Advertisement

On the Economic Impact of Crypto-ransomware Attacks: The State of the Art on Enterprise Systems

  • Aaron ZimbaEmail author
  • Mumbi Chishimba
Original Article
  • 17 Downloads

Abstract

According to Cybersecurity Ventures research in 2017, in every 40 s, a business falls prey to a ransomware attack and the rate is predicted to rise to 14 s by 2019. Business organizations have had to pay cybercriminals even up to $1 million in a single attack, while others have incurred losses in hundreds of millions of dollars. Clearly, ransomware is an emerging cyberthreat to enterprise systems that can no longer be ignored. In this paper, we address the various facets of the ransomware pandemic narrowing down to the technical and economic impacts. We formulate an attack model applicable to cascaded network design structures common in enterprise systems, detailing the various susceptible ransomware entry points. We evaluate how the incorporation of asymmetric and symmetric encryption in hybrid cryptosystems with worm-like properties in recent ransomware strains has brought about tragic targeted ransomware attacks campaigns such as WannaCry, Erebus, and SamSam. We also detail the economic impact of ransomware on various businesses in terms of paid ransoms and loss of revenue due to downtime and loss of production. Results show the substantial role played by the Bitcoin cryptocurrency and email as the prevalent attack vector in indiscriminate attack campaigns, while vulnerability exploitation is dominant in targeted attacks. Furthermore, results show that lack of offline backup and poorly implemented offline backup strategies end up costing businesses more than the ransom demand itself. We suggest mitigation strategies and recommend best practices based on the demystified core components of successful ransomware attacks campaigns.

Keywords

Enterprise security, cyberthreat, crypto-ransomware, encryption Cryptocurrency Bitcoin 

Notes

References

  1. Adams R, Kewell B, Parry G (2018) Blockchain for good? Digital ledger technology and sustainable development goals. In: Handbook of sustainability and social science research. Springer, Cham, pp 127–140Google Scholar
  2. Agrawal M, Mishra P (2012) A comparative survey on symmetric key encryption techniques. Int J Comput Sci Eng 4(5):877Google Scholar
  3. Al Hasib A, Haque AAMM (2008) A comparative study of the performance and security issues of AES and RSA cryptography. In: Third international conference on convergence and hybrid information technology, 2008, ICCIT’08. IEEE, vol 2, pp 505–510Google Scholar
  4. Al Nabki MW, Fidalgo E, Alegre E, de Paz I (2017) Classifying illegal activities on TOR network based on web textual contents. In: Proceedings of the 15th conference of the European chapter of the association for computational linguistics: volume 1, long papers, vol 1, pp 35–43Google Scholar
  5. Al-rimy BAS, Maarof MA, Shaid SZM (2017) A 0-day aware crypto-ransomware early behavioral detection framework. In: International conference of reliable information and communication technology. Springer, Cham, pp 758–766Google Scholar
  6. Al-rimy BAS, Maarof MA, Shaid SZM (2018) Ransomware threat success factors, taxonomy, and countermeasures: a survey and research directions. Comput Secur 74:144–166Google Scholar
  7. Androulaki E, Karame GO, Roeschlin M, Scherer T, Capkun S (2013) Evaluating user privacy in bitcoin. In: International conference on financial cryptography and data security. Springer, Berlin, Heidelberg, pp 34–51Google Scholar
  8. Aziz A (2013) The evolution of cyber attacks and next generation threat protection. In: RSA conferenceGoogle Scholar
  9. Baek S, Jung Y, Mohaisen A, Lee S, Nyang D (2018) SSD-insider: internal defense of solid-state drive against ransomware with perfect data recovery. In: 2018 IEEE 38th international conference on distributed computing systems (ICDCS). IEEEGoogle Scholar
  10. Bistarelli S, Parroccini M, Santini F (2018) Visualizing bitcoin flows of ransomware: WannaCry one week later. In: Italian Conference on Cybersecurity (ITASEC), vol 2058, pp 1–8Google Scholar
  11. BitInfoCharts (2018) Bitcoin wallet WannaCry-wallet. https://bitinfocharts.com/bitcoin/wallet/WannaCry-wallet. Accessed 11 July 2018
  12. Bodenheim R, Butts J, Dunlap S, Mullins B (2014) Evaluation of the ability of the Shodan search engine to identify Internet-facing industrial control devices. Int J Crit Infrastruct Prot 7(2):114–123Google Scholar
  13. Bozhikov A (2018) Ransomware—a growing threat to the information security of business organizations. Securitatea Informatională 13:14Google Scholar
  14. Brewer R (2016) Ransomware attacks: detection, prevention and cure. Netw Secur 2016(9):5–9Google Scholar
  15. Cabaj K, Mazurczyk W (2016) Using software-defined networking for ransomware mitigation: the case of cryptowall. IEEE Netw 30(6):14–20Google Scholar
  16. CBC News (2016) University of calgary paid $20 k in ransomware attack. https://www.cbc.ca/news/canada/calgary/university-calgary-ransomware-cyberattack-1.3620979. Accessed 19 June 2018
  17. Chen J (2018) Effectively exercising deterrence in the cyber domain. In: ICCWS 2018 13th international conference on cyber warfare and security. Academic Conferences and Publishing Limited, p 120Google Scholar
  18. Chirgwin R (2017) South Korean hosting co. pays $1 m ransom to end eight-day outage. https://www.theregister.co.uk/2017/06/20/south_korean_webhost_nayana_pays_ransom/. Accessed 30 July 2018
  19. Clay J (2018) Ransomware growth will plateau in 2017, but attack methods and targets will diversify. In: TrendMicro. https://blog.trendmicro.com/ransomware-growth-will-plateau-in-2017-but-attack-methods-and-targets-will-diversify/. Accessed 7 July 2018
  20. Conti M, Gangwal A, Ruj S (2018) On the economic significance of ransomware campaigns: a Bitcoin transactions perspective. Comput Secur 79:162–189.  https://doi.org/10.1016/j.cose.2018.08.008 Google Scholar
  21. Crowe J (2017) 5 Ransomware attack postmortems. Barkly. https://blog.barkly.com/5-ransomware-attack-postmortems-new-ebook. Accessed 30 July 2018
  22. Davis J (2018) Allscripts sued over ransomware attack, accused of ‘wanton’ disregard. https://www.healthcareitnews.com/news/allscripts-sued-over-ransomware-attack-accused-wanton-disregard. Accessed 10 Oct 2018
  23. Ehrenfeld JM (2017) Wannacry, cybersecurity and health information technology: a time to act. J Med Syst 41(7):104Google Scholar
  24. Elminaam DSA, Abdual-Kader HM, Hadhoud MM (2010) Evaluating the performance of symmetric encryption algorithms. IJ Netw Secur 10(3):216–222Google Scholar
  25. Everett C (2016) Ransomware: to pay or not to pay? Comput Fraud Secur 2016(4):8–12Google Scholar
  26. Fayi SYA (2018) What Petya/NotPetya ransomware is and what its remidiations are. In: Information technology-new generations. Springer, Cham, pp 93–100Google Scholar
  27. Heartfield R, Loukas G (2016) A taxonomy of attacks and a survey of defence mechanisms for semantic social engineering attacks. ACM Comput Surv (CSUR) 48(3):37Google Scholar
  28. Houben G, Lenie K, Vanhoof K (1999) A knowledge-based SWOT-analysis system as an instrument for strategic planning in small and medium sized enterprises. Decis Support Syst 26(2):125–135Google Scholar
  29. Huber M, Mulazzani M, Weippl E, Kitzler G, Goluch S (2011) Friend-in-the-middle attacks: exploiting social networking sites for spam. IEEE Internet Comput 15(3):28–34Google Scholar
  30. Irwin AS, Turner AB (2018) Illicit Bitcoin transactions: challenges in getting to the who, what, when and where. J Money Laund Control 21(3):297–313Google Scholar
  31. Isdale H (2017) Cybersecurity and the family office. Int Fam Off J 1(1):36–42Google Scholar
  32. Ismail N (2017) Downtime is key cost of ransomware attacks. In: InformationAge. https://www.information-age.com/downtime-key-cost-ransomware-attacks-123465510/. Accessed 21 July 2018
  33. Ji Q, Bouri E, Gupta R, Roubaud D (2018) Network causality structures among Bitcoin and other financial assets: a directed acyclic graph approach. Q Rev Econ Finance 70:203–213Google Scholar
  34. Kao DY, Hsiao SC (2018) The dynamic analysis of WannaCry ransomware. In: 2018 20th international conference on advanced communication technology (ICACT). IEEE, pp 159–166Google Scholar
  35. Khalilov MCK, Levi A (2018) A survey on anonymity and privacy in bitcoin-like digital cash systems. IEEE Commun Surv Tutor 20(3):2543–2585Google Scholar
  36. Kim W, Jeong OR, Kim C, So J (2011) The dark side of the internet: attacks, costs and responses. Inf Syst 36(3):675–705Google Scholar
  37. Krombholz K, Hobel H, Huber M, Weippl E (2015) Advanced social engineering attacks. J Inf Secur Appl 22:113–122Google Scholar
  38. Kshetri N, Voas J (2017) Do crypto-currencies fuel ransomware?. IT Professional. IEEE Comput Soc 19(5):11–15.  https://doi.org/10.1109/MITP.2017.3680961 Google Scholar
  39. Li K, Yang R, Au MH, Xu Q (2017) Practical range proof for cryptocurrency Monero with provable security. In: International conference on information and communications security. Springer, Cham, pp 255–262Google Scholar
  40. Maass B (2018) Ransomware hits CDOT computers. CBS denver. https://denver.cbslocal.com/2018/02/21/ransomware-hits-cdot-computers/. Accessed 30 May 2018
  41. Malwarebytes (2016) Understanding the depth of the global ransomware problem. An Osterman research survey reportGoogle Scholar
  42. Mather T, Kumaraswamy S, Latif S (2009) Cloud security and privacy: an enterprise perspective on risks and compliance. O’Reilly Media Inc, NewtonGoogle Scholar
  43. Mathews L (2017) Massive ransomware attack unleashes 23 million emails in 24 hours. https://www.forbes.com/sites/leemathews/2017/08/31/massive-ransomware-attack-unleashes-23-million-emails-in-24-hours/#6342e722394b. Accessed 21 July 2018
  44. Melissa M (2017) The state of cyber security 2017. In: F-Secure. https://business.f-secure.com/the-state-of-cyber-security-2017. Accessed 20 July 2018
  45. Møller C (2003) ERP II-next-generation extended enterprise resource planning. In: Proceedings of the seventh world multi-conference on systemics, cybernetics and informatics, Orlando, USGoogle Scholar
  46. Newman IH (2018) Atlanta spent $2.6 M to recover from a $52,000 ransomware scare. https://www.wired.com/story/atlanta-spent-26m-recover-from-ransomware-scare/. Accessed 20 June 2018
  47. O’Kane P, Sezer S, Carlin D (2018) Evolution of ransomware. IET Netw 7(5):321–327Google Scholar
  48. Panetto H, Cecil J (2013) Information systems for enterprise integration, interoperability and networking: theory and applications. Enterp Inf Syst 7(1):1–6Google Scholar
  49. Parker JF (2018) Blockchain technology simplified: the complete guide to blockchain management, mining, trading and investing cryptocurrency. CreateSpace Independent Publishing Platform, USA. ISBN:1984016105 9781984016102Google Scholar
  50. Pathak PB, Nanded YM (2016) A dangerous trend of cybercrime: ransomware growing challenge. Int J Adv Res Comput Eng Technol (IJARCET), 5:371–373Google Scholar
  51. Pauli D (2017) Like stealing data from a kid: LA school pays web scum US$28,000 ransom. https://www.theregister.co.uk/2017/01/10/la_school_pays_web_scum_28000_ransom/. Accessed 03 Aug 2018
  52. Ragan S (2018) SamSam ransomware attacks have earned nearly $850,000. https://www.csoonline.com/article/3263693/security/samsam-ransomware-attacks-have-earned-nearly-850-000.html. Accessed 30 July 2018
  53. Responsive (2017) Small business ransomware defense plan: protect, backup, upgrade, & update. https://responsive.us/2017/06/21/small-business-ransomware-defense-plan/. Accessed 10 June 2018
  54. Richardson R, North M (2017) Ransomware: evolution, mitigation and prevention. Int Manag Rev 13(1):10–21Google Scholar
  55. Roberts N (2018). Ransomware: an evolving threat. Doctoral dissertation, Utica CollegeGoogle Scholar
  56. Romero D, Vernadat F (2016) Enterprise information systems state of the art: past, present and future trends. Comput Ind 79:3–13Google Scholar
  57. Secureworks (2018) Counter threat unit threat intelligence. SamSam ransomware campaigns. https://www.secureworks.com/research/samsam-ransomware-campaigns. Accessed 15 July 2018
  58. Sittig DF, Singh H (2016) A socio-technical approach to preventing, mitigating, and recovering from ransomware attacks. Appl Clin Inform 7(2):624Google Scholar
  59. Snell E (2018) Patient data unaffected in hancock health ransomware attack. https://healthitsecurity.com/news/patient-data-unaffected-in-hancock-health-ransomware-attack. Accessed 16 June 2018
  60. Spence N, Paul III DP, Coustasse A (2017) Ransomware in healthcare facilities: the future is now. Academy of Business Research, Fall 2017 Conference. Atlantic City, NJ, pp. 1–14Google Scholar
  61. Srinivasan CR (2017) Hobby hackers to billion-dollar industry: the evolution of ransomware. Comput Fraud Secur 2017(11):7–9Google Scholar
  62. Sun Y, Yin L, Wang Z, Guo Y, Fang B (2018) Identifying the propagation sources of stealth worms. In: International conference on computational science. Springer, Cham, pp 811–817Google Scholar
  63. Sun X, Dai J, Liu P, Singhal A, Yen J (2018b) Using Bayesian networks for probabilistic identification of zero-day attack paths. IEEE Trans Inf Forensics Secur 13(10):2506–2521Google Scholar
  64. van Wegberg R, Oerlemans JJ, van Deventer O (2018) Bitcoin money laundering: mixed results? An explorative study on money laundering of cybercrime proceeds using bitcoin. J Financ Crime 25(2):419–435Google Scholar
  65. Wang Z, Wu X, Liu C, Liu Q, Zhang J (2018) RansomTracer: exploiting cyber deception for ransomware tracing. In: 2018 IEEE third international conference on data science in cyberspace (DSC). IEEEGoogle Scholar
  66. Williams TJ (1994) The Purdue enterprise reference architecture. Comput Ind 24(2–3):141–158Google Scholar
  67. Wirth A (2018) The times they are a-changin’: part one. Biomed Instrum Technol 52(2):148–152Google Scholar
  68. WorldCoinIndex (2018) Bitcoin BTC/USD. https://www.worldcoinindex.com/coin/bitcoin. Accessed 9 July 2018
  69. Yildirim EY, Akalp G, Aytac S, Bayram N (2011) Factors influencing information security management in small- and medium-sized enterprises: a case study from Turkey. Int J Inf Manag 31(4):360–365Google Scholar
  70. Young AL, Yung M (2017) Cryptovirology: the birth, neglect, and explosion of ransomware. Commun ACM 60(7):24–26Google Scholar
  71. Zhang WJ, Lin Y (2010) On the principle of design of resilient systems—application to enterprise information systems. Enterp Inf Syst 4(2):99–110Google Scholar
  72. Zimba A (2017) Malware-free intrusion: a novel approach to Ransomware infection vectors. Int J Comput Sci Inf Secur 15(2):317Google Scholar
  73. Zimba A, Wang Z, Simukonda L (2018) Towards data resilience: the analytical case of crypto ransomware data recovery techniques. Int J Inf Technol Comput Sci 10(1):40–51Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Department of Computer Science and Information TechnologyMulungushi UniversityKabweZambia
  2. 2.Department of Information TechnologyNational Institute of Public Administration (NIPA)LusakaZambia

Personalised recommendations