The Ransomware Epidemic: Recent Cybersecurity Incidents Demystified

Sheetal Temara *

Department of Computer & Information Sciences, University of the Cumberlands, Williamsburg, KY, United States.

*Author to whom correspondence should be addressed.


Abstract

The pervasive threat of ransomware poses a significant risk to businesses across various scales as cybercriminals continue to exploit vulnerabilities causing severe disruptions and demanding substantial ransom payments.  This review conducts a comprehensive literature review delving into recent ransomware attacks to analyze key aspects, including the targeted organizations, attack vectors, threat actors, propagation mechanisms, and the resulting business impact.  The study goes beyond a surface examination by exploring the evolving nature of ransomware attacks, encompassing different types, attack vectors, and emerging tactics, such as double extortion, where cybercriminals not only encrypt data but also exfiltrate and threaten to release it publicly unless a ransom is paid.  High-profile incidents, including those involving SickKids Hospital, Royal Mail, Dish Network, Five Guys, and ION are scrutinized to glean insights into the intricacies of these attacks.  The review also evaluates the effectiveness of existing ransomware defenses and proposes potential strategies for organizations to counteract, identify, and manage ransomware incidents.  The findings underscore the critical need for organizations to comprehend the evolving ransomware landscape and implement robust cybersecurity measures to protect both internal and external stakeholders.  As ransomware continues to evolve in complexity, this study provides valuable insights emphasizing the importance of proactive defenses to mitigate the risks posed by this growing threat.

Keywords: Ransomware, cybercriminals, ransomware incidents, ransomware defenses


How to Cite

Temara , Sheetal. 2024. “The Ransomware Epidemic: Recent Cybersecurity Incidents Demystified”. Asian Journal of Advanced Research and Reports 18 (3):1-16. https://doi.org/10.9734/ajarr/2024/v18i3610.

Downloads

Download data is not yet available.

References

Kapko M. Ransomware attack exposes california transit giant’s sensitive data. Cybersecurity Dive; 2023. Available:https://www.cybersecuritydive.com/news/ransomware-attack-exposes-california-transitgiants-sensitive-data/640121/ Accessed: 01-27-2024.

Abrams L. Royal mail cyberattack linked to lockbit ransomware operation. Bleeping computer; 2023. Available:https://www.bleepingcomputer.com/news/security/royal-mail-cyberattack-linked-tolockbit-ransomware-operation/. Accessed: 01-27-2024.

Abrams L. Ransomware gang apologizes, gives SickKids hospital free decryptor. Bleeping Computer; 2023. Available:https://www.bleepingcomputer.com/news/security/ransomware-gang-apologizes-givessickkids-hospital-free-decryptor/. Accessed: 01-27-2024.

Din A. Some of the companies affected by ransomware in 2021. Heimdal security Blog; 2021. Available:https://heimdalsecurity.com/blog/companies-affected-byransomware. Accessed: 01-27-2024.

Limited CMA. Ransomware resources - How to prevent ransomware. Cyber management Alliance; 2023. Available:https://www.cm-alliance.com/ransomware. Accessed: 01-27-2024.

Caroscio E, Paul J, Murray J, Bhunia S. Analyzing the ransomware attack on D.C. metropolitan police department by babuk. In: 2022 IEEE International Systems Conference (SysCon), Montreal, Canada, April. 2022;1-8. DOI: 10.1109/SysCon53536.2022.9773935

Kiesel K, Deep T, Flaherty A and Bhunia S. Analyzing multi-vector ransomware attack on Accellion File Transfer Appliance Server. In: 2022 7th International conference on smart and sustainable technologies (SpliTech). Split / Bol, Croatia. 2022;1-6. DOI: 10.23919/SpliTech55088.2022.9854275

Lapienyte J. Five guys allegedly hit by ransomware. Cybernews; 2023. Available:https://cybernews.com/news/five-guys-ransomware/, Accessed: 01-27-2024.

Marcelline M. Dish network hit with multi-day outage, Suspected ransomware attack. PCMag; 2023. Available:https://me.pcmag.com/en/tvs/15036/dish-network-hitwith-multi-day-outage-suspected-ransomware-attack/. Accessed: 01-27-2024.

Zubair B, Mekala SH, and Zeadally S. Ransomware attacks of the COVID-19 Pandemic: Novel Strains, Victims, and Threat Actors. IEEE Xplore. 2023;25(5):37-44.

Berry HS. The evolution of cryptocurrency and cyber-attacks. In: 2022 international conference on computer and applications (ICCA), Cairo, Egypt. 2022;1-7. DOI: 10.1109/ICCA56443.2022.10039632

Robb B. The state of ransomware in 2023. BlackFog; 2023. Available:https://www.blackfog.com/the-state-of-ransomware-in-2023/. Accessed: 01-27-2024.

Toulas B. Royal ransomware claims attack on Queensland University of Technology. BleepingComputer; 2023. Available:https://www.bleepingcomputer.com/news/security/royal-ransomware-claims-attack-onqueensland-university-of-technology/. Accessed: 01-27-2024.

Vehabovic A, Ghani N, Bou-Harb E, Crichigno J, Yayimli A. Ransomware detection and classification strategies. In: 2022 IEEE International Black Sea Conference on communications and networking (BlackSeaCom); 2022. DOI: 10.1109/blackseacom54372.2022.9858296

Yahye AA, Huda S, Bander AS Al-rimy, Alharbi N, Saeed F, Ghaleb FA, and Ali, IM. A weighted minimum redundancy maximum relevance technique for ransomware early detection in industrial IoT. Sustainability. 2022;14(3):1231.

Zahoora U, Rajarajan M, Pan Z, Khan A. Zero-day ransomware attack detection using deep contractive autoencoder and voting based ensemble classifier. Applied Intelligence. 2022;52(12):13941-13960.

Zandile M, Botha RA. Preventing and mitigating ransomware: A systematic literature review. In information security: 17th International Conference, ISSA 2018, Pretoria, South Africa, August 15–16, 2018, Revised Selected Papers 17 (pp. 149-162). Springer International Publishing; 2019.

Zesheng C, Ji C. An information-theoretic view of network-aware malware attacks. IEEE Transactions on Information Forensics and Security. 2009;4(3):530-541.

Zheyu S, Tian Y, Zhang J. Similarity analysis of ransomware attacks based on ATT&CK Matrix. IEEE Access; 2023.

NMR. Hit by ransomware? No more ransom now offers 136 free tools to rescue your files. Europol; 2022. Available:https://www.europol.europa.eu/mediapress/newsroom/news/hit-ransomware-no-more-ransom-now-offers-136-free-tools-torescue-your-files/. Accessed: 01-27-2024.

Zimba A, Wang Z, Chen H. Multi-stage crypto ransomware attacks: A new emerging cyber threat to critical infrastructure and industrial control systems. ICT Express. 2018;4(1): 14-18.

Kay B. Service now brand voice: The destructive rise of ransomware-As-AService. Forbes; 2021. Available:https://www.forbes.com/sites/servicenow/2021/06/09/thedestructive-rise-of-ransomware-as-a-service/?sh=7c1eb6661e16/. Accessed: 01-27-2024.

Satter R. Hackers who breached ION say ransom paid; company declines comment. Reuters; 2023. Available:https://www.reuters.com/technology/hackers-sayransom-paid-case-derivatives-data-firm-ion-company-declines-comment-2023-02-03/. Accessed: 01-27-2024.

Scroxton A. Arnold clark cyber-attack claimed by play ransomware gang. ComputerWeekly; 2023. Available:https://www.computerweekly.com/news/252529566/Arnold-Clark-cyber-attack-claimedby-Play-ransomware-gang/. Accessed: 01-27-2024.

Kaspersky. No more ransom helped more than 1.5 million people decrypt their devices. Corporate News; 2022. Available:https://www.kaspersky.com/about/pressreleases/2022_no-more-ransom-helped-more-than-15-million-people-decrypt-theirdevices/. Accessed: 01-27-2024.

Khaitan A. Fujikura global: LockBit ransomware group’s latest victim. The Cyber Express; 2023. Available:https://thecyberexpress.com/lockbit-fujikura-global-cyberattack-ransom/. Accessed: 01-27-2024.

Toulas B. Fruit giant dole suffers ransomware attack impacting operations. BleepingComputer; 2023. Available:https://www.bleepingcomputer.com/news/security/fruit-giant-dole-suffers-ransomwareattack-impacting-operations/. Accessed: 01-27-2024.

Staff SC. Dish network ransomware attack information remains sparse. SC Media; 2023. Available:https://www.scmagazine.com/brief/ransomware/dish-network-ransomwareattack-information-remains-sparse/. Accessed: 01-27-2024.

NMR. The no more ransom project. Nomoreransom.org; 2019. Available:https://www.nomoreransom.org/en/index.html. Accessed: 01-27-2024.

Zhang X, Wang J, Zhu S. Dual generative adversarial networks based unknown encryption ransomware attack detection. IEEE Access. 2021;10: 900-913.