Skip to main content
SpringerLink
Log in
Book cover

International Symposium on Security in Computing and Communication

SSCC 2018: Security in Computing and Communications pp 39–52Cite as

Survey on Prevention, Mitigation and Containment of Ransomware Attacks

  • Conference paper
  • First Online:

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 969))

Abstract

Ransomware is a type of malicious software that holds access to computer resources for a ransom amount. This is accomplished through encrypting the personal files or denying access to the user interface. The access is reinstated only once ransom amount is paid to the attacker. There is a significant increase in ransomware attacks involving crypto ransomware, which encrypt the personal files present on a host or network attached storage and demand ransom in cryptocurrency. Improvements are being made by ransomware in the encryption algorithms, key exchange mechanisms and modes of lateral movement as time progresses. This change has to be reflected in the detections mechanisms to effectively defend against the attacks. Ransomware has become one of the highest damaging types of cyber-attack in the present time and organizations across the world have lost billions of dollars in damages caused due to disruption in business operations. Attackers have earned millions of dollars in ransom money from their victims. Effective detection of ransomware and preventing data loss through encryption is a leading field of research. This paper summarizes the latest research, security products and practices in the prevention, mitigation, and containment of ransomware attacks.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Ransomware damage report. https://cybersecurityventures.com/ransomware-damage-report-2017-5-billion/

  2. Funny money: exploring the connection between bitcoin and ransomware. https://securityintelligence.com/funny-money-exploring-the-connection-between-bitcoin-and-ransomware/

  3. Young, A., Yung, M.: Cryptovirology: extortion-based security threats and countermeasures. In: Proceedings of 1996 IEEE Symposium on Security and Privacy. IEEE (1996)

    Google Scholar 

  4. Virus Bulletin, January 1990. https://www.virusbulletin.com/uploads/pdf/magazine/1990/199001.pdf

  5. Yaqoob, I., et al.: The rise of ransomware and emerging security challenges in the Internet of Things. Comput. Netw. 129, 444–458 (2017)

    Article  Google Scholar 

  6. Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., Kirda, E.: Cutting the Gordian knot: a look under the hood of ransomware attacks. In: Almgren, M., Gulisano, V., Maggi, F. (eds.) DIMVA 2015. LNCS, vol. 9148, pp. 3–24. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-20550-2_1

    Chapter  Google Scholar 

  7. Hampton, N., Baig, Z.A.: Ransomware: emergence of the cyber-extortion menace (2015)

    Google Scholar 

  8. Patyal, M., et al.: Multi-layered defense architecture against ransomware. Int. J. Bus. Cyber Secur. 1(2) (2017)

    Google Scholar 

  9. Pascariu, C., Barbu, I.-D.: Ransomware–an emerging threat. Int. J. Inf. Secur. Cybercrime 4(2), 27–32 (2015)

    Google Scholar 

  10. Chong, R.: Locky ransomware distributed via DOCM attachments in latest email campaigns. In: FireEye, 17 August 2016. Accessed Sept 2016

    Google Scholar 

  11. Aurangzeb, S., et al.: Ransomware: a survey and trends. J. Inf. Assur. Secur. 6(2) (2017)

    Google Scholar 

  12. Mohurle, S., Patil, M.: A brief study of wannacry threat: Ransomware attack 2017. Int. J. Adv. Res. Comput. Sci. 8(5) (2017)

    Google Scholar 

  13. Bad rabbit ransomware technical analysis. https://logrhythm.com/blog/bad-rabbit-ransomware-technical-analysis/

  14. Adamov, A., Carlsson, A.: The state of ransomware. Trends and mitigation techniques. In: 2017 IEEE East-West Design & Test Symposium (EWDTS). IEEE (2017)

    Google Scholar 

  15. Thomas, G., Burmeister, O., Low, G.: Issues of implied trust in ethical hacking (2018)

    Google Scholar 

  16. Delphy, B.: Mimikatz (2016)

    Google Scholar 

  17. Mansfield-Devine, S.: Ransomware: taking businesses hostage. Netw. Secur. 2016(10), 8–17 (2016)

    Article  Google Scholar 

  18. Ahn, G.-J., et al.: Ransomware 7 and cryptocurrency. Cybercrime Interdiscip. Lens 26, 105 (2016)

    Google Scholar 

  19. Sittig, D.F., Singh, H.: A socio-technical approach to preventing, mitigating, and recovering from ransomware attacks. Appl. Clin. Inform. 7(2), 624 (2016)

    Article  Google Scholar 

  20. Parmar, B.: Employee negligence: the most overlooked vulnerability. Comput. Fraud. Secur. 2013(3), 18–20 (2013)

    Article  Google Scholar 

  21. Luo, X., Liao, Q.: Awareness education as the key to ransomware prevention. Inf. Syst. Secur. 16(4), 195–202 (2007)

    Article  Google Scholar 

  22. Goodman, J., Cormack, G.V., Heckerman, D.: Spam and the ongoing battle for the inbox. Commun. ACM 50(2), 24–33 (2007)

    Article  Google Scholar 

  23. Anti-Spam and anti-malware protection. https://technet.microsoft.com/en-in/library/exchange-online-antispam-and-antimalware-protection.aspx

  24. Eliminating spam within Gmail using machine learning. https://www.blog.google/products/g-suite/how-machine-learning-g-suite-makes-people-more-productive/

  25. Cabaj, K., Mazurczyk, W.: Using software-defined networking for ransomware mitigation: the case of cryptowall. IEEE Netw. 30(6), 14–20 (2016)

    Article  Google Scholar 

  26. Check point ransomware prevention. https://blog.checkpoint.com/wp-content/uploads/2015/07/sb-ransomware-threat-research.pdf

  27. Adobe flash vulnerabilities. https://www.cvedetails.com/vulnerability-list/vendor_id-53/product_id-6761/Adobe-Flash-Player.html

  28. Enterprise patching… is patchy, survey finds. https://www.theregister.co.uk/2017/06/05/enterprise_patching_survey_duo/

  29. David, J.: Unpatched vulnerabilities-the big issues. Netw. Secur. 2003(12), 10–14 (2003)

    Article  Google Scholar 

  30. Nieuwenhuizen, D.: A Behavioral-Based Approach to Ransomware Detection. MWR Labs Whitepaper, Whitepaper (2017)

    Google Scholar 

  31. Haber, M.J., Hibbert, B.: Privilege escalation. In: Privileged Attack Vectors, pp. 53–68. Apress, Berkeley (2018)

    Google Scholar 

  32. Viswanath, H., Mehtre, B.M.: System and method for zero-day privilege escalation malware detection. U.S. Patent Application No. 15/093,690 (2018)

    Google Scholar 

  33. Gajek, J.: Macro malware: dissecting a malicious word document. Netw. Secur. 2017(5), 8–13 (2017)

    Article  Google Scholar 

  34. Lokuketagoda, B., et al.: R-Killer: an email based ransomware protection tool. Int. J. Comput. Inf. Eng. 5(2) (2018)

    Google Scholar 

  35. Usman, L., Prayudi, Y., Riadi, I.: Ransomware analysis based on the surface, runtime and static code method. J. Theor. Appl. Inf. Technol. 95(11) (2017)

    Google Scholar 

  36. Beuhring, A., Salous, K.: Beyond blacklisting: cyberdefense in the era of advanced persistent threats. IEEE Secur. Priv. 12(5), 90–93 (2014)

    Article  Google Scholar 

  37. Durve, R., Bouridane, A.: Windows 10 security hardening using device guard whitelisting and Applocker blacklisting. In: 2017 Seventh International Conference on Emerging Security Technologies (EST). IEEE (2017)

    Google Scholar 

  38. O’dowd, A.: Major global cyber-attack hits NHS and delays treatment. BMJ Br. Med. J. 357 (2017)

    Google Scholar 

  39. Kurmus, A., Sorniotti, A., Kapitza, R.: Attack surface reduction for commodity OS kernels: trimmed garden plants may attract less bugs. In: Proceedings of the Fourth European Workshop on System Security. ACM (2011)

    Google Scholar 

  40. Google Chrome will start blocking flash by default. http://www.wired.co.uk/article/google-chrome-adobe-flash-html5

  41. Scaife, N., et al.: Cryptolock (and drop it): stopping ransomware attacks on user data. In: 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS). IEEE (2016)

    Google Scholar 

  42. Ransomware protection RansomFree by cybereason. https://ransomfree.cybereason.com

  43. Continella, A., et al.: ShieldFS: a self-healing, ransomware-aware filesystem. In: Proceedings of the 32nd Annual Conference on Computer Security Applications. ACM (2016)

    Google Scholar 

  44. Cryptostalker, prevent ransomware on linux. https://github.com/unixist/cryptostalker

  45. Kaspersky anti-ransomware tool kaspersky lab. https://go.kaspersky.com/Anti-ransomware-tool.html

  46. Introducing the malwarebytes anti-ransomware beta. https://blog.malwarebytes.com/malwarebytes-news/2016/01/introducing-the-malwarebytes-anti-ransomware-beta/

  47. New Windows 10 security features protect against ransomware. https://blogs.microsoft.com/firehose/2017/09/06/new-windows-10-security-features-protect-against-ransomware/

  48. Intercept X Sophos. https://www.sophos.com/en-us/medialibrary/PDFs/factsheets/sophos-intercept-x-dsna.pdf

  49. Lee, J.K., Moon, S.Y., Park, J.H.: CloudRPS: a cloud analysis based enhanced ransomware prevention system. J. Supercomput. 73(7), 3065–3084 (2017)

    Article  Google Scholar 

  50. Yun, J., et al.: CLDSafe: an efficient file backup system in cloud storage against ransomware. IEICE Trans. Inf. Syst. 100(9), 2228–2231 (2017)

    Article  Google Scholar 

  51. Zimba, A.: Malware-free intrusion: a novel approach to ransomware infection vectors. Int. J. Comput. Sci. Inf. Secur. 15(2), 317 (2017)

    Google Scholar 

  52. Scaife, N., Traynor, P., Butler, K.: Making Sense of the ransomware mess (and planning a sensible path forward). IEEE Potentials 36(6), 28–31 (2017)

    Article  Google Scholar 

  53. Shaikh, R., Sasikumar, M.: Data classification for achieving security in cloud computing. Procedia Comput. Sci. 45, 493–498 (2015)

    Article  Google Scholar 

  54. Mansfield-Devine, S.: Ransomware: the most popular form of attack. Comput. Fraud. Secur. 2017(10), 15–20 (2017)

    Article  Google Scholar 

  55. Addressing ransomware attacks and other malware ForeScout. https://www.forescout.com/company/resources/ransomware-solution-brief/

  56. The no more ransom project. https://www.nomoreransom.org/en/index.html

  57. Bridges, L.: The changing face of malware. Netw. Secur. 2008(1), 17–20 (2008)

    Article  Google Scholar 

  58. Malin, C.H., Casey, E., Aquilina, J.M.: Malware Forensics: Investigating and Analyzing Malicious Code. Syngress, Waltham (2008)

    Google Scholar 

  59. Mell, P., Kent, K., Nusbaum, J.: Guide to malware incident prevention and handling. US Department of Commerce, Technology Administration, National Institute of Standards and Technology (2005)

    Google Scholar 

  60. Cohen, M.I., Bilby, D., Caronni, G.: Distributed forensics and incident response in the enterprise. Digit. Investig. 8, S101–S110 (2011)

    Article  Google Scholar 

  61. Ransomware executive one-pager and technical document (CERT-US). https://www.us-cert.gov/sites/default/files/publications/Ransomware_Executive_One-Pager_and_Technical_Document-FINAL.pdf

Download references

Author information

Authors and Affiliations

  1. Amrita Center for Cyber Security Systems and Networks, Amrita School of Engineering, Amritapuri, Amrita Vishwa Vidyapeetham, Amritapuri, India

    Sumith Maniath, Prabaharan Poornachandran & V. G. Sujadevi

Authors
  1. Sumith Maniath
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Prabaharan Poornachandran
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. V. G. Sujadevi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sumith Maniath .

Editor information

Editors and Affiliations

  1. Technology and Management, Indian Institute of Information, Kerala, India

    Sabu M. Thampi

  2. Department of Computer Science, Missouri University of Science and Technology, Rolla, MO, USA

    Sanjay Madria

  3. Guangzhou University, Guangzhou, China

    Guojun Wang

  4. Howard University, Washington, DC, USA

    Danda B. Rawat

  5. University of the West of Scotland, Paisley, Glasgow, UK

    Jose M. Alcaraz Calero

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Maniath, S., Poornachandran, P., Sujadevi, V.G. (2019). Survey on Prevention, Mitigation and Containment of Ransomware Attacks. In: Thampi, S., Madria, S., Wang, G., Rawat, D., Alcaraz Calero, J. (eds) Security in Computing and Communications. SSCC 2018. Communications in Computer and Information Science, vol 969. Springer, Singapore. https://doi.org/10.1007/978-981-13-5826-5_3

Download citation

  • DOI: https://doi.org/10.1007/978-981-13-5826-5_3

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-13-5825-8

  • Online ISBN: 978-981-13-5826-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation