A Threat-Led Approach to Mitigating Ransomware Attacks: Insights from a Comprehensive Analysis of the Ransomware Ecosystem
Pages 210 - 216
Abstract
Ransomware attacks have become a major threat to organizations across all sectors, causing significant financial and reputational damage. To address this challenge, this contribution presents a threat-led approach to mitigating ransomware attacks, based on a comprehensive analysis of the contemporary ransomware ecosystem. The contribution identifies the main ransomware groups that are currently active and analyzes their Tactics, Techniques, and Procedures (TTPs) to derive appropriate mitigation measures. The final output of this analysis is a list of mitigations that can effectively prevent the successful execution of ransomware attacks and whose implementation should thus be prioritized by cybersecurity teams. The contribution also highlights the importance of using the MITRE ATT&CK framework and threat actor profile library to enhance ransomware defense strategies. The findings of this contribution have significant implications for cybersecurity practitioners, policymakers, and researchers, and can inform the development of effective ransomware defense strategies.
References
[1]
2023. MITRE ATT&CK™: Adversarial Tactics, Techniques, and Common Knowledge. https://attack.mitre.org/
[2]
Belal Al-Fuhaidi, Wedad Al-Sorori, Naseebah Maqtary, Abdullah Al-Hashedi, and Sadik Al-Taweel. 2021. Literature Review on Cyber Attacks Detection and Prevention Schemes. In 2021 International Conference on Intelligent Technology, System and Service for Internet of Everything (ITSS-IoE). IEEE, 1–6.
[3]
Bander Ali Saleh Al-rimy, Mohd Aizaini Maarof, and Syed Zainudeen Mohd Shaid. 2018. Ransomware threat success factors, taxonomy, and countermeasures: A survey and research directions. Computers & Security 74 (2018), 144–166.
[4]
Ross Anderson. 2020. Security Engineering - A Guide to Building Dependable Distributed Systems. John Wiley & Sons, New York.
[5]
Nurfadilah Ariffin, Anazida Zainal, Mohd Aizaini Maarof, and Mohamad Nizam Kassim. 2018. A conceptual scheme for ransomware background knowledge construction. In 2018 Cyber Resilience Conference (CRC). IEEE, 1–4.
[6]
Pooneh Nikkhah Bahrami, Ali Dehghantanha, Tooska Dargahi, Reza M Parizi, Kim-Kwang Raymond Choo, and Hamid HS Javadi. 2019. Cyber kill chain-based taxonomy of advanced persistent threat actors: Analogy of tactics, techniques, and procedures. Journal of information processing systems 15, 4 (2019), 865–889.
[7]
Abubakar Bello and Alana Maurushat. 2020. Technical and behavioural training and awareness solutions for mitigating ransomware attacks. In Applied Informatics and Cybernetics in Intelligent Systems: Proceedings of the 9th Computer Science On-line Conference 2020, Volume 3 9. Springer, 164–176.
[8]
Sarah Brown, Joep Gommers, and Oscar Serrano. 2015. From cyber security information sharing to threat management. In Proceedings of the 2nd ACM workshop on information sharing and collaborative security. 43–49.
[9]
Paul Cichonski, Tom Millar, Tim Grance, Karen Scarfone, 2012. Computer security incident handling guide. NIST Special Publication 800, 61 (2012), 1–147.
[10]
Zachary A Collier, Daniel DiMase, Steve Walters, Mark Mohammad Tehranipoor, James H Lambert, and Igor Linkov. 2014. Cybersecurity standards: Managing risk and creating resilience. Computer 47, 9 (2014), 70–76.
[11]
Vlad Constantin Craciun, Andrei Mogage, and Emil Simion. 2019. Trends in design of ransomware viruses. In Innovative Security Solutions for Information Technology and Communications: 11th International Conference, SecITC 2018, Bucharest, Romania, November 8–9, 2018, Revised Selected Papers 11. Springer, 259–272.
[12]
Ram Dantu, Prakash Kolan, and Joao Cangussu. 2009. Network risk management using attacker profiling. Security and Communication Networks 2, 1 (2009), 83–96.
[13]
Spike E Dog, Alex Tweed, LeRoy Rouse, Bill Chu, Duan Qi, Yueqi Hu, Jing Yang, and Ehab Al-Shaer. 2016. Strategic cyber threat intelligence sharing: a case study of ids logs. In 2016 25th International Conference on Computer Communication and Networks (ICCCN). IEEE, 1–6.
[14]
Bill Fisher, Murugiah Souppaya, William Barker, and Karen Scarfone. 2022. Ransomware Risk Management: A Cybersecurity Framework Profile. https://doi.org/10.6028/NIST.IR.8374
[15]
Pablo L Gallegos-Segovia, Jack F Bravo-Torres, Víctor M Larios-Rosillo, Paúl E Vintimilla-Tapia, Iván F Yuquilima-Albarado, and Juan D Jara-Saltos. 2017. Social engineering as an attack vector for ransomware. In 2017 CHILEAN Conference on Electrical, Electronics Engineering, Information and Communication Technologies (CHILECON). IEEE, 1–6.
[16]
Christopher Patrick Gibson and Shankar Madhab Banik. 2017. Analyzing the Effect of Ransomware Attacks on Different Industries. In 2017 International Conference on Computational Science and Computational Intelligence (CSCI). IEEE, 121–126.
[17]
Jordan W Han, Ong J Hoe, Joseph S Wing, and Sarfraz N Brohi. 2017. A conceptual security approach with awareness strategy and implementation policy to eliminate ransomware. In Proceedings of the 2017 international conference on computer science and artificial intelligence. 222–226.
[18]
Zahra Jadidi and Yi Lu. 2021. A threat hunting framework for industrial control systems. IEEE Access 9 (2021), 164118–164130.
[19]
Adhirath Kapoor, Ankur Gupta, Rajesh Gupta, Sudeep Tanwar, Gulshan Sharma, and Innocent E Davidson. 2021. Ransomware detection, avoidance, and mitigation scheme: a review and future directions. Sustainability 14, 1 (2021), 8.
[20]
Amin Kharraz and Engin Kirda. 2017. Redemption: Real-time protection against ransomware at end-hosts. In Research in Attacks, Intrusions, and Defenses: 20th International Symposium, RAID 2017, Atlanta, GA, USA, September 18–20, 2017, Proceedings. Springer, 98–119.
[21]
Dennis-Kenji Kipker and Malek Barudi. 2020. Cybersecurity - Rechtshandbuch. C.H. Beck, München.
[22]
S Kok, Azween Abdullah, N Jhanjhi, and Mahadevan Supramaniam. 2019. Ransomware, threat and detection techniques: A review. Int. J. Comput. Sci. Netw. Secur 19, 2 (2019), 136.
[23]
Patrick Kral. 2011. The incident handlers handbook. Sans Institute (2011).
[24]
Xin Luo and Qinyu Liao. 2007. Awareness education as the key to ransomware prevention. Information Systems Security 16, 4 (2007), 195–202.
[25]
Vasileios Mavroeidis, Ryan Hohimer, Tim Casey, and Audun Jesang. 2021. Threat actor type inference and characterization within cyber threat intelligence. In 2021 13th International Conference on Cyber Conflict (CyCon). IEEE, 327–352.
[26]
Fernando Maymi and Shon Harris. 2021. CISSP All-in-One Exam Guide, Ninth Edition -. McGraw Hill Professional, Madison.
[27]
Timothy McIntosh, ASM Kayes, Yi-Ping Phoebe Chen, Alex Ng, and Paul Watters. 2021. Ransomware mitigation in the modern era: A comprehensive review, research challenges, and future directions. ACM Computing Surveys (CSUR) 54, 9 (2021), 1–36.
[28]
Andrew C Miller, Abbas M Khan, and Sophia Ziad. 2020. Ransomware and Academic International Medicine. In Contemporary Developments and Perspectives in International Health Security-Volume 1. IntechOpen.
[29]
Routa Moussaileb, Nora Cuppens, Jean-Louis Lanet, and Hélène Le Bouder. 2021. A survey on windows-based ransomware taxonomy and detection mechanisms. ACM Computing Surveys (CSUR) 54, 6 (2021), 1–36.
[30]
National Institute of Standards and Technology (NIST). 2023. The NIST Cybersecurity Framework 2.0. NIST Cybersecurity Framework, Version 2.0. Retrieved from https://csrc.nist.gov/pubs/cswp/29/the-nist-cybersecurity-framework-20/ipd.
[31]
National Institute of Standards and Technology (NIST). 2023. SMALL BUSINESS CYBERSECURITY CORNER. NIST Cybersecurity Framework, Version 2.0. Retrieved from https://www.nist.gov/itl/smallbusinesscyber/guidance-topic/ransomware.
[32]
Philip O’Kane, Sakir Sezer, and Domhnall Carlin. 2018. Evolution of ransomware. Iet Networks 7, 5 (2018), 321–327.
[33]
Masarah Paquet-Clouston, Bernhard Haslhofer, and Benoit Dupont. 2019. Ransomware payments in the bitcoin ecosystem. Journal of Cybersecurity 5, 1 (2019).
[34]
Ronny Richardson and Max M North. 2017. Ransomware: Evolution, mitigation and prevention. International Management Review 13, 1 (2017), 10.
[35]
Kevin Savage, Peter Coogan, and Hon Lau. 2015. The evolution of ransomware. Symantec, Mountain View (2015).
[36]
Hasan Awni Shakir and Aws Naser Jaber. 2018. A short review for ransomware: pros and cons. In Advances on P2P, Parallel, Grid, Cloud and Internet Computing: Proceedings of the 12th International Conference on P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC-2017). Springer, 401–411.
[37]
Dean F Sittig and Hardeep Singh. 2016. A socio-technical approach to preventing, mitigating, and recovering from ransomware attacks. Applied clinical informatics 7, 02 (2016), 624–632.
[38]
Nan Sun, Ming Ding, Jiaojiao Jiang, Weikang Xu, Xiaoxing Mo, Yonghang Tai, and Jun Zhang. 2023. Cyber Threat Intelligence Mining for Proactive Cybersecurity Defense: A Survey and New Perspectives. IEEE Communications Surveys & Tutorials (2023).
[39]
Melwin Syafrizal, Siti R Selamat, and Nurul A Zakaria. 2020. Analysis of cybersecurity standard and framework components. International Journal of Communication Networks and Information Security 12, 3 (2020), 417–432.
[40]
Jason Thomas and Gordon Galligher. 2018. Improving backup system evaluations in information security risk assessments to combat ransomware. Computer and Information Science 11, 1 (2018).
[41]
Khairun Nisyak Zakaria, Anazida Zainal, Siti Hajar Othman, and Mohamad Nizam Kassim. 2019. Feature extraction and selection method of cyber-attack and threat profiling in cybersecurity audit. In 2019 International Conference on Cybersecurity (ICoCSec). IEEE, 1–6.
Recommendations
Ransomware early detection: A survey
AbstractIn recent years, ransomware attacks have exploded globally, and it has become one of the most significant cyber threats to digital infrastructure. Such attacks have been targeting ranging from individuals to critical infrastructure or large ...
Ransomware: Recent advances, analysis, challenges and future research directions
AbstractThe COVID-19 pandemic has witnessed a huge surge in the number of ransomware attacks. Different institutions such as healthcare, financial, and government have been targeted. There can be numerous reasons for such a sudden rise in ...
Ransomware threat success factors, taxonomy, and countermeasures
The paper surveys state-of-the-art studies on ransomware analysis, detection, and prediction.The work describes the enabling technologies and factors that contribute to successful ransomware attacks.The paper proposes a general taxonomy for the ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
June 2024
235 pages
Copyright © 2024 Owner/Author.
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives International 4.0 License.
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 05 June 2024
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
EICC 2024
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 390Total Downloads
- Downloads (Last 12 months)390
- Downloads (Last 6 weeks)103
Reflects downloads up to 18 Nov 2024
Other Metrics
Citations
View Options
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML FormatLogin options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in