Network Packet Capturing and Incidence Response Planning to Avoid Ransomware

International Journal of Computer Science and Engineering
© 2018 by SSRG - IJCSE Journal
Volume 5 Issue 5
Year of Publication : 2018
Authors : Mrs.Varanasi Usha Bala, Akhil Karrothu, B.Sanat Kumar

pdf
How to Cite?

Mrs.Varanasi Usha Bala, Akhil Karrothu, B.Sanat Kumar, "Network Packet Capturing and Incidence Response Planning to Avoid Ransomware," SSRG International Journal of Computer Science and Engineering , vol. 5,  no. 5, pp. 1-5, 2018. Crossref, https://doi.org/10.14445/23488387/IJCSE-V5I5P101

Abstract:

Nowadays ransomware has become the alarming situation over the internet which attacks the user’s system over the internet and demands ransom to get back to the original working state of the user’s system. Our main idea is to avoid ransomware by capturing and analyzing the packet which is sent through the mail server and then block that packet so as to avoid the ransomware attack. The packet which is captured is tested for a malware and then blocked. We also propose an incident plan to avoid the ransomware attack. This method of avoiding ransomware attack might increase the organizations’ performance thereby increasing the business continuity.

Keywords:

 

Cyber Attack, Packet Capturing, Network Packet Analysis, Ransomware, Ransom, business continuity, malware, Incidence Response Plan, Ransomware Incidence Response Life Cycle(RIRLC).

References:

[1] Gammons, B. (2016). 5 Things to know about the Rise of Ransomware among Healthcare Providers Retrieved from https://blog.barkly.com/rise-of-ransomware-healthcare-stats. 
[2] Kim Boatman, “Beware the Rise of Ransomware”,http://in.norton.com/yoursecurityresource/detail.jsp?aid=rise_in_ransomware 
[3] Zetter, K. (2016, March 30). Why Hospitals are the Perfect Targets for Ransomware. Retrieved from https://www.wired.com/2016/03/ransomware-why-hospitals-are-the-perfect-targets/ 
[4] Carrier, B. “File System Forensic Analysis”, Addison-Wesley Professional, (2005). 
[5] Krebs, B. (2016, March 22). Hospital Declares „Internal State of Emergency‟ After Ransomware Infection. Retrieved from http://krebsonsecurity.com/2016/03/hospital-declares-internet-state-ofemergency-after-ransomware-infection/ 
[6] CISCO,Inc. Ransomware on Steroids: Cryptowall2.0.http://blogs.cisco.com/security/talos/cryptowall-2. 
[7] Narayanan A, Shmatikov V. De-anonymizing social networks, in: Proceedings of the 30th IEEE Symposium on Security and Privacy (S&P 2009), IEEE Computer Society, 2009, pp. 173–87. Perito D, Castelluccia C, Kaafar MA, Manils P. How unique and traceable are usernames? In: Privacy Enhancing Technologies. Springer; 2011. p. 1–17. 
[8] Ali, Murthy, R., & Kohun, F.(2016). Recovering from the nightmare ransomware-How savvy users get hit with viruses and malware: A personal case study: Issues in Information Systems, 17(4),58-69. 
[9] Zeng, Kazemian, Varghese,and Nick “Automatic Test Packet Generation”,VOL. 22, NO. 2, APRIL, 2014. 
[10] Knowles W, Baron A, McGarr T. The simulated security assessment ecosystem: does penetration testing need standardisation? CompSec 2016;62:296–316. Kontaxis G, Polakis I, Ioannidis S, Markatos EP. Detecting social network profile cloning,in: Pervasive Computing and Communications Workshops(PERCOM Workshops),2011 IEEE International Conference on, IEEE, 2011, pp. 295–300. 
[11] Dewan P, Kashyap A, Kumaraguru P. Analyzing social and stylometric features to identify spear phishing emails. In: APWG Symposium on Electronic Crime Research (eCrime), Institute of Electrical and Electronics Engineers. 2014. p.1–13. doi:10.1109/ecrime.2014.6963160. 
[12] Krebs on Security, “Inside a Reveton RansomwareOperation”http://krebsonsecurity.com/2012/08/inside-a-reveton-ransomware-operation/ 
[13] Bowen, B. M., Hershkop, S., Keromytis, A. D., Stolfo, S. J. “Baiting inside attackers using decoy documents”, Springer, (2009). 
[14] Kharraz, W. Robertson, D. Balzarotti, L. Bilge, E. Kirda, “Cutting the gordian knot: A look under the hood of ransomware attacks”,12th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2015), July 9-10, 2015, Milan, Italy. 
[15] Green B, Prince D, Busby J, Hutchison D. The impact of social engineering on industrial control system security, in: Proceedings of the First ACM Workshop on Cyber-Physical Systems-Security and/or Privacy, ACM, 2015, pp. 23–9. Huber M, Kowalski S, Nohlberg M, Tjoa S. Towards automating social engineering using social networking sites, in: International Conference on Computational Science and Engineering, 2009 (CSE„09), Vol. 3, IEEE, 2009, pp. 117–24. 
[16] K.Cabaj, P.Gawkowski, K.Grochowski, D. Osojca, “Network activity analysis of CryptoWall ransomware”, Przeglad Elektrotechniczny, vol. 91, nr11,2015,ss.201- 204,URL:http://pe.org.pl/articles/2015/11/48.pdf. 
[17] Zhang H, Yao DD, Ramakrishnan N, Zhang Z. Causality reasoning about network events for detecting stealthy malware activities. Comp Sec 2016;58:180–98 
[18] Bharadwaj, A.,Avasthi, V.,Sastry, H.,& subrahmanyam, G.V.B.(2016). Ransomware digital extortion: A rising new age threat. Indian Journal of Science and Technology, 9,14. 
[19] Azad Ali, Ransomware: A research and a personal case of Dealing with this nasty malware (IISIT.org), Volume 14, 2017. 
[20] Ransomware Response Guide, IBM Incidence Response Services, May 2016.