Genesis of Ransomware

Ryan, Matthew

doi:10.1007/978-3-030-66583-8_2

Matthew Ryan³

Part of the book series: Advances in Information Security ((ADIS,volume 85))

1723 Accesses

Abstract

This chapter discusses the formation of ransomware attacks, adaptive attack methodologies and how ransomware attacks can be classified. Analysis of the major ransomware attacks highlights why these cyberattacks have and continue to pose such a significant threat to critical infrastructure, governments, enterprises and individual citizens’ devices and networks. The following section of the chapter discusses common ransomware countermeasures, their limitations and alternative approaches to prevent and detect ransomware attacks. The final section briefly details some of the major ransomware attacks that have occurred and the rapid increase in attack volume and encryption sophistication since 2013.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 149.00; Price excludes VAT (USA)

Softcover Book: USD 199.99; Price excludes VAT (USA)

Hardcover Book: USD 199.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
Note: A zero-day exploit is the term used to describe a bug or vulnerability within a software or hardware platform that has not been reported to the product developer or to its users. See Ganame et al. (2017).
2.
Note: Whilst decryption can potentially be sped up further by the application of decryption tools such as password dictionaries and rainbow tables, the decryption process remains a mathematical process that ultimately may or may not be significantly influenced by the application of these decryption tools.
3.
Note: Whilst there are exceptions, cybercriminals are a business, and from that perspective when they threaten to leak a victims data, they must make good on that threat – their business model is reliant on the element of fear. In the same way, when their ransomware attack spreads, they are reliant on victims informing the next victim just to pay the ransom demand, and they will get their data back. If profit is the primary objective, then the attackers must remove any doubt from the victim’s mind in order to get paid.
4.
Note: Many organisations continue to assess their cyber risk periodical basis (i.e., quarterly or annually). Whilst organisations are increasingly monitoring their external environments, the processes required to alter their risk profiles and act on this information remain relatively underdeveloped.
5.
Note: For example, organisations may elect to use generic ISO risk management standards or more specialised cybersecurity risk management framework such as NIST 800, ISO27001, COBIT5, or a combination of multiple standards.

References

M. AL-Hawawreh, F. den Hartog, E. Sitnikova, Targeted ransomware: A new cyber threat to edge system of brownfield industrial Internet of Things. IEEE Internet Things J. 6(4), 7137–7151 (2019). https://doi.org/10.1109/JIOT.2019.2914390
Google Scholar
Australian Signals Directorate, Australian Government Information Security Manual (Department of Defence, Canberra, 2020) Available online: https://www.cyber.gov.au/sites/default/files/2019-08/Australian%20Government%20Information%20Security%20Manual%20%28August%202019%29.pdf. Accessed 11 Aug 2019
Google Scholar
Australian Cyber Security Centre, Strategies to Mitigate Cyber Security Incidents – Mitigation Details (Australian Signals Directorate, Canberra, 2018). Available online: https://www.cyber.gov.au/sites/default/files/2019-03/Mitigation_Strategies_2017_Details_0.pdf. Accessed 23 May 2018
M. Becher, F.C. Freiling, J. Hoffmann, T. Holz, S. Uellenbeck, C. Wolf, Mobile security catching up? revealing the nuts and bolts of the security of mobile devices, IEEE symposium on security and privacy (SP). Oakland, California, USA, 2011, 96–111
Google Scholar
R. Bejtlich, The Practice of Network Security Monitoring: Understanding Incident Detection and Response (No Starch Press, San Francisco, 2013)
Google Scholar
L. Clutterbuck, Terrorists have to be lucky once; targets, every time. Available online: https://www.rand.org/blog/2008/11/terrorists-have-to-be-lucky-once-targets-every-time.html. Accessed 12 May 2019
K. Ganame, M. Allaire, G. Zagdene, O. Boudar, Network behavioral analysis for zero-day malware detection – a case study, in First International Conference, ISDDC, (Springer, Vancouver, 2017)
Google Scholar
A. Greenberg, A guide to Lockergoga, the ransomware crippling industrial firms, WIRED. (2019). Available online: https://www.wired.com/story/lockergoga-ransomware-crippling-industrial-firms/. Accessed 18 Apr 2019
B. Levin, D. Simpson, Ransomware. 4 Apr 2019. Available online: https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/ransomware-malware. Accessed 9 May 2019
J. Melton, Detecting ransomware through power analysis. Master of Science Electrical Engineering Naval Postgraduate School. (June 2018). Available online: https://calhoun.nps.edu/bitstream/handle/10945/59721/18Jun_Melton_Jacob.pdf?sequence=1&isAllowed=y. Accessed 11 Feb 2019
T. Micro, Best practices: Ransomware. (2017a). Available online: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/best-practices-ransomware. Accessed 5 May 2019
T. Micro, Ransomware. (2017b). Available online: https://www.trendmicro.com/vinfo/us/security/definition/ransomware. Accessed 18 May 2019
T. Moore, R. Clayton, R. Anderson, The economics of online crime. J. Econ. Perspect. 23(3), 3–20 (2009)
Article Google Scholar
National Institute of Standards and Technology, Data integrity: Recovering from ransomware and other destructive events. 1800-11. National Institute of Standards and Technology. (2018). Available online: https://www.nccoe.nist.gov/publication/1800-11/index.html. Accessed 27 Apr 2018
L.H. Newman, Menancing malware shows the dangers of industrial sabotage, WIRED. (2018). Available online: https://www.wired.com/story/triton-malware-dangers-industrial-system-sabotage/. Accessed 23 Feb 2018
Palisse, A., H. Le Bouder, J.-L. Lanet, C. Le Guernic, A. Legay, Ransomware and the Legacy Crypto API, The 11th International Conference on Risks and Security of Internet and Systems. Roscoff, France, 5th–7th September 2016 (Springer, 2016)
Google Scholar
Ponemon Institute, 2017 cost of cyber crime: Insights on the security investments that make a difference, (2017). Available online: https://www.accenture.com/t20170926T072837Z__w__/us-en/_acnmedia/PDF-61/Accenture-2017-CostCyberCrimeStudy.pdf. Accessed 23 May 2018
J.-L. Richet, Extortion on the Internet: The rise of Crypto-ransomware, Cybercrime. (2015). Available online: https://blogs.harvard.edu/jeanlouprichet/files/2015/07/Extortion_on_the_Internet_Rise_of_Crypto_Ransomware.pdf. Accessed 1 Aug 2019
P. Singer, A. Friedman, Cybersecurity and Cyberwar: What Everyone Needs to Know (Oxford University Press, New York, 2014)
Book Google Scholar
M. Singleton, The World’s Fastest Supercomputer is back in America, The Verge. 12 June 2018 (2018) [Online]. Available online: https://www.theverge.com/circuitbreaker/2018/6/12/17453918/ibm-summit-worlds-fastest-supercomputer-america-department-of-energy. Accessed 18 Feb 2019
S. Stolfo, S. Bellovin, D. Evans, Measuring security. IEEE Secur. Priv.9(3), 88 (2011)
Article Google Scholar
Symantec Security Center, What is ransomware? And how to help prevent it. (2019). Available online: https://us.norton.com/internetsecurity-malware-ransomware-5-dos-and-donts.html. Accessed 13 Jan 2020
United States Department of Commerce, National Institute of Standards and Technology Special Publication 800-53: Security and Privacy Controls for Information Systems and Organizations. National Institute of Standards and Technology. Available online: https://csrc.nist.gov/csrc/media/publications/sp/800-53/rev-5/draft/documents/sp800-53r5-draft.pdf. Accessed 3 May 2019
R. Wainwright, The ascent of the CISO, Deloitte Cyber. (2019). Available online: https://www2.deloitte.com/nl/nl/pages/risk/articles/the-ascent-of-the-ciso.html. Accessed 7 May 2019
J. Wolff, Classes of Defense for Computer Systems. Doctor of Philosophy in Engineering Systems: Technology, Management, and Policy Massachusetts Institute of Technology, June 2015
Google Scholar
J. Wolff, You’ll See This Message When It Is Too Late: The Legal and Economic Aftermath of Cybersecurity Breaches (The MIT Press, Cambridge, 2018)
Book Google Scholar
T. Zhang, H. Antunes, S. Aggarwal, Defending connected vehicles against malware: Challenges and a solution framework. IEEE Internet Things J.1(1), 10–21 (2014)
Article Google Scholar

Download references

Author information

Authors and Affiliations

Maroubra, NSW, Australia
Matthew Ryan

Authors

Matthew Ryan
View author publications
You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Ryan, M. (2021). Genesis of Ransomware. In: Ransomware Revolution: The Rise of a Prodigious Cyber Threat. Advances in Information Security, vol 85. Springer, Cham. https://doi.org/10.1007/978-3-030-66583-8_2

Download citation

DOI: https://doi.org/10.1007/978-3-030-66583-8_2
Published: 25 February 2021
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-66582-1
Online ISBN: 978-3-030-66583-8
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics