Ransomware Threat Research Articles

Got milk? Got cybersecurity risks! Unraveling ransomware threats in the German dairy industry

PurposeThis study aims to explore the vulnerabilities of the dairy industry to ransomware threats, focusing particularly on the upstream supply chain and applying routine activity theory (RAT) to understand the evolving dynamics of cybercrime in critical infrastructure sectors.Design/methodology/approachUtilizing expert interviews and network analysis, this research investigates the exploitation of complex supply chain vulnerabilities by motivated offenders. It delves into the intricate interplay between digital threats and physical supply continuity.FindingsThe study uncovers that ransomware threats transcend digital boundaries, manifesting in disruptions to physical operations and presenting significant risks to food security. It underscores the threat posed by the convergence of information technology (IT) and operational technology (OT), emphasizing the urgent need for heightened awareness and robust defenses against this substantial menace.Practical implicationsAddressing cyber vulnerabilities in critical sectors like dairy ensures not only the security of operations but also safeguards broader societal interests such as food security. Collaboration and proactive measures are essential to mitigate potential social and economic disruptions caused by cyber incidents.Originality/valueThis research fills a knowledge gap by shedding light on the nexus between cyber threats and supply chain resilience. It emphasizes the need for industries to adapt traditional defense mechanisms in the face of sophisticated digital adversaries.

Enhancing Cybersecurity: Ransomware Detection - A Proof of Concept Study

Presently, our digital landscape faces a pervasive onslaught of diverse cyber threats, encompassing distributed denial of service (DDoS), phishing, ransomware, and smishing, all orchestrated with malicious intent. Counteracting these malicious incursions poses a formidable challenge, particularly in devising efficacious detection solutions. Ransomware incidents are on the ascent, particularly within critical sectors such as healthcare, finance, and telecommunications. Consequently, this paper introduces a proof of concept (POC) aimed at detecting ransomware activities targeting Internet of Medical Things (IoMT) devices. The primary objective of this paper revolves around the identification and evaluation of factors correlating with ransomware attacks on IoMT and then developing a ransomware detector. The experimental framework involves the utilization of a simulated environment mirroring real-world IoMT devices and networks. The methodology integrates diverse approaches, encompassing data collection from IoMT devices, analysis of ransomware behaviour through the study of encryption patterns, and anomaly detection. The POC assesses the efficacy of these methodologies in detecting and responding to ransomware threats, with the experimentation conducted through hybrid analysis within a controlled laboratory setting. The dataset consists of 13 families with a total malware of 9251 taken from GitHub. For POC, a total of 3459 ransomware dataset samples have been selected. As a result of the experiment, thirteen (13) distinct features have been identified as trigger factors for ransomware attacks. These features are obtained by capturing of the processes initiated by the ransomware samples using a process monitor (procmon). A temporal pattern of the processes which include the file system, API, and access based on their frequency of occurrence were used to develop a ransomware detection model. The proposed approach achieved an accuracy of 99.2% and an error rate of 0.8 %, when evaluated on temporal pattern dataset and by using an enhanced artificial neural network (EANN).

Understanding and Mitigating Ransomware Threats: A Comprehensive Analysis

Understanding and Mitigating Ransomware Threats: A Comprehensive Analysis

Earlier Decision on Detection of Ransomware Identification: A Comprehensive Systematic Literature Review

Cybersecurity is normally defined as protecting systems against all kinds of cyberattacks; however, due to the rapid and permanent expansion of technology and digital transformation, the threats are also increasing. One of those new threats is ransomware, which is a form of malware that aims to steal user’s money. Ransomware is a form of malware that encrypts a victim’s files. The attacker then demands a ransom from the victim to restore access to the data upon a large payment. Ransomware is a way of stealing money in which a user’s files are encrypted and the decrypted key is held by the attacker until a ransom amount is paid by the victim. This systematic literature review (SLR) highlights recent papers published between 2020 and 2024. This paper examines existing research on early ransomware detection methods, focusing on the signs, frameworks, and techniques used to identify and detect ransomware before it causes harm. By analyzing a wide range of academic papers, industry reports, and case studies, this review categorizes and assesses the effectiveness of different detection methods, including those based on signatures, behavior patterns, and machine learning (ML). It also looks at new trends and innovative strategies in ransomware detection, offering a classification of detection techniques and pointing out the gaps in current research. The findings provide useful insights for cybersecurity professionals and researchers, helping guide future efforts to develop strong and proactive ransomware detection systems. This review emphasizes the need for ongoing improvements in detection technologies to keep up with the constantly changing ransomware threat landscape.

Ransomware Early Detection using Machine Learning Approach and Pre-Encryption Boundary Identification

The escalating ransomware threat has catalysed the formation of a sophisticated network of cybercriminal enterprises. Addressing this issue, our research provides a detailed exploration of the ransomware menace and an evaluation of contemporary detection methodologies. A successful ransomware attack leverages many factors: robust encryption methods that defy decryption, the anonymity of cyber currencies, and the widespread availability of ransomware kits that enable even inexperienced actors to launch attacks. Such dynamics have cultivated a niche for cybercriminal specialists in the digital underworld. In response to these challenges, our study proposes a detection framework based on machine learning, a domain where regression algorithms have gained popularity without yielding a definitive protective model. We employ API call analysis as the foundation to assess various machine learning classifiers' efficiency in identifying ransomware. The evaluation demonstrates that the Naive Bayes classifier underperforms due to suboptimal accuracy, making it unsuitable for this application. Conversely, Logistic Regression, with an AUC of 0.951, minimal training time, and substantial efficacy gains, emerges as a strong contender. The Decision Tree and Random Forest classifiers exhibit comparable proficiency; however, the Decision Tree's interpretability and Random Forest's computational swiftness present unique advantages. Superior still, SVM and Gradient Boosted Trees command the highest AUC and gains, albeit at the cost of increased training duration. Our findings affirm the pivotal role of API call analysis in ransomware detection and the potency of machine learning approaches in learning from extensive datasets to identify novel malware strains. Given the continual evolution of malware, detection methodologies must adapt correspondingly. This study's comparative analysis elucidates the trade-offs between accuracy, computational speed, and training time, guiding the selection of the optimal machine learning algorithm for robust ransomware detection.

Leveraging application permissions and network traffic attributes for Android ransomware detection

The increase in ransomware threats targeting Android devices necessitates the development of advanced techniques to strengthen the effectiveness of detection and prevention methods. Existing studies use Machine Learning (ML) techniques to detect and classify ransomware attacks, however, the ransomware landscape's rapid evolution hinders the effectiveness of these approaches. Moreover, the potential of Deep Reinforcement Learning (DRL) for this purpose remains unexplored. This study investigates the application of various DRL models for Android ransomware detection, leveraging permissions and network traffic attributes-labeled datasets. The paper provides a detailed explanation of implementing supervised learning within a DRL context. Secondly, the challenge of devising a reward function in Android ransomware detection is addressed, given the lack of an automated method for Android ransomware identification. The conventional DRL framework, which relies on the agent's interaction with a real-time environment, is conceptually modified in a new approach. We exhaustively tested the efficiency and accuracy of DRL-based models against other ML techniques, and results show that the A2C model has a better comparable detection performance than other DRL and ML models. Moreover, when DRL models are implemented with minor parameter modifications, they expedite and improve Android ransomware detection's speed, efficiency, and accuracy relative to existing ML strategies.

Proactive ransomware prevention in pervasive IoMT via hybrid machine learning

Advancements in information and communications technology (ICT) have fundamentally transformed computing, notably through the internet of things (IoT) and its healthcare-focused branch, the internet of medical things (IoMT). These technologies, while enhancing daily life, face significant security risks, including ransomware. To counter this, the authors present a scalable, hybrid machine learning framework that effectively identifies IoMT ransomware attacks, conserving the limited resources of IoMT devices. To assess the effectiveness of their proposed solution, the authors undertook an experiment using a state-of-the-art dataset. Their framework demonstrated superiority over conventional detection methods, achieving an impressive 87% accuracy rate. Building on this foundation, the framework integrates a multi-faceted feature extraction process that discerns between benign and malign actions, with a subsequent in-depth analysis via a neural network. This advanced analysis is pivotal in precisely detecting and terminating ransomware threats, offering a robust solution to secure the IoMT ecosystem.

An improved transformer‐based model for detecting phishing, spam and ham emails: A large language model approach

AbstractPhishing and spam have been a cybersecurity threat with the majority of breaches resulting from these types of social engineering attacks. Therefore, detection has been a long‐standing challenge for both academic and industry researcher. New and innovative approaches are required to keep up with the growing sophistication of threat actors. One such illumination which has vast potential are large language models (LLM). LLM emerged and already demonstrated their potential to transform society and provide new and innovative approaches to solve well‐established challenges. Phishing and spam have caused financial hardships and lost time and resources to email users all over the world and frequently serve as an entry point for ransomware threat actors. While detection approaches exist, especially heuristic‐based approaches, LLMs offer the potential to venture into a new unexplored area for understanding and solving this challenge. LLMs have rapidly altered the landscape from business, consumers, and throughout academia and demonstrate transformational potential to profoundly impact the society. Based on this, applying these new and innovative approaches to email detection is a rational next step in academic research. In this work, we present IPSDM, an improved phishing spam detection model based on fine‐tuning the BERT family of models to specifically detect phishing and spam emails. We demonstrate our fine‐tuned version, IPSDM, is able to better classify emails in both unbalanced and balanced datasets. Moreover, IPSDM consistently outperforms the baseline models in terms of classification accuracy, precision, recall, and F1‐score, while concurrently mitigating overfitting concerns.

Can Windows 11 Stop Well-Known Ransomware Variants? An Examination of Its Built-in Security Features

The ever-evolving landscape of cyber threats, with ransomware at its forefront, poses significant challenges to the digital world. Windows 11 Pro, Microsoft’s latest operating system, claims to offer enhanced security features designed to tackle such threats. This paper aims to comprehensively evaluate the effectiveness of these Windows 11 Pro, built-in security measures against prevalent ransomware strains, with a particular emphasis on crypto-ransomware. Utilizing a meticulously crafted experimental environment, the research adopted a two-phased testing approach, examining both the default and a hardened configuration of Windows 11 Pro. This dual examination offered insights into the system’s inherent and potential defenses against ransomware threats. The study’s findings revealed that Windows 11 Pro does present formidable defenses. This paper not only contributes valuable insights into cybersecurity, but also furnishes practical recommendations for both technology developers and end-users in the ongoing battle against ransomware. The significance of these findings extends beyond the immediate evaluation of Windows 11 Pro, serving as a reference point for the broader discourse on enhancing digital security measures.

Combatting ransomware in ZephyrOS-activated industrial IoT environments

The rapid growth of the Industrial Internet of Things (IIoT) has opened up new avenues for cyber threats, with ransomware being a primary area of concern. In response to this, proposed study introduces an innovative approach that combines the strength of the Gradient Boosting Machine (GBM) and the precision of Lasso Regression to effectively identify ransomware threats in IIoT settings. Functioning on the Zephyr operating system, the GBM's ability to handle large-scale datasets and traverse complex data dimensions is complemented by Lasso Regression's skill in curbing overfitting and extracting critical features. This combined ML technique is specifically designed to address the diverse data challenges of IIoT, providing a solid line of defense. Comprehensive tests on updated ransomware tools and the established RanSAP & IoT-23 datasets validated our model's capabilities, achieving an impressive 92 percent detection rate while keeping false positives to a minimum. When compared to existing strategies, projected solution showcased superior performance, highlighting its pivotal role in bolstering IIoT security against ransomware attacks. These results shed light on the next steps for ensuring a safer IIoT landscape, emphasizing the need for advanced, flexible cybersecurity measures in our ever-evolving industrial ecosystem.

Evolving Access Control Paradigms: A Comprehensive Multi-Dimensional Analysis of Security Risks and System Assurance in Cyber Engineering

This study evaluates the effectiveness of traditional access control paradigms—Role-Based Access Control (RBAC), Policy-Based Access Control (PBAC), and Attribute-Based Access Control (ABAC)—against ransomware threats in critical infrastructures and examines the potential benefits of integrating machine learning (ML) and artificial intelligence (AI) technologies. Utilizing a quantitative research design, the investigation collected data from 383 cybersecurity professionals across various sectors through a systematically structured questionnaire. The questionnaire, which demonstrated excellent internal consistency with a reliability score of 0.81, featured Likert scale questions aimed at assessing perceptions and experiences concerning the efficacy of different access control models in combating ransomware. Employing multiple regression analysis, the study explored the relationship between access control paradigms and their capability to mitigate ransomware risks, while also considering the impact of cybersecurity awareness among employees. The findings indicate that traditional access control methods are less effective against the dynamic nature of ransomware attacks, primarily due to their static configurations. In contrast, the integration of ML and AI into access control systems significantly enhances their adaptability and effectiveness in detecting and preventing ransomware incidents. Additionally, the study highlights the crucial role of cybersecurity awareness and training among employees in fortifying critical infrastructures against cyber threats. The adoption of a layered security strategy, incorporating advanced technological solutions and comprehensive cybersecurity practices, was found to markedly improve the resilience of critical infrastructures against ransomware attacks. Based on these insights, the study recommends the embrace of ML and AI technologies in access control systems, the prioritization of cybersecurity training for all organizational members, and the implementation of a multifaceted security approach to better defend against the evolving threat of ransomware. These strategies are essential for safeguarding the continuity and reliability of essential services in an increasingly digital and interconnected world.

Ransomware Threats Targeting the Healthcare Sector

Security is essentially a consideration in any computer system which holds sensitive or critical data. Ransomware attacks which are primarily based on encrypting critical data and demanding for a ransom to decrypt them, is one of the best approaches in harvesting money from critical industrial firms rather than damaging the information infrastructure. Even though general ransomware practices include encrypting critical data, sometimes it can come in a form of a threat to leaking of sensitive data to the public. Among the critical infrastructures in the healthcare industry, patient’s Personally Identifiable Information (PII) and also the operational data related to mission critical systems are the top concerns. Leaking of PII can cause a huge damage to the privacy of the patients who obtain the healthcare service for that particular healthcare provider. On the other hand, any system delays, malfunctions of inaccessibility or unavailability of operational data related to mission critical systems can cause hindrances to the usual operations of the healthcare provider and eventually will case a life-threatening situation to the patients as well. Through this research review, a comprehensive understanding to the topics; what is ransomware, why ransomware target health industry, what is the damage caused, new ransomware attack trends, mitigative steps and future research scopes are presented to the audience. At the end of the paper, overall conclusion made by analyzing reported incidents is presented with recommendation to mitigate the effects of future ransomware threats, targeted on healthcare industry.

Ransomware Threats in Industrial Internet of Things Networks: A Detection Approach

The Industrial Internet of Things (IIoT) is a challenging environment for ransomware threats, and it requires robust detection mechanisms to protect critical infrastructures. This study explores the complex landscape of ransomware attacks in IIoT and suggests proactive detection strategies. To develop an advanced detection model, this research uses the CATBoost algorithm that can handle categorical features by leveraging a comprehensive dataset that captures various attributes of ransomware incidents. The study also enhances the interpretability of the model by incorporating SHAP (SHapley Additive exPlanations) which explains how individual features affect ransomware identification in IIoT environments. Empirical evaluation demonstrates that the model can accurately classify ransomware instances with high precision and recall rates. Moreover, SHAP explanation reveals important features that influence the decisions made by the model thereby improving its interpretability and trustworthiness. The experimental results indicate that customized detection approaches are important and highlight the effectiveness of CATBoost algorithm in strengthening IIoT systems against ransomware attacks.

A fine-tuning of decision tree classifier for ransomware detection based on memory data

Ransomware has evolved into a pervasive and extremely disruptive cybersecurity threat, causing substantial operational and financial damage to individuals and businesses. This article explores the critical domain of Ransomware detection and employs Machine Learning (ML) classifiers, particularly Decision Tree (DT), for Ransomware detection. The article also delves into the usefulness of DT in identifying Ransomware attacks, leveraging the innate ability of DT to recognize complex patterns within datasets. Instead of merely introducing DT as a detection method, we adopt a comprehensive approach, emphasizing the importance of fine-tuning DT hyperparameters. The optimization of these parameters is essential for maximizing the DT capability to identify Ransomware threats accurately. The obfuscated-MalMem2022 dataset, which is well-known for its extensive and challenging Ransomware-related data, was utilized to evaluate the effectiveness of DT in detecting Ransomware. The implementation uses the versatile Python programming language, renowned for its efficiency and adaptability in data analysis and ML tasks. Notably, the DT classifier consistently outperforms other classifiers in Ransomware detection, including K-Nearest Neighbors, Gradient Boosting Tree, Naive Bayes, and Linear Support Vector Classifier. For instance, the DT demonstrated exceptional effectiveness in distinguishing between Ransomware and benign data, as evidenced by its remarkable accuracy of 99.97%.

ANALYSIS OF CYBER THREATS IN THE CONTEXT OF RAPID DEVELOPMENT OF INFORMATION TECHNOLOGY

In the digital age, cybersecurity has become an integral aspect of our lives. With the growing dependence on technology and the Internet, individuals, organizations and governments face unprecedented levels of cyber threats. Cyberattacks are becoming more frequent, sophisticated, and malicious, putting confidential information and critical infrastructure at risk. Therefore, it is crucial to understand the changing nature of cyber threats and develop effective strategies to counter them. The current state of cybersecurity and the challenges it faces are analyzed. It highlights aspects of the increasing number of cyberattacks and their growing complexity, which makes it difficult for traditional security measures to keep up. The different types of cyber threats, including ransomware and password guessing attacks, are also discussed. In addition, the motives for these attacks are discussed, which can range from financial gain to commercial and political espionage and cyberwarfare. The impact of new technologies on cybersecurity is considered, which offer tremendous benefits, but they also create new attack vectors that can be used by cybercriminals to exploit the latest potential vulnerabilities and risks. The paper analyzes global trends in IoT and cybersecurity over the 20 years from 2004 to 2024, as well as the development of ransomware threats and attacks, especially during the Covid-19 pandemic, as well as password cracking cyberattacks and their significant increase in 2023. Provides a comprehensive overview of the current state of cybersecurity and the challenges it faces. It emphasizes the importance of adopting a holistic approach to cybersecurity that combines technological solutions with education, awareness and international cooperation. It also emphasizes the need for organizations and individuals to remain vigilant and adapt to new threats and technologies. By working together, we can create a safer and more secure digital future for all.

Ransomware early detection: A survey

In recent years, ransomware attacks have exploded globally, and it has become one of the most significant cyber threats to digital infrastructure. Such attacks have been targeting ranging from individuals to critical infrastructure or large organizations such as large commercial companies, energy facilities, medical centers and government departments. Ransomware attackers use sophisticated encryption techniques to hijack victims’ files in exchange for a large ransom to release encrypted data. Sophisticated encryption techniques make it almost impossible for victims to recover data without the secret key in the event of such an attack. To protect systems from ransomware threats, malicious activities had better be detected earlier, preferably before they engage in harmful behavior. Numerous studies have focused on ransomware threats and attempted to provide detection and prevention solutions for ransomware attacks, but none of the surveys explored the early detection of ransomware and highlighted challenges and issues with existing solutions. This survey fills this gap and provides a state-of-the-art overview of research on ransomware early detections. Moreover, we investigate the latest ransomware surveys and give an overview of the categories of ransomware from different perspectives, the evolution and attack process of ransomware, and provide datasets used for ransomware detection. Finally, the possible future research directions are discussed.

The threat of ransomware in the food supply chain: a challenge for food defence

AbstractIn the food industry, the level of awareness of the need for food defence strategies has accelerated in recent years, in particular, mitigating the threat of ransomware. During the Covid-19 pandemic there were a number of high-profile organised food defence attacks on the food industry using ransomware, leading to imperative questions over the extent of the sector’s vulnerability to cyber-attack. This paper explores food defence through the lens of contemporary ransomware attacks in order to frame the need for an effective ransomware defence strategy at organisational and industry level. Food defence strategies have historically focused on extortion and sabotage as threats, but often in terms of physical rather than cyber-related attacks. The globalisation, digitalisation and integration of food supply chains can increase the level of vulnerability to ransomware. Ransomware is an example of an organised food defence threat that can operationalise both extortion and sabotage, but the perpetrators are remote, non-visible and often anonymous. Organisations need to adopt an effective food defence strategy that reduces the risk of a ransomware attack and can enable targeted and swift action in the event an incident occurs. Further collaboration between government and the private sector is needed for the development of effective governance structures addressing the risk of ransomware attacks. The novelty of this article lies in analysing the issue of ransomware attacks from the perspective of the food sector and food defence strategy. This study is of potential interest to academics, policy makers and those working in the industry.

Ransomware Behavior on Windows Endpoint: An Analysis

This paper provides a comprehensive examination of ransomware behavior on Windows endpoints, exploring the intrusion mechanisms, proliferation methods, and the mitigating strategies that can be employed. It provides a comparative analysis of several ransomware families and their effects on Windows systems, culminating with suggestions for future research directions in enhancing endpoint security against ransomware attacks. In the wake of a rising number of ransomware attacks worldwide, epitomized by the damaging disruptions to the Colonial Pipeline and the Irish Health Service Executive, the persistent threat of ransomware to critical infrastructure has never been more apparent. While Windows endpoints remain primary targets, these attacks have also highlighted a less explored but crucial aspect of ransomware behavior: the exploitation of Application Programming Interface (API) calls integral to the Windows operating system. This comprehensive study provides an exhaustive investigation into the interplay between ransomware and Windows APIs, emphasizing the patterns of invocation and manipulative misuse by various ransomware families. By investigating specific API calls, such as the CryptEncrypt function in the Cryptography API for encryption, and the CreateFile and WriteFile functions in the File API for file system interaction, we illuminate the mechanisms by which ransomware carry out their damaging actions. Further, using the real-world examples drawn from the Colonial Pipeline and Irish Health Service Executive incidents, among others, the study shows how these API calls were manipulated during actual ransomware attacks. In these cases, ransomware like DarkSide and Conti used Windows APIs not just for the primary tasks of encryption and file system manipulation, but also for achieving network communication, maintaining persistence, and even thwarting detection. By presenting a comparative analysis of API call sequences in both benign and ransomware-infected Windows environments, this study serves as a critical exploration into the behavior of these malicious entities. The different patterns observed provide us with valuable insights into their operational strategies and offer opportunities for the development of detection heuristics. The insights derived from this research contribute significantly to our understanding of the behavior patterns of recent, high-profile ransomware attacks. In turn, this work aims to guide the evolution of more sophisticated, behavior-based detection mechanisms, thus strengthening the security posture of Windows endpoints. Ultimately, this study underscores the need for continuous research into API call patterns, as the cybersecurity landscape continues to face dynamic and increasingly sophisticated threats.

A Secure Community: Mitigating Ransomware Threats to Small Businesses

Abstract: In recent years, the increasing use of computers and smartphones has changed the way businesses operate. But along with these changes, there has been a rise in cyber threats, especially for small businesses. This research study delves into the world of cybersecurity for small businesses, looking at the challenges they face. We analysed data and information from the internet sources to understand what small businesses know about cyber threats, how they protect themselves, and how cyberattacks affect them. The study gives us a clear picture of the cybersecurity situation in these communities and shows why it is important to keep their digital assets safe. By sharing this information, we hope to help small businesses, make them stronger, and create a safer online world for everyone.

Surviving the storm: The key to cyber resilience and incident response in healthcare.

This article underscores the significance of cyber defences and response processes in healthcare, highlighting their contribution to cyber resilience through adherence to industry best practices. It emphasizes the value of hypothetical scenarios as a common practice in the field to validate the effectiveness of cyber resilient actions, systems, processes, and decision-making in the face of various cyber threats. Focusing on the ransomware threat, the provided scenario examines its impact on healthcare systems and frontline support staff, while highlighting the time-sensitive challenges faced by response teams striving to restore essential services. Furthermore, it suggests replicating such analyses with key hospital personnel to precisely assess the impact of other types of cyber threats, such as those originating from malicious insiders or technical data breaches facilitated through social engineering attacks. By doing so, healthcare organizations can develop comprehensive and cyber resilient responses to safeguard their operations.