Abstract
This chapter discusses the formation of ransomware attacks, adaptive attack methodologies and how ransomware attacks can be classified. Analysis of the major ransomware attacks highlights why these cyberattacks have and continue to pose such a significant threat to critical infrastructure, governments, enterprises and individual citizens’ devices and networks. The following section of the chapter discusses common ransomware countermeasures, their limitations and alternative approaches to prevent and detect ransomware attacks. The final section briefly details some of the major ransomware attacks that have occurred and the rapid increase in attack volume and encryption sophistication since 2013.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Note: A zero-day exploit is the term used to describe a bug or vulnerability within a software or hardware platform that has not been reported to the product developer or to its users. See Ganame et al. (2017).
- 2.
Note: Whilst decryption can potentially be sped up further by the application of decryption tools such as password dictionaries and rainbow tables, the decryption process remains a mathematical process that ultimately may or may not be significantly influenced by the application of these decryption tools.
- 3.
Note: Whilst there are exceptions, cybercriminals are a business, and from that perspective when they threaten to leak a victims data, they must make good on that threat – their business model is reliant on the element of fear. In the same way, when their ransomware attack spreads, they are reliant on victims informing the next victim just to pay the ransom demand, and they will get their data back. If profit is the primary objective, then the attackers must remove any doubt from the victim’s mind in order to get paid.
- 4.
Note: Many organisations continue to assess their cyber risk periodical basis (i.e., quarterly or annually). Whilst organisations are increasingly monitoring their external environments, the processes required to alter their risk profiles and act on this information remain relatively underdeveloped.
- 5.
Note: For example, organisations may elect to use generic ISO risk management standards or more specialised cybersecurity risk management framework such as NIST 800, ISO27001, COBIT5, or a combination of multiple standards.
References
M. AL-Hawawreh, F. den Hartog, E. Sitnikova, Targeted ransomware: A new cyber threat to edge system of brownfield industrial Internet of Things. IEEE Internet Things J. 6(4), 7137–7151 (2019). https://doi.org/10.1109/JIOT.2019.2914390
Australian Signals Directorate, Australian Government Information Security Manual (Department of Defence, Canberra, 2020) Available online: https://www.cyber.gov.au/sites/default/files/2019-08/Australian%20Government%20Information%20Security%20Manual%20%28August%202019%29.pdf. Accessed 11 Aug 2019
Australian Cyber Security Centre, Strategies to Mitigate Cyber Security Incidents – Mitigation Details (Australian Signals Directorate, Canberra, 2018). Available online: https://www.cyber.gov.au/sites/default/files/2019-03/Mitigation_Strategies_2017_Details_0.pdf. Accessed 23 May 2018
M. Becher, F.C. Freiling, J. Hoffmann, T. Holz, S. Uellenbeck, C. Wolf, Mobile security catching up? revealing the nuts and bolts of the security of mobile devices, IEEE symposium on security and privacy (SP). Oakland, California, USA, 2011, 96–111
R. Bejtlich, The Practice of Network Security Monitoring: Understanding Incident Detection and Response (No Starch Press, San Francisco, 2013)
L. Clutterbuck, Terrorists have to be lucky once; targets, every time. Available online: https://www.rand.org/blog/2008/11/terrorists-have-to-be-lucky-once-targets-every-time.html. Accessed 12 May 2019
K. Ganame, M. Allaire, G. Zagdene, O. Boudar, Network behavioral analysis for zero-day malware detection – a case study, in First International Conference, ISDDC, (Springer, Vancouver, 2017)
A. Greenberg, A guide to Lockergoga, the ransomware crippling industrial firms, WIRED. (2019). Available online: https://www.wired.com/story/lockergoga-ransomware-crippling-industrial-firms/. Accessed 18 Apr 2019
B. Levin, D. Simpson, Ransomware. 4 Apr 2019. Available online: https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/ransomware-malware. Accessed 9 May 2019
J. Melton, Detecting ransomware through power analysis. Master of Science Electrical Engineering Naval Postgraduate School. (June 2018). Available online: https://calhoun.nps.edu/bitstream/handle/10945/59721/18Jun_Melton_Jacob.pdf?sequence=1&isAllowed=y. Accessed 11 Feb 2019
T. Micro, Best practices: Ransomware. (2017a). Available online: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/best-practices-ransomware. Accessed 5 May 2019
T. Micro, Ransomware. (2017b). Available online: https://www.trendmicro.com/vinfo/us/security/definition/ransomware. Accessed 18 May 2019
T. Moore, R. Clayton, R. Anderson, The economics of online crime. J. Econ. Perspect. 23(3), 3–20 (2009)
National Institute of Standards and Technology, Data integrity: Recovering from ransomware and other destructive events. 1800-11. National Institute of Standards and Technology. (2018). Available online: https://www.nccoe.nist.gov/publication/1800-11/index.html. Accessed 27 Apr 2018
L.H. Newman, Menancing malware shows the dangers of industrial sabotage, WIRED. (2018). Available online: https://www.wired.com/story/triton-malware-dangers-industrial-system-sabotage/. Accessed 23 Feb 2018
Palisse, A., H. Le Bouder, J.-L. Lanet, C. Le Guernic, A. Legay, Ransomware and the Legacy Crypto API, The 11th International Conference on Risks and Security of Internet and Systems. Roscoff, France, 5th–7th September 2016 (Springer, 2016)
Ponemon Institute, 2017 cost of cyber crime: Insights on the security investments that make a difference, (2017). Available online: https://www.accenture.com/t20170926T072837Z__w__/us-en/_acnmedia/PDF-61/Accenture-2017-CostCyberCrimeStudy.pdf. Accessed 23 May 2018
J.-L. Richet, Extortion on the Internet: The rise of Crypto-ransomware, Cybercrime. (2015). Available online: https://blogs.harvard.edu/jeanlouprichet/files/2015/07/Extortion_on_the_Internet_Rise_of_Crypto_Ransomware.pdf. Accessed 1 Aug 2019
P. Singer, A. Friedman, Cybersecurity and Cyberwar: What Everyone Needs to Know (Oxford University Press, New York, 2014)
M. Singleton, The World’s Fastest Supercomputer is back in America, The Verge. 12 June 2018 (2018) [Online]. Available online: https://www.theverge.com/circuitbreaker/2018/6/12/17453918/ibm-summit-worlds-fastest-supercomputer-america-department-of-energy. Accessed 18 Feb 2019
S. Stolfo, S. Bellovin, D. Evans, Measuring security. IEEE Secur. Priv.9(3), 88 (2011)
Symantec Security Center, What is ransomware? And how to help prevent it. (2019). Available online: https://us.norton.com/internetsecurity-malware-ransomware-5-dos-and-donts.html. Accessed 13 Jan 2020
United States Department of Commerce, National Institute of Standards and Technology Special Publication 800-53: Security and Privacy Controls for Information Systems and Organizations. National Institute of Standards and Technology. Available online: https://csrc.nist.gov/csrc/media/publications/sp/800-53/rev-5/draft/documents/sp800-53r5-draft.pdf. Accessed 3 May 2019
R. Wainwright, The ascent of the CISO, Deloitte Cyber. (2019). Available online: https://www2.deloitte.com/nl/nl/pages/risk/articles/the-ascent-of-the-ciso.html. Accessed 7 May 2019
J. Wolff, Classes of Defense for Computer Systems. Doctor of Philosophy in Engineering Systems: Technology, Management, and Policy Massachusetts Institute of Technology, June 2015
J. Wolff, You’ll See This Message When It Is Too Late: The Legal and Economic Aftermath of Cybersecurity Breaches (The MIT Press, Cambridge, 2018)
T. Zhang, H. Antunes, S. Aggarwal, Defending connected vehicles against malware: Challenges and a solution framework. IEEE Internet Things J.1(1), 10–21 (2014)
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Ryan, M. (2021). Genesis of Ransomware. In: Ransomware Revolution: The Rise of a Prodigious Cyber Threat. Advances in Information Security, vol 85. Springer, Cham. https://doi.org/10.1007/978-3-030-66583-8_2
Download citation
DOI: https://doi.org/10.1007/978-3-030-66583-8_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-66582-1
Online ISBN: 978-3-030-66583-8
eBook Packages: Computer ScienceComputer Science (R0)