Enterprise Cybersecurity: Investigating and Detecting Ransomware Infections Using Digital Forensic Techniques

J. Chem. Inf. Comput. Sci. Pub Date : 2019-07-25 DOI:10.5539/cis.v12n3p72

Jason Earl Thomas, Ryan P. Galligher, M. L. Thomas, Gordon C. Galligher

{"title":"Enterprise Cybersecurity: Investigating and Detecting Ransomware Infections Using Digital Forensic Techniques","authors":"Jason Earl Thomas, Ryan P. Galligher, M. L. Thomas, Gordon C. Galligher","doi":"10.5539/cis.v12n3p72","DOIUrl":null,"url":null,"abstract":"As the world continues to grow and embrace technology ransomware is growing problem. When ransomware encrypts storage sytems, systems shutdown, productivity grinds to a halt, and serious long-term damage takes place. As this is a known problem many firms have developed functionality to address ransomware issues in key security technologies such as intrusion protection systems. Many firms, especially smaller ones, may not have access to these technologies or perhaps the integration of these technologies might not yet be possible due ot varying circumstances. Regardless, ransomware must still be addressed as cyber miscreants actually target weak and unprotected environment. Even without tools that automate and aggregrate security capability, systems administrators can use systems utilities, applications, and digital forensic techniques to detect ransomware and defend their environemnts. This paper explores the literature regarding ransomware attacks, discusses current issues on how ransomware might be addressed, and presents recommendations to detect and investigate ransomware infection.","PeriodicalId":14676,"journal":{"name":"J. Chem. Inf. Comput. Sci.","volume":"66 1","pages":"72-80"},"PeriodicalIF":0.0000,"publicationDate":"2019-07-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"J. Chem. Inf. Comput. Sci.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.5539/cis.v12n3p72","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

Abstract

As the world continues to grow and embrace technology ransomware is growing problem. When ransomware encrypts storage sytems, systems shutdown, productivity grinds to a halt, and serious long-term damage takes place. As this is a known problem many firms have developed functionality to address ransomware issues in key security technologies such as intrusion protection systems. Many firms, especially smaller ones, may not have access to these technologies or perhaps the integration of these technologies might not yet be possible due ot varying circumstances. Regardless, ransomware must still be addressed as cyber miscreants actually target weak and unprotected environment. Even without tools that automate and aggregrate security capability, systems administrators can use systems utilities, applications, and digital forensic techniques to detect ransomware and defend their environemnts. This paper explores the literature regarding ransomware attacks, discusses current issues on how ransomware might be addressed, and presents recommendations to detect and investigate ransomware infection.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

企业网络安全:使用数字取证技术调查和检测勒索软件感染

随着世界不断发展和拥抱技术，勒索软件的问题日益严重。当勒索软件加密存储系统时，系统会关闭，生产力会停滞不前，并且会发生严重的长期损害。由于这是一个已知的问题，许多公司已经开发了功能来解决勒索软件问题的关键安全技术，如入侵保护系统。许多公司，特别是较小的公司，可能无法获得这些技术，或者由于各种情况，这些技术的整合可能还不可能。无论如何，勒索软件仍然必须解决，因为网络罪犯实际上是针对脆弱和不受保护的环境。即使没有自动化和集成安全功能的工具，系统管理员也可以使用系统实用程序、应用程序和数字取证技术来检测勒索软件并保护他们的环境。本文探讨了有关勒索软件攻击的文献，讨论了如何解决勒索软件的当前问题，并提出了检测和调查勒索软件感染的建议。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助