According to Treasury Secretary Janet L. Yellen, “Ransomware and cyber-attacks are victimizing businesses large and small across America and are a direct threat to our economy. We will continue to crack down on malicious actors. As cyber criminals use increasingly sophisticated methods and technology, we are committed to using the full range of measures, to include sanctions and regulatory tools, to disrupt, deter, and prevent ransomware attacks.”
The twelfth installment in the cyber events series published by the NATO Cooperative Cyber Defence Center of Excellence (CCDCOE) and designed for military and national security decision-makers focuses on a global ransomware attack (Kaseya), spyware controversy (Pegasus), two cyberattacks (South Africa and South Korea), and a Microsoft Exchange compromise (China).
This paper evaluates attack methodologies of a ransomware attack: the underlying file deletion and file-encryption attack structures. In the former, the authors uncover the data recovery-prevention techniques and in the latter, they uncover the associated cryptographic attack models. The deeper comprehension of potential flaws and inadequacies exhibited in these attack structures form the basis of the overall objective of this paper. The deeper comprehension also enables the provision of enough technical information to guide decisions by victims before making hasty decisions to pay a ransom which might result into not only financial loss but loss of access to the attacked files if decryption is not possible by the attacker.
In this paper, the authors focus on ransomware, which is a type of digital crime that is essentially theft of information followed by demanding a ransom from the victim to regain access. They recommend a paradigm change, akin to the ARPANET project, with regards to a broadly deployed network storage system. The intent is to find a solution which addresses: 1) the financial incentive for ransomware attacks and 2) the difficulty of securing a system from an ever-evolving social/technical attack matrix. In addition, the authors take into account the restraint that any solution must be cost-effective.