Accounting Information Systems - Assignment Example

Accounting information systems Name Institution Accounting information systems Question 1: Briefly explain what you understand the meaning of the term Ransomware means. (500) words) Provide a list of three ransomware events that have taken place prior to 2017 and a description of how it was resolved. This piece of paper will give a comprehensive discussion of the concept of ransomware and various aspects associated with it. This will be achieved by answering specific questions that outline the assignment. According to Gazet (2010), ransomware can be defined as a kind of malware that works by limiting or preventing a user from getting access to their system. This is usually through locking the users’ files or locking the screen of the system until a ransom is paid. There are different categories of ransomware and they differ in their level of complexity and the manner in which they operate. For instance, simple ransomware could work by locking the system in a manner that is easy for an individual with some knowledge in information technology to reverse the situation. Nonetheless, crypto-ransomware, which entails a group of modern ransomware, is more dangerous. This is more so since they work by encrypting some files that exist on infected systems, an aspect that forces users to pay the ransom. It is only after the payment of the ransom through given online payment method that a decrypt key is set for one to be in a position to access the system again. As we progress in the age of technology, the use of ransomware scams has greatly grown on an international level and hence the need to be more careful on the same especially when it comes to devising mechanisms of dealing with the menace. To have a better understanding of ransomware and the extent of its occurrence, three ransomware events that have taken place prior to 2017 will be highlighted. They include Reveton, CryptoLocker and Crypto Wall. Reveton is a major ransomware that started spreading in 2012. It operates by displaying a warning alleging to come from a law enforcement agency. The warning claims that the computer has been used for unlawful practices or activities, an aspect that makes it be known as the Police Trojan (Aurangzeb, Aleem, Iqbal & Islam, 2017). The user is expected to pay a fine so as to have their system unlocked. On the other hand, CryptoLocker came around in 2013. This is an encrypting ransomware that produces a key that makes it possible to encrypt files by the use of a whitelist of given file extensions. The malware required that some payment was made in three days. The fact that it uses considerable space makes is difficult to repair and recover. CryptoWall is also a key ransomware Trojan that targets Windows. It appeared in 2014 and websites were greatly affected. It uses various means to deceive users into trusting it. During encryption, CryptoWall also deletes lots of files and install spyware that filch Bitcon wallets and passwords (Brewer, 2016). All the above three ransomware malwares work by deceiving the users into paying some amount of money so that they may be in a position to access their systems. Apart from being ripped off their money, there is also the aspect of data and information being compromised to an extent of affecting day to day operations. This means that they should be avoided irrespective of the cost involved. Question 2: Provide a synopsis of the WannaCry ransomware attack of May 2017. (1,000 words) The WannaCry ransomware attack of May 2017 is one that will not be forgotten any time soon. A ransomware works by contacting a central server for information that needs activation, once a computer system is infected. It is from here that it begins encrypting files on the infected computer with the acquired information. When all the files are encrypted, the ransomware posts a message demanding for payment so as to decrypt the files and goes to an extent of threatening to destroy the data in the event that the payment is not done. In most cases, it has a timer attached to it as a way of pressuring the computer users to pay promptly. The WannaCry ransomware was not any different and used the same approach. WannaCry were asking for about $ 300 worth of the cryptocurrency Bitcon in order to unlock or decrypt the contents of the computer systems. The cost could be so high for an organization since the charges are attached per every machine or computer system. WannaCry ransomware was an international cyber attack that mainly targeted computer systems that run the Microsoft Windows operating system. It was an attack from the WannaCry ransomware cryptoworm and works by encrypting data and then demanding ransom payments for the users to be in a position to access their systems again. WannaCry ransomware attack spread too fast such that within a day, the malware had spread to more than 150 nations and infected many computers (Mattei, 2017). The high speed can be attributed to the fact that the ransomware has the capability to spread within networks from one personal computer to another. The effects of the WannaCry ransomware attack was heavily felt since it attacked various areas including the basic and large organizational systems. For instance, the attack affected the United Kingdom’s National Health Service. This was a tragedy that necessitated that it ran some of the services only on an emergency basis before the issue could be rectified. Other notable areas that were hit hard include Telefonica in Spain, Deutsche Bahn and FedEx among others companies in various nations. Nonetheless, the attackers did not have a smooth way all through. For example, they faced resistance when a young web security researcher came up with an effective kill switch shortly after the attack began. He did this by registering a domain name that he got in the code of that ransomware. It is worth noting that despite the fact that this step did a lot of good with regard to halting the outbreak, all is not well since new versions have been detected day by day and they do not have the kill switch (Mohurle, & Patil, 2017). Nonetheless, it is also apparent that some ways that may help in recovering data from computer systems that have been infected have been found. The WannaCry ransomware attack was spread over the internet. EternalBlue was the exploit vector that was used in spreading the malware and it is believed to have leaked from the U.S. National Security Agency. Various languages were used by the ransomware in demanding money from users via Bitcon cryptocurrency. The event received a lot of attention from the public in different parts of the world. This can mainly be attributed to the fact that the United States National Security Agency has previously identified the susceptibility. Nonetheless, instead of reporting the matter to Microsoft, it used it to come up with an exploit for the sake of its offensive work. At last, Microsoft came to know of the vulnerability (on March 14, 2017) and issued security bulletin to stipulate the challenge. An announcement was also made stating that patches related to all Window versions that existed at that time had been released. Despite the warning many Windows users had not taken caution two months later when WannaCry rapidly spread itself through the EternalBlue vulnerability (Ehrenfeld, 2017). This made Microsoft to release emergency security patched for some operating systems. Those that ran older versions of Microsoft Windows that were unsupported were in even more danger or risk. These included Windows Server 2003 and Windows XP. Nonetheless, security patches for the same were also later released by Microsoft. With the application of the updates, a slowdown of new infections was noted. It is imperative to note that business and organizations were hit quite hard and the consequences of the attack cannot be underrated. This is more so when it comes to attention and resources. According to Mattei (2017), it is absurd that the attack could have been prevented if most organizations and businesses were up to date with their machines and systems and had the latest software in place. Nonetheless, this is not always possible since there could be a problem of not having adequate funding to upgrade to the greatest and latest. Also, some corporate cultures do not prioritize security and hence they do it without any urgency. Quality of technology is also an issue since most organizations run pirated versions of operating systems that may not receive any upgrade notifications. Other than other implications associated with WannaCry, research indicates that it had some political affiliations or effects. For instance, in the United Kingdom, the effect on the National Health Service rapidly turned political. There were claims that the impacts were escalated by the fact that the government underfunded the service. Irrespective of the sources of the event, it is clear that it had significant negative influence on individuals and more critically on businesses and organization (Mohurle, & Patil, 2017). It is important that organizations stay vigilant and take warnings serious and more so take necessary caution to ensure that they do not suffer out of something that could have been avoided. A simple step like staying up to date can go a long way in preventing an attack. Question 3: Discuss the implications for an organization and how you would protect your organization from such an event. (1,000 words) Technology is an aspect that is associated with both benefits as well as drawbacks. Despite the fact that the benefits tend to outweigh the drawbacks, the issue of cyber security is major. This is where ransomware falls. Ransomware is definitely a threat to both individuals and organizations. Organizations are even hit harder. This is more so since it attacks the core element, which is information. Data and information play a major role in driving organizations and without this, nothing may progress. This therefore means that an organization is deemed to incur great losses in the event that it suffers from ransomware attack. According to the American Technology Services (2017), the effect of a ransomware such as WannaCry could be so damaging especially for an organization that is not prepared to handle the threat. The attack may cost large sums of money in terms of recovery as well as ransom that is demanded in order for the information to be decrypted. Worst still, even after payment of the ransom, it is not a guaranteed to recover all the information in its initial state. Apart from paying the ransom, the ramifications of the attack are also something no organization would wish for. When the files are under attack, the computers cannot be operated effectively. This means it affects an organization’s productivity and could also lower the confidence of the investors and customers in the organization. Closure of business premise is also an issue that could eventually occur after an attack by ransomware. These are enough justifications that the effects are worrying and should therefore be avoided under all costs. Based on the above implications, it is apparent that organizations should be vigilant and put all mechanisms possible to protect itself from information security related issues and ransomware in particular. Some of the strategies that would be implemented with an aim of safeguarding an organization from such events include the following. To some extent, anti-virus software can protect a computer system from attacks by WannaCry and other ransomware. Antivirus programs that are capable of scanning files before they are downloaded as well as blocking secret installations and identifying malware that may be already on a computer system are also a defense mechanism against the attacks. It is however worth noting that this may not be a permanent solution since cyber criminals are constantly devising ways to override such safeguards or measures. Sophisticated security systems, which large organizations may be in a position to set up, could also go a long way in preventing these attacks. This is more so since they are capable of spotting the occurrence of the attacks and hence isolating files and documents to reduce damage (Kirk, 2016). This means that individuals and small organizations may not be lucky as a result of the costs involved and could therefore lose access to their data and information. The other alternative that has a higher level of security is to have a comprehensive back up mechanism whereby all files are backed up in a totally separate system. This way, the effects of ransomware attacks could be minimized. This is more so because in the event that an organization suffer such an attack, it does not lose any information and can always resume normal operations without wasting time on recovery strategies. Patching and system updates also help systems to be strong when it comes to fighting attacks and thus, they are not badly affected even if the hackers try to invade the systems. With advent in technology, cyber security companies have come up with sophisticated mechanisms to deal with cyber attacks, such as machines that are in a position to fight back the moment they spot any hacking activity in a given system (Kirk, 2016). There is need for individuals and employees in an organization to be aware of everything that concerns cyber attacks and ransomware in particular. For instance, they should be informed of ways of preventing malicious access into their systems. The employees could be suspicious of unsolicited emails. Typing out web addresses is also advisable rather that clicking on links without knowing their sources and intention. Organizations should invest in aspects such as network protection, email and web protection, data backup policy as well as endpoint and server protection. UNVEIL is another system that is particularly designed to detect ransomware and therefore prevent it from attacking and destroying files and information. UNVEIL works on the basis that for an attack to be successful, ransomware has to interfere with the desktop or files of the user. For this reason, it automatically produces a user environment that is artificial in nature and help in detecting when ransomware come in contact with user data. In other worlds, UNVEIL launches suspected malware in a safeguarded virtual environment that works by monitoring the behavior in a restricted manner after which it quickly determines whether it was ransomware or not. The system is also effective since in parallel, it is in a position to track any alterations to the desktop of a system that depict that there could be presence of ransomware. It is said that UNVEIL considerably enhance the state of the art and is capable of identifying evasive ransomware that was previously not detected by the malware industry (Kirda, 2017). CrytoDrop is another real-time monitoring system that was created by researchers from Villanova University and the University of Florida. It was in a position to stop ransomware almost immediately (Fleishman, 2016). The combination of these defensive and preventive measures and strategies would go a long way in ensuring that computer systems are safe from hacking attacks and ransomware in particular. Also, with technological development, it is possible to come up with other more effective strategies that will render the efforts of the hackers futile and enhance the security of computer and information systems. It is imperative to note that it is not easy to prevent hackers from launching a ransomware attack but it is good to practice caution. As it is said, prevention is better than cure. References American Technology Services. (2017). WannaCry: The Impact of Ransomware and How to Protect Your Organization From an Attack. Retrieved from http://blog.networkats.com/wannacry-the-impact-of-ransomware-and-how-to-protect-your-organization-from-an-attack Aurangzeb, S., Aleem, M., Iqbal, M. A., & Islam, M. A. (2017). Ransomware: A Survey and Trends. Journal of Information Assurance & Security, 6(2). Brewer, R. (2016). Ransomware attacks: detection, prevention and cure. Network Security, 2016(9), 5-9. Ehrenfeld, J. M. (2017). WannaCry, Cyber security and Health Information Technology: A Time to Act. Journal of Medical Systems, 41(7), 104. Fleishman (2016). Two ways to stop ransomware in its tracks. Retrieved from https://www.technologyreview.com/s/601943/two-ways-to-stop-ransomware-in-its-tracks/ Gazet, A. (2010). Comparative analysis of various ransomware virii. Journal in computer virology, 6(1), 77-90. Kirda, E. (2017). UNVEIL: A large-scale, automated approach to detecting ransomware (keynote). Paper read at Software Analysis, Evolution and Reengineering (SANER), 2017 IEEE 24th International Conference. Kirk, J. (2016). Better ransomware detection: follow the shouting. Retrieved from http://www.bankinfosecurity.com/blogs/software-seeks-to-fool-ransomware-p-2214 Mattei, T. A. (2017). Privacy, Confidentiality, and Security of Health Care Information: Lessons from the Recent WannaCry Cyber attack. World Neurosurgery, 104, 972-974. Mohurle, S., & Patil, M. (2017). A brief study of WannaCry Threat: Ransomware Attack 2017. International Journal, 8(5). Read More