Taxonomy of countermeasures to crypto-ransomware

In recent years, crypto-ransomware attacks have been on the rise. This form of malware scrambles valuable data with virtually unbreakable encryption and does not release it until a ransom is paid. This is a significant shift from early variants of ransomware and it has increased the impact of ransomware and the overall seriousness of the threat.

According to Statistic Canada, in 2017, 21% of Canadian businesses were impacted by a cybersecurity incident. Out of those, 38% were victim of an incident to steal money or demand ransom or payment.

As the ransomware threat grows, so does the number of offenders and the sophistication of their techniques. Ransomware actors employ advanced delivery techniques, including powerful botnets capable of sending millions of malicious messages per day and Internet scanners that identify vulnerable IP addresses.

All of these developments make it harder for law enforcement agencies to investigate ransomware crimes. If victims do not have backups in a secure location and the lost information is critical, the incentive to pay the ransom is high, which strengthens the ransomware business model.

Ransomware is not only a technical problem that requires a technical solution. Indeed, offenders increasingly use social engineering techniques to penetrate organisational networks as the first point of entry. The element of extortion also includes psychological tricks in order to force victims to pay, such as count-down clocks, explicit warnings of consequences of losing data or a strict deadline to pay with very little time to think.

In this article, Lena Connolly and David Wall from the University of Leeds explored how organisations and investigators have responded the crypto-ransomware situation.

They conducted a series of qualitative semi-structured interviews and held a focus group. The sample comprised of individuals who had first-hand experience with crypto-ransomware attacks as victims or investigators.

Their findings showed that participants strongly emphasised the importance of user security education, technical measures, network security, security policies and secure practices, and the incident response strategy as essential response tools to protect organisations against crypto-ransomware. This suggests that organisations have to improve and be equally adaptive in their responses to attacks. More importantly, the findings illustrate the nuanced relationship between the technological and social aspects of crypto-ransomware and their relationship with the organisational setting. The taxonomy of crypto-ransomware countermeasures shows that a multi-layered approach is required to protect organisations and make them more resilient to ransomware attacks.


Cite: Connolly, L. Y. and Wall, D. S. (2019). The rise of crypto-ransomware in a changing cybercrime landscape: Taxonomising countermeasures. Computer & Security, 87,101568.