Evading Rise of Ransomware
Security can be termed as protection from unwanted harm or unwanted resources. Information security protects the data from unauthorized users or access. It can also be termed as an important asset for any organization which plays a vital role. In earlier days it was difficult to identify ransomware before it enters or attacks the user’s system. These attacks would damage the mail servers, databases, expert systems, and confidential systems. In this paper, we propose the analysis and detection of ransomware which will have a major impact on business continuity.
RANSOMWARE
Lately, with the extensive usage of the internet, cybercriminals are rapidly growing targeting naïve users thru threats and malware to generate a ransom. Currently, this ransomware has become the most agonizing malware. Ransomware comprises of two. They are locker ransomware and crypto-ransomware. Of them, crypto-ransomware is the most familiar type that aims to encrypt users‟ data and locker ransomware prevent the users from accessing their data by locking the system or device. Both types of a ransomware demand a ransom payable via electronic mode for restoring the access of the data and system. Locker ransomware claims fee from the victims in terms of fine for downloading illegal content as per their fake law enforcement notice. Crypto ransomware has a time limit that warns the victims to pay the ransom within the given time else the data will be lost forever.
Spreading of ransomware is possible by the following methods:
- Phishy e-mail messages with malicious file attachments;
- Software patches that download the threat into the victim’s machine whilst working online.
Spreading of Ransomware Attack
- Phishing emails: The most common way of spreading Ransomware is thru phishing emails or spam emails. These mails include a .exe file or an attachment, which when opened launches ransomware on the victim’s machine.
- Exploit kits: these are the compromised websites planned by the attackers for malicious use. These exploit kits search for vulnerable website visitors to download the ransomware onto their machine.
VULNERABILITY ASSESSMENT AND TOOLS
The vulnerability can be termed as unsafe or unauthorized access by an intruder into an unprotected or exposed network. Common vulnerabilities are worms, viruses, spyware applications, spam emails, etc. Vulnerability Assessment is the most important technique that is conducted to rate the spontaneous attacks or risks that occur in the system thereby affecting the business continuity of an organization. Vulnerability assessment has many steps such as
- Vulnerability analysis
- Scope of the vulnerability assessment
- Information gathering
- Vulnerability identification
- Information Analysis and
- Planning
Assessment Tools
Vulnerability assessment which is nothing but testing can be carried out by best-known tools which are called vulnerability assessment tools. These tools are used to mitigate the identified vulnerabilities such as investigating unethical access to copyrighted materials, policy violations of the organizations‟ etc. The red alert issue about the vulnerability assessment is that it warns us about the vulnerability before the system is compromised and helps us in avoiding or preventing the attack. These vulnerability assessment tools can also be categorized as proactive security measures of an organization. The major step of the vulnerability assessment is the accurate testing of a system. The major step of the vulnerability assessment is the accurate testing of a system. If overlooked, it might lead to either false positives or false negatives. False-positive can be presumed as quicksand where we can’t find what we are searching for. False-negative can be presumed as a black hole where we don’t know what we want to search for. False positives can be rated as a significant level in testing.
Common Vulnerability Assessment Tools
- Vulnerabilities are the most crucial part of information systems. An error in configuration or violation of a policy might compromise a network in an organization. These attacks can be for personal gain or corporate gain.
- Not only the local area networks but also the websites are also more susceptible to attacks where the systems can be exploited either by the insiders or outsiders of an organization.
- Some of the very commonly used vulnerability assessment tools are listed below:
- Wireshark
- Nmap
- Metasploit
- OpenVAS
- AirCrack
Limitations of Existing Vulnerability Assessment Tools
The concept of false positives is the dangerous and horrendous limitation of the existing vulnerability assessment tools. These false positives require lots of testing and study for assessing the nature of the errors that occurred, which is a very expensive and time taking process. All the identification-related information mostly leads to false positives.
Penetration Testing
- Penetration Testing also called as Pen Test is an attempt to assess a malicious activity or any security breach by exploiting the vulnerabilities.
- It includes the testing of the networks, security applications and processes that are involved in the network.
- Penetration testing is done to improve the performance of the system by testing the system’s efficiency.