Author: Zimba, Aaron; Chishimba, Mumbi
Description: The devasting effects of ransomware have continued to grow over the past two decades which have seen ransomware shift from just being opportunistic attacks to carefully orchestrated attacks. Individuals and business organizations alike have continued to fall prey to ransomware where victims have been forced to pay cybercriminals even up to $1 million in a single attack whilst others have incurred losses in hundreds of millions of dollars. Clearly, ransomware is an emerging cyber threat to enterprise systems that can no longer be ignored. In this paper, we address the evolution of the ransomware and the associated paradigm shifts in attack structures narrowing down to the technical and economic impacts. We formulate an attack model applicable to cascaded network design structures common in enterprise systems. We model the security state of the ransomware attack process as transitions of a finite state machine where state transitions depict breaches of confidentiality, integrity, and availability. We propose a ransomware categorization framework that classifies the virulence of a given ransomware based on a proposed classification algorithm that is based on data deletion and file encryption attack structures. The categories that increase in severity from CAT1 to CAT5 classify the technical prowess and the overall effectiveness of potential ways of retaining the data without paying the ransom demand. We evaluate our modeling approach with a WannaCry attack use case and suggest mitigation strategies and recommend best practices based on these models.
Subject headings: Ransomware; Encryption; Attack structure; Bitcoin; Enterprise security
Publication year: 2019
Journal or book title: International Journal of Computer Network and Information Security (IJCNIS)
Volume: 11
Issue: 1
Pages: 26-39
Find the full text: https://www.mecs-press.org/ijcnis/ijcnis-v11-n1/IJCNIS-V11-N1-3.pdf
Find more like this one (cited by): https://scholar.google.com/scholar?cites=18023257123714609250&as_sdt=1000005&sciodt=0,16&hl=en
Serial number: 3430