Abstract
A staggering 550,000 ransomware attacks were recorded daily during the year of 2020 netting cybercriminals an immense amount of capital estimated to be over 1.5 trillion dollars. Owing their success to aging infrastructure and lack of defensive funding, malicious groups have been employing ransomware to entirely shut down critical infrastructure including medical equipment, gas, and oil pipelines, communication systems in the fields of healthcare, the military, and key spheres of industry around the world. All these incidents are posing a threat to smart city infrastructures. This also presents a large challenge for organizations when determining how to protect themselves from these popular and devastating attacks. Fortunately, the increase in ransomware attacks has caused a resurgence in cybersecurity, specifically, ransomware mitigation strategies and software which are designed to detect and prevent ransomware attacks before they can cause damage. In this chapter we will address the techniques and tools used to create and deploy ransomware, the historical effects of ransomware in large scale, global events, and the most effective techniques organizations can adopt to mitigate and prevent ransomware attacks. Through continual understanding of the nature of ransomware, we aim to educate end-users and organizations alike about the capabilities of ransomware as well as the protection strategies available in an effort to support the evolving and relentless fight against ransomware.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
References
FBI (2016) Internet crime complaint center (ic3): ransomware victims urged to report infections to federal law enforcement, Sep 2016
Committee on Homeland Security US House of Representatives (2021) Cyber threats in the pipeline: using lessons from the colonial ransomware attack to defend critical infrastructure: house committee on homeland security, Jun 2021
Palo Alto Networks (2022) The growing ransomware threat: 4 trends and insights, Mar 2022
Trend Labs (2016) The next tier, Dec 2016
Salvi MHU, Kerkar MRV (2016) Ransomware: a cyber extortion. Asian J Converg Technol (AJCT). ISSN-2350-1146, 2
Hadnagy C (2010) Social engineering: the art of human hacking. Wiley (2010)
Trautman LJ, Ormerod PC (2018) Wannacry, ransomware, and the emerging threat to corporations. Tenn L Rev 86:503
Akbanov M, Vassilakis VG, Logothetis MD (2019) Wannacry ransomware: analysis of infection, persistence, recovery prevention and propagation mechanisms. J Telecommun Inf Technol
Goodell JW, Corbet S (2022) Commodity market exposure to energy-firm distress: evidence from the colonial pipeline ransomware attack. Financ Res Lett 103329
Hayes K (2021) Ransomware: a growing geopolitical threat. Netw Secur 2021(8):11–13
Ransomware Task Force (2021) Combating ransomware. Intel Security Group
Wilner A, Jeffery A, Lalor J, Matthews K, Robinson K, Rosolska A, Yorgoro C (2019) On the social science of ransomware: technology, security, and society. Comp. Strateg 38(4):347–370
Bhuyan SS, Kabir UY, Escareno JM, Ector K, Palakodeti S, Wyant D, Kumar S, Levy M, Kedia S, Dasgupta D et al (2020) Transforming healthcare cybersecurity from reactive to proactive: current status and future recommendations. J Med Syst 44(5):1–9
Swasey K (2020) Insufficient healthcare cybersecurity invites ransomware attacks and sale of phi on the dark web. Center Anticip Intell Stud Res Rep
Sheffield JN ( 2020) The first word: the hipaa response to malware events, including ransomware attacks. Benefits Q 36(3):44–7
Liska A (2019) Early findings: review of state and local government ransomware attacks. Rec Future 10
Reeder JR, Hall CT (2021) Cybersecurity’s pearl harbor moment: lessons learned from the colonial pipeline ransomware attack. Government Contractor Cybersecurity, Washington, DC, USA
Fischer EA (2013) Federal laws relating to cybersecurity: overview and discussion of proposed revisions. Library of Congress Washington DC Congressional Research Service
Department of Homeland Security (2021) Responding to ransomware: exploring policy solutions to a cybersecurity crisis: house committee on homeland security, May 2021
Ransomware guide
Skertic J (2021) Cybersecurity legislation and ransomware attacks in the United States, 2015–2019. PhD thesis, Old Dominion University
Snoke TD, Shimeall TJ (2020) An updated framework of defenses against ransomware. Technical report, Carnegie-Mellon Univ Pittsburgh, PA
Slay J, Miller M (2007) Lessons learned from the maroochy water breach. In: International conference on critical infrastructure protection. Springer, pp 73–82
Ibarra J, Butt UJ, Do A, Jahankhani H, Jamal A (2019) Ransomware impact to SCADA systems and its scope to critical infrastructure. In: 2019 IEEE 12th international conference on global security, safety and sustainability (ICGS3). IEEE, pp 1–12
Santa D (2018) Cyber and physical security, best practices, and industry and government engagement. Fed Energy Regul Comm. https://www.ingaa.org/File.aspx?id=36642&v=62328155
Fanning K (2015) Minimizing the cost of malware. J Corp Account Finance 26(3):7–14
Tariq N (2018) Impact of cyberattacks on financial institutions. J Int Bank Commer 23(2):1–11
Nifakos S, Chandramouli K, Nikolaou CK, Papachristou P, Koch S, Panaousis E, Bonacina S (2021) Influence of human factors on cyber security within healthcare organisations: a systematic review. Sensors 21(15):5119
Tervoort T, De Oliveira MT, Pieters W, Van Gelder P, Olabarriaga SD, Marquering H (2020) Solutions for mitigating cybersecurity risks caused by legacy software in medical devices: a scoping review. IEEE Access 8:84352–84361 (2020)
Yadav A, Raisurana S, Lalitha P (2017) Information security in healthcare organizations using low-interaction honeypot intrusion detection system. Int J Secur Appl 11(9):95–107
Han JW, Hoe OJ, Wing JS, Brohi SN (2017) A conceptual security approach with awareness strategy and implementation policy to eliminate ransomware. In: Proceedings of the 2017 international conference on computer science and artificial intelligence, pp 222–226
Mamedova N, Urintsov A, Staroverova O, Ivanov E, Galahov D (2019) Social engineering in the context of ensuring information security. In: SHS web of conferences, vol 69. EDP Sciences, p 00073
Nieuwenhuizen D (2017) A behavioural-based approach to ransomware detection. Whitepaper, MWR Labs Whitepaper
Richardson R, North MM (2017) Ransomware: evolution, mitigation and prevention. Int Manag Rev 13(1):10
Eshghi S, Khouzani MHR, Sarkar S, Venkatesh SS (2014) Optimal patching in clustered malware epidemics. IEEE/ACM Trans Netw 24(1):283–298
MacDermott Á, Kendrick P, Idowu I, Ashall M, Shi Q (2019) Securing things in the healthcare internet of things. In: 2019 global IoT summit (GIoTS). IEEE, pp 1–6
Robert Richardson and CSI Director (2008) CSI computer crime and security survey. Comput Secur Inst 1:1–30
Spence N, Bhardwaj MBBSN, Paul DP III (2018) Ransomware in healthcare facilities: a harbinger of the future? Perspectives in Health Information Management, pp 1–22
Zetter K (2016) 4 ways to protect against the very real threat of ransomware, May 2016
Laudon KC, Laudon JP (2004) Management information systems: managing the digital firm. Pearson Educación
Ateya IL, Shibwabo BK, Mugoh L (2015) Continuous data protection architecture as a strategy for reduced data recovery time
Evans C (2014) Backup vs replication, snapshots, CDP and data protection strategy. ComputerWeekly, Juni
Rahman NHA, Glisson WB, Yang Y, Choo K-KR (2016) Forensic-by-design framework for cyber-physical cloud systems. IEEE Cloud Comput 3(1):50–59
Thomas J, Galligher G (2018) Improving backup system evaluations in information security risk assessments to combat ransomware. Comput Inf Sci 11(1)
Huang J, Xu J, Xing X, Liu P, Qureshi MK (2017) Flashguard: leveraging intrinsic flash properties to defend against encryption ransomware. In: Proceedings of the 2017 ACM SIGSAC conference on computer and communications security, pp 2231–2244
Kessler SR, Pindek S, Kleinman G, Andel SA, Spector PE (2020) Information security climate and the assessment of information security risk among healthcare employees. Health Inf J 26(1):461–473
Elradi MD, Mohamed MH, Ali ME (2021) Ransomware attack: rescue-checklist cyber security awareness program. Artif Intell Adv 3(1)
Young H, van Vliet T, van de Ven J, Jol S, Broekman C (2017) Understanding human factors in cyber security as a dynamic system. In: International conference on applied human factors and ergonomics. Springer, pp 244–254
Hull G, John H, Arief B (2019) Ransomware deployment methods and analysis: views from a predictive model and human responses. Crime Sci 8(1):1–22
Veseli I (2011) Measuring the effectiveness of information security awareness program. Master’s thesis
Thomas J (2018) Individual cyber security: Empowering employees to resist spear phishing to prevent identity theft and ransomware attacks. Thomas JE (2018) Individual cyber security: empowering employees to resist spear phishing to prevent identity theft and ransomware attacks. Int J Bus Manag 12(3):1–23
Uandykova M, Lisin A, Stepanova D, Baitenova L, Mutaliyeva L, Yüksel S, Dincer H (2020) The social and legislative principles of counteracting ransomware crime. Entrep Sustain Issues
Priestman W, Anstis T, Sebire IG, Sridharan S, Sebire NJ (2019) Phishing in healthcare organisations: threats, mitigation and approaches. BMJ Health Care Inf 26(1)
Sun W, Sekar R, Liang Z, Venkatakrishnan VN (2008) Expanding malware defense by securing software installations. In: International conference on detection of intrusions and malware, and vulnerability assessment. Springer, pp 164–185
Sabbouh M, Higginson J, Semy S, Gagne D (2007) Web mashup scripting language. In: Proceedings of the 16th international conference on world wide web, pp 1305–1306
Chang J, Venkatasubramanian KK, West AG, Lee I (2013) Analyzing and defending against web-based malware. ACM Comput Surv (CSUR) 45(4):1–35
Adel Hamdan Mohammad (2020) Ransomware evolution, growth and recommendation for detection. Mod Appl Sci 14(3):68
Ren A, Liang C, Hyug I, Broh S, Jhanjhi NZ (2020) A three-level ransomware detection and prevention mechanism. EAI Endorsed Trans Energy Web 7(26)
Frenz C, Diaz C (2018) Anti ransomware guide—owasp, Mar 2018
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Lamers, C., Spoerl, E., Levey, G., Choudhury, N., Ahmed, M. (2023). Ransomware: A Threat to Cyber Smart Cities. In: Ahmed, M., Haskell-Dowland, P. (eds) Cybersecurity for Smart Cities. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-031-24946-4_13
Download citation
DOI: https://doi.org/10.1007/978-3-031-24946-4_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-24945-7
Online ISBN: 978-3-031-24946-4
eBook Packages: Physics and AstronomyPhysics and Astronomy (R0)