GRD Journals- Global Research and Development Journal for Engineering | Volume 5 | Issue 3 | February 2020

ISSN: 2455-5703

Analysis of Ransomware and its prevention

A. D. C Navin Dhinnesh
Department of Computer Applications
Mepco Schlenk Engineering College, Sivakasi – 626005, India

Abstract
The cyber attack technology is changing in a drastic manner. The attacks are increasing in a higher rate. The attacks are not
pertaining to a particular individual, but also many organizations and institutions are also involved. To prevent from these types
of attacks, lot of security measures are implemented by several organizations. They put into practice various security levels to
protect from these attacks. The most ferocious attack now a days is considered to be Ransomware. This paper explains the
history and the evolution of ransomware. Also it discusses about why encryption was chosen for ransomware attack. In this
paper the author explains about how to avert ransomware and to respond to the attack.
Keywords- Ransomware, Cyber Attack, Internet of Things, Cybercriminals, Encryption

I. INTRODUCTION
Ransomware is making heavy havoc from the time it was first discovered in the year 2000 [1]. It is considered to be a serious
threat not only to many organizations, but also to institutions [2]. It can be in any form, say in the form of malicious code, or may
be worms, or viruses. Few ransomware appears to destroy the user’s data from their computer. As the technology booms, the
threat to computer system also rises. The field of Internet of Things (IoT) [3] is now connecting people with various devices.
Once people of connected to those devices they are exposed to attacks too. Ransomware is similar to a worm. It will not allow
the users to access their system, either the screen will be locked or the files of the user will be encrypted. After this they will
demand a huge ransom from the user. It is very difficult to decrypt a ransomware affected file. Initially they will enter an
organizations system and will start encrypting their important files. After this they will ask for ransom to be paid for decrypting
the affected files. Ransomware will be using assorted type of techniques to attack the victim.

II. HISTORY AND EVOLUTION

Ransomware was first identified in the year 2005 in Russia [4]. The victim`s file were hacked and was access denied by the
attacker [5]. They also demanded huge amount to be paid by the victim in order to make the files work. After few years the
ransomware was made to affect mobile phones too [6]. Once if we need to boot a system, the computer must need a boot file to
start the system. Ransomware will prevent the operating system (OS) from being booted [7]. Subsequently cybercriminals started
using forged antivirus programs. These programs will mislead the applications used by the users [8]. These will look like original
programs but they will perform mock operations, and will inform the users that the system has numerous amounts of threats and
lacks in several security. The user will be asked for some fee to be paid for rectifying the problems. The user will also be asked
to pay for the annual maintenance. But few users happened to ignore these kinds of alerts. The next stage of cybercriminals was
to disable the systems access. They will purposely lock the system so that the user could not use it. The charge asked to be paid
by the user will be heavy if the user wishes the criminals to unlock the system.
The success of ransomware is due to encryption techniques used by the criminals. They use encryption as a tool to
attack victims [9]. The advantage of using encryption is that they give access only to the users those hold the secret key for
accessing or retrieving the data. As soon as a system is affected by a ransomware, the criminals start to change the entire files
present in the system. They change it in a manner that the files can be read only when they are restored back to their initial state.
For doing these kind of things, the cybercriminals need a key. Hence they choose encryption for performing these kinds of
attacks. After attacking the victims system they demand huge amount in ransom.
The cybercriminals perform two types of encryption: i) symmetric and ii) asymmetric. In the former, for performing
encryption and decryption, the victims use the same secret key. But in the latter, a private key is involved. The public key is used
when encryption is done. But during decryption private is needed. The cybercriminals uses both the above types when they
decide to attack a victim. Figure 1 shows the sample model of encryption done in a ransomware.

All rights reserved by www.grdjournals.com 1

 Analysis of Ransomware and its prevention
(GRDJE/ Volume 5 / Issue 3 / 001)

Fig. 1: Sample model of encryption done in ransomware

III. AVERTING RANSOMWARE

There are few techniques to be followed to avert ransomware attacks. The following points will explain how to avert from
ransomware.

A. Do not click the unknown links

When you happened to receive any unknown links or spam emails, do not try to click it. It may be a ransomware. As soon as if
you happened to click the links then automatically download starts on you system and it could be affected. When you system is
affected by ransomware then it will start encrypting you files. Then it will start demanding huge ransom from the victim for
recovering the encrypted data. But it is not an assurance that once you pay the ransom to the cybercriminal he will release back
your original files [10].

B. Never open unknown email attachments

This is a different way of getting the ransomware into the victim`s system by means of an email attachment. One should not open
any of the email attachments that are received from unknown senders. Make sure the attachment is genuine before opening it. If
not sure, then ignore it or never open it. Sometimes, if you happened to open the attachment, and if that attachment is being
infected, then the malware will immediately take control of the victim`s system.

C. Download from the websites which you trust

At any cost do not try to download any files from unidentified websites. If you wish to download then visit the trusted website
then download your files. Trusted websites could be recognized by https. And also one can see a lock symbol in trusted websites.
This shows that the websites are secured one. Same thing applies to mobile phones too.

D. Do not give your personal details

If from any websites, if you happened to receive an email asking you to provide your personal details, please avoid giving it.
Most of the cybercriminals try to get the personal details so that they can ask for huge ransom from the victim. If you receive
any, kindly ignore it.

E. Use proper filtering

One must use proper filtering in their emails to prevent ransomware. These filters will reduce the incoming spam emails to some
extent. The infected malware files may also be filtered or deleted and it will not reach the inbox.

F. Update software periodically

The software used by the user must be properly updated periodically to avoid malware attacks. By updating the software, one can
be updated with the latest antivirus software that will control the incoming malware.

G. Periodic Data Back up

The user`s data in the system must be backed up once in a while. The data must be copied to an external drive. That external
drive should not be connected to the main system. Also one can store the data in a cloud environment. By backing up even if the
data are encrypted one can get back their original data from the back up.

All rights reserved by www.grdjournals.com 2

 Analysis of Ransomware and its prevention
(GRDJE/ Volume 5 / Issue 3 / 001)

IV. RESPONDING TO AN ATTACK

Till now, the prevention from ransomware was explained. Now let`s see how to respond to a ransomware attack. Once if you
happened to experience a ransomware attack, follow the few things as follows to reduce the damage:

A. Keep your System Isolated

If you are experiencing any ransomware attack, just disconnect your system from the remaining systems and from the network.
By doing this will reduce the attack.

B. Avoid Paying Ransom

Try to avoid paying the ransom to the cybercriminals. This will encourage the attackers to do more and more attacks.

V. ATTACKS IN A HOSPITAL
There are number of hospitals being attacked with ransomware. These kinds of attacks make the hospital authorities to think
about their systems security. The attackers will disable the emails of hospitals, there by affecting the scheduling details of
patients to be attended and other related functions [11]. The attackers will also reschedule the surgery dates to be performed to
the patients. The hospital management should keep their internet oriented systems highly secured. They should identify the
attacks quickly and should respond to that as early as possible. They should keep away from opening unwanted emails. They
should not click the links which are not known to them. The hospital people must take regular backups of their system data.
Figure 2 shows the sample ransomware attack in a hospital.

Fig. 2: A sample of a Hospital attacked with ransomware

VI. CONCLUSION
Always be proactive. The users in the organization and in any institutions must be taught about ransomware. They should be
exposed to basic attacks and how to prevent it on their own to reduce the amount of attack. The users should be instructed not to
open any untrusted links which they receive in their email. The organizations must implement few security measures for these
types of attacks. Proper updating in their software must be carried out.

ACKNOWLEDGEMENTS
The author acknowledges the support and encouragement by the Management, Principal and Director of Computer Applications
department, towards this work.

REFERENCE
[1] RansomwarePast, Present, and Future Technical Marketing Team, TrendLabs, https://documents.trendmicro.com/assets/wp/wp-ransomware-past-present-
and-future.pdf
[2] Stephen Cobb, “RANSOMWARE: an enterprise perspective”, Ransomware white paper, 2018
[3] Nadeem Shah, Mohammed Farik, “Ransomware - Threats, Vulnerabilities And Recommendations”, International Journal of Scientific and Technology
Research Vol 6, No 06, 2017
[4] TrendLabs.(2017).Threat Encyclopedia.“Ransomware.”Last accessed on 20 March 2017,
https://www.trendmicro.com/vinfo/us/security/definition/Ransomware.
[5] Trend Micro Incorporated. (14 March 2006). TrendLabs Security Intelligence Blog. “Ransomware! Ransomware! Ransomware!” Last accessed on 20
March 2017, http://blog.trendmicro.com/trendlabs-security-intelligence/ransomware21-ransomware21-ransomware21/.
[6] Nart Villeneuve. (12 January 2011). TrendLabs Security Intelligence Blog. “SMS Ransomware Tricks Russian Users.” Last accessed on 20 March 2017,
http://blog.trendmicro.com/trendlabs-security-intelligence/sms-ransomware-tricks-russian-users/.

All rights reserved by www.grdjournals.com 3

 Analysis of Ransomware and its prevention
(GRDJE/ Volume 5 / Issue 3 / 001)

[7] Cris Pantanilla. (12 April 2012). TrendLabs Security Intelligence Blog. “Ransomware Takes MBR Hostage.” Last accessed on 20 March 2017,
http://blog.trendmicro.com/trendlabs-security-intelligence/ransomware-takes-mbr-hostage/.
[8] Kevin Savage, Peter Coogan, Hon Lau, “The evolution of ransomware”, version 1.0, Symantec, August 2015
[9] Cassius Puodzius, “How encryption molded crypto-ransomware”, 2016
[10] https://www.kaspersky.co.in/resource-center/threats/how-to-prevent-ransomware
[11] Ransomware Attack Disrupts Medical Care in 3 Alabama Hospitals, 2019,
Available online: https://www.trendmicro.com/vinfo/au/security/news/cybercrime-and-digital-threats/ransomware-attack-disrupts-medical-care-in-3-
alabama-hospitals

All rights reserved by www.grdjournals.com 4