (2015)).

When a computer is attacked it should be turned off, and the network it was on should turned off also. Then contact a cyber security company that specializes in data breaches to see if it is possible to remove the malware. To control the backlash from ransomware attack is to back-up all your data from your computer, and onto an external hard drive. Back-up your data regularly, and on a daily basis. Have multiple back-up devices, and make sure that your back-up drives are not on the same network as your computer. Law enforcement departments should separate their network into different divisions so that the ransomware will only infect the computers that are on the network that they attacked.

Cybercrime

There is a name for the type of cybercrime that is involved in ransomware. The name is malware where a malicious software, and can be downloaded when people open an in email attachment or click a suspicious link in an email. If someone were to be caught doing a ransomware threat it would be charged as malicious software for cybercrime.

References

Glassberg, J. (2015). The ransomware THREAT. Law Enforcement Technology, 42(9), 33-35. Retrieved from https://search-proquest-com.libraryresources.columbiasouthern.edu/docview/1710650597?accountid=33337

Schmalleger, F. (2016). Criminology 3rd edition. (pgs. 257-258) Pearson. Hoboken:NJ