Malware is a group of software that has features meant to cause harm to a user’s computer or network that offers services. Among viruses, spyware, and ransomware, ransomware has proven to produce sophisticated attack vectors, including numerous alterations that have caused adverse effects on a broad range of industries (Reshmi, 2021).
Different trends within the network on information security exploits revolve around ransomware. On the other hand, malware exists in various variants that influence operating systems. Ransomware exhibits different features that affect information security in operating systems. This research paper attempts to describe ransomware as a complex malware and its characteristics. The report also discusses the factors, prevalence, detection, prevention, and mitigation strategies against malicious software.
Causes and Occurrence and Effects of Ransomware Attacks
The use of outdated windows operating systems significantly exposes an organization to ransomware attacks. Most PCs in government institutions use obsolete operating systems hence vulnerable to various types of ransomware attacks. For instance, India has continued to be a suitable target of ransomware attacks, especially on businesses, due to the prevalence of outdated Windows operating systems (Reshmi, 2021).
A significant number of PCs in government departments also face ransomware attacks due to the failure of regular Windows updates. Insufficient education and training on ransomware and other malware attacks in organizations make employees vulnerable to cybercriminals. Port of San Diego and COSCO attacks resulted from the unhygienic operation of operating systems that enable the malware to penetrate through spam email campaigns (Reshmi, 2021). The unknowledgeable workers open and download malicious attachments.
Cyber-attacks can cause devastating effects on the normal operations of organizations. For instance, cyberattacks in Texas crippled the computer systems of two cities due to the inefficiency of the municipalities against advanced hackers. Florida and Maryland have also faced ransomware attacks that have cost millions of dollars in ransoms that the vulnerable towns had to pay (Robles, 2017). Such crippling computer systems that stall the effective operation of organizations and institutions are more disastrous since it has no specific department to be accountable for.
Characteristics of Ransomware
Ransomware executes its activities in different forms from other malicious software during its attack. The malware uses different vectors to attack, including malicious advertisements, compromised sites, spamming, social engineering, and drive-by downloads (Javaheri et al., 2018). The infection due to the malware occurs in locally or remotely stored files or in memory. However, a new variant can go file-less and affect the memory, which cannot be detected by static or dynamic malware inquiry.
The ransomware malware encrypts only a few bytes of files to remain unnoticed during the initial stages of the attack before changing the file extensions in the final phases of infection. The malware uses notes in the form of images, texts, or HTML files to become identifiable, leading to login denial to the computer.
The ransomware dominantly infects and compromises computers that use Windows Operating System (OS). The malware’s effect is similar among systems like IoT devices, mobile gadgets, and personal computers. The malware has a characteristic impact that includes encryption of the files, altering the Master Boot Record, deleting files, stealing information, and escalating privileges (Chen, 2017).
Ransomware has a characteristic ability to access more files than the normal system operations, after which it inserts new values that cause access denial or file deletes. The malware also can delete the canary files, which are significant to the Anti-ransomware software, hence avoiding its detection. The malware is also capable of cracking the access limitations and getting access to network servers, resulting in encryption or deletion of files or backups.
Variants of Ransomware
Ransomware has alternates that make it intensively dangerous to communication systems and also challenging to detect. The two dominant variants include Crypto, which encrypts all the user data files and demands to sharing of the key for decryption. The Locker ransomware exhibits a privilege intensification approach using several management applications and limits the resources accessible to the users. Ransomware variants started to appear a few decades ago, such as the PC Cyborg in December 1989 (Reshmi, 2021).
Locker ransomware includes SMs and Fake FBI which began in 2004. Other examples of ransomware variants are Cryptolocker, Cryptowall, File Coder, and GPCode encr
Struggling with online classes or exams? Get expert help to ace your coursework, assignments, and tests stress-free!