A ransomware attack is when a malicious attacker gains remote access to a computer system, causes damage that makes the system un-usable, and then asks the organisation to pay money (the ransom). If the money is paid then the attacker restores the system to a working state. There are several types of ransomware attack. One type is for the attacker to encrypt critical files on the victim’s system using a symmetric encryption scheme like AES. When the ransom is paid, then the attacker can provide the secret key and the victim can decrypt the files. This question is about such an attack. (We stress that ransomware attacks are evil and often cause harm to ordinary people. The purpose of this question is not to encourage students to do ransomware attacks!) (a) Suppose an organisation always encrypts its files. Does that prevent this ransomware attack? (b) Give at least 3 reasons why is it more convenient for the attacker to just encrypt the files, rather than to download copies of them and then delete the originals on the victim system? (c) Can an organisation recover from such a ransomware attack if it is able to restore the encrypted files from backup? (d) Is there a way for an organisation to detect such a ransomware attack early by checking for AES encrypted files on their hard disks?
Question
A ransomware attack is when a malicious attacker gains remote access to a computer system, causes damage that makes the system un-usable, and then asks the organisation to pay money (the ransom). If the money is paid then the attacker restores the system to a working state. There are several types of ransomware attack. One type is for the attacker to encrypt critical files on the victim’s system using a symmetric encryption scheme like AES. When the ransom is paid, then the attacker can provide the secret key and the victim can decrypt the files. This question is about such an attack. (We stress that ransomware attacks are evil and often cause harm to ordinary people. The purpose of this question is not to encourage students to do ransomware attacks!) (a) Suppose an organisation always encrypts its files. Does that prevent this ransomware attack? (b) Give at least 3 reasons why is it more convenient for the attacker to just encrypt the files, rather than to download copies of them and then delete the originals on the victim system? (c) Can an organisation recover from such a ransomware attack if it is able to restore the encrypted files from backup? (d) Is there a way for an organisation to detect such a ransomware attack early by checking for AES encrypted files on their hard disks?
Solution
(a) No, an organization always encrypting its files does not prevent this ransomware attack. This is because the attacker can still encrypt the already encrypted files with their own encryption key. The organization would then need the attacker's key to decrypt the files.
(b) There are several reasons why it is more convenient for the attacker to just encrypt the files, rather than to download copies of them and then delete the originals on the victim system:
- Speed: Encrypting files on the victim's system is faster than downloading them, especially if the files are large or the internet connection is slow.
- Bandwidth: Downloading files requires a lot of bandwidth, which might not be available or could raise suspicions if a large amount of data is being transferred.
- Storage: The attacker would need a large amount of storage space to store the downloaded files.
(c) Yes, an organization can recover from such a ransomware attack if it is able to restore the encrypted files from backup. This is because the backup files would not be encrypted by the attacker's key, and thus can be used to replace the encrypted files.
(d) Detecting a ransomware attack early by checking for AES encrypted files on their hard disks might not be feasible. This is because AES encryption does not change the file size significantly, and the encrypted files could look like normal files. Furthermore, if the organization already uses AES encryption for their files, it would be difficult to distinguish between legitimately encrypted files and those encrypted by the attacker.
Similar Questions
What are the characteristics of a ransomware attack? Select three answers.1 pointAttackers encrypt data on the device without the user's permission.Attackers make themselves known to their targets.Attackers demand payment to restore access to a device.Attackers display unwanted advertisements on the device.
Which of the following is the primary goal of a ransomware attack?Stealing information and dataDeactivating and destroying devicesShutting down network accessObtaining money through threats
Your computer is held hostage by malware that encrypts its data or makes it unavailable in some way. Demands that you pay a ransom to the cybercriminal who installed or deceived you into installing the virus. What are we referring to?Select one:SpywareMalwareRansomewareAdware
LO 7.5 Which of the following is not a way to prevent your computer from being attacked by ransomware?Choose one answer from the options below.A. making sure your antivirus security programs are up to dateB. opening all attachments from emails from unknown sendersC. using secure (password protected) networks and backing up your files regularlyD. not using open Wi-Fi (nonpassword, nonencrypted) in public locations BackNext
Which of the following is actually safe from ransomware?Select one:Mobile DevicesLaptops or DesktopsPhysical DocumentsBackup File Servers
Upgrade your grade with Knowee
Get personalized homework help. Review tough concepts in more detail, or go deeper into your topic by exploring other relevant questions.