Ransomware life cycle and how to combat it

Document from the year 2017 in the subject Computer Science - Internet, New Technologies, grade: B, Anglia Ruskin University, language: English, abstract: Ransomware is a dangerous malware which causes high financial loses for organizations. It is usually installed using a type of privilage esclation attack and then it encrypts data, asking for a ransom. In this paper, we will analyze ransomware life cycle and answer the question how to arrange your information security defences to combat ransomware outbreak. Information is an important asset for individuals, organisations, and governments. Stealing confidential information such as credit card numbers or Intellectual properties can cause financial loss or reputation damage. For example, Organisations invest in research creating intellectual property to secure their future earnings and pursue innovation. Because of that, Rao & Nayak (2014) state that intellectual property is valuable assets that need to be protected from theft or unauthorised access as it will cost mainly a severe financial loss. Chai, et al. (2016) state that individuals might be subjected to electronic bullying and harassments through internet social media like Facebook and Twitter. Most of the cases, protecting customer's information is protected by law which means that the theft of customer's sensitive information such as personal identifiable information (PII) and protected health information (PHI) will cause organisations to pay fines that consider also as a financial loss and reputation damage. In Healthcare industry, unauthorised modification on medical records can cause human life losses. Hammondl (2013) states that effective information security addresses the security triad (Confidentiality, Integrity & Availability). Confidentiality grantees that sensitive information (e.g. PHI, PII, Credit card, etc.) accessed by those who have the authority to access them. On the other hand, Integrity is making sure that data is protected against unauthorised malicious or non-intention modifications (Hammondl, 2013). Finally, availability grantees that information is available for the right person when it's needed and access granted. BBC (2017) reported in 12th of May an example that shows how important information security is to our life. Information security was violated by a massive cyber-attack hit NHS services across England and Scotland resulting hospital operation disruption and GP appointments that make staff uses pen and papers.

Haitham Ismail, MSc Information Systems (Systems Security), CISSP Haitham Ismail is a cybersecurity professional who holds his master degree in Information Systems (Systems Security) from Anglia Ruskin University, the United Kingdom in 2018. Currently, He works to get MBA with a concentration in Cyber Security to help me better understand the managerial role of an information security officer. He has 16 years of experience working as a security professional in different sectors (Banking, Government, and Insurance). He works for BUPA Arabia as an IT - Security Manager, which is a leading Insurance company in Saudi Arabia.