POLYTECHNIC BESUT TERENGGANU

DEPARTMENT OF INFORMATION AND COMMUNICATION TECHNOLOGY

DFP40263
SECURE MOBILE
COMPUTING

TOPIC CHAPTER 3 & 4

ASSESMENT CASE STUDY
1.WAN FAWWAZ HUSAINI BIN WAN AZAHAR
2.RAFIQ AIDID BIN ABDUL RAHMAN
3.ABDUL SYUKUR BIN AHMAD AZAN
NAME
4. AHMAD AL ANIQ ARHAM BIN MOHD AFANDI

1. 34DDT23F1061
2. 34DDT23F1121
3. 34DDT23F1020
4. 34DDT22F2004
REG NO

PROGRAMME

INSTRUCTIONS :
1. Answer ALL the questions
2. Submit the assessment on _______________

MARKING SCHEME
CLO 2 PLO 5
/20
TOTAL
 THE ENTIRE QUESTION IS BASED ON JTMK’S QUESTION BANK
APPROVED BY PROGRAMME LEADER. SIGNATURE IS NOT REQUIRED.

Duration: 1 WEEK

CLO3 Demonstrate best practices in developing mobile security computing in context of social
environment (A3, PLO8)

Instructions:
Security Testing and Evaluation of Ransomware

A particularly insidious type of malware is ransomware, which is secretly installed

on your windows systems and locks the system down. That lockdown is inevitably
accompanied by a message demanding payment if the systems owner ever wants
to access the files again. Unless you are very lucky (or the hacker spectacularly
incompetent), everything important on your hard drive will be effectively lost to
you, unless you pay up. Examples of ransomware are Locky, WannaCry, Bad
Rabbit, Ryuk, Troldesh, Jigsaw, CryptoLocker, Petya, GoldenEye and GandCrab.

You are provided three (3) articles as follows:

1. A Study of Ransomware Attacks: Evolution and Prevention (2019);
2. Ransomware Attacks Critical Analysis, Threats, and Prevention methods
(2019);
3. Ransomware Evolution, Target and Safety Measures (2018).

Perform a group consisting of 3 members. You are required to do a case study on

how to identify the ransomware attack, types of ransomware and how to mitigate
ransomware attack. Prepare your group’s presentation slide and present your
findings. Each of team member is required to show the leadership and team work
skills.

2
Report format
Report format
 Font size: 12
 Font type: Time New Roman
 Paragraph:
 Alignment: Justify
 Line spacing: Single
 Page number: Bottom right side /Plain number 3

References APA format

References APA
Please refers
http://www.apastyle.org/learn/quick-guide-on-references.aspx

3
 How To Identify The Ransomware Attack, Types Of Ransomware And How To
Mitigate Ransomware Attack

1.Introduction

Ransomware can be considered as a serious threat when it comes to protection of information assets.
The main targets are internet users. Ransomware hijacks user files, causes difficulties and then
requests some funds through extortion for decryption purposes (Bhattacharya & Kumar, 2017).
Ransomware can be categorized as malware which can affect the vulnerability of the user's system,
allowing the system to be accessible individually and eventually encrypts all the files that have been
targeted (Gonzalez & Hayajneh, 2018).

The world was initially unprepared to deal with the attacks as it was difficult for to
become widespread then due to personal computers usage factor and the Internet was still in
its infancy. In addition, encryption technology was still limited (Srinivasan, 2017). Ransomware
creators and distributors are aware that they could earn a much higher ransom when the main
targets are companies and organizations rather than individual users (Richardson & North, 2017).
They achieve the goal of gaining more profits through computers at police departments, city
halls, schools. Things become more critical when hospitals are also targeted (Chhillar, 2017). The
affected countries are predictably to be among the top countries of where organizations and
individuals have the most money. According to Symantec, the United States is in the top
position affected by Ransomware, followed by Japan, United Kingdom, Italy and Germany
(Everett, 2016).

2.How To Identify The Ransomware Attack

Ransomware detection is the first defense against dangerous malware. Ransomware

stays hidden in an infected computer until files are blocked or encrypted. Victims
often can’t detect the malware until they receive the ransom demand. Ransomware
detection finds the infection earlier so that victims can take action to prevent
irreversible damage.

In a ransomware attack, reaction time matters. Ransomware detection works by

identifying unusual activity and automatically alerting users. When users receive an
alert, they can stop the spread of the virus immediately, before valuable or sensitive
files can be encrypted. All they have to do is isolate the computer from the network,
remove the ransomware and then restore the computer from a safe backup.

You won’t have to wait for an unreliable decryption key to recover your system; with
swift action and a healthy backup schedule, your files may never be lost.

4
3.Types Of Ransomware

There are several types of ransomware and they have been categorized into three
basic types. According to Yaqoob et al., (2017), the three basic types of ransomware
are known as Crypto Ransomware, Locker Ransomware, and Hybrid Ransomware.
The first type of ransomware is Crypto Ransomware. Another name for this
ransomware is encrypting ransomware. This ransomware deals with complex
algorithm and it blocks users from accessing specific files. Users need to pay
ransom by using bitcoins in order to decrypt the data. There is another type
of encrypting ransomware which is called WannaCry Ransomware.

This ransomware is a modern ransomware which encrypts certain files types in the
infected systems and forces users to pay ransom through certain online payment
methods to get a decrypt key (Deo&Farik, 2016). The second type of ransomware is
Locker Ransomware. Locker ransomware is a type of malware that locks the
target out of the operating systems and prevents access to the target desktop,
applications and files (Shah &Farik, 2017).

This ransomware is different from Crypto ransomware as it spams messages to users

with malicious attachment. The locker ransomware attacks will occur when users
are surfing the internet such as watching movies. The ransomware then displays
a malicious message in user computer. The criminal then will demand for a
ransom. The most popular example for Locker ransomware is Winlocker. The third
type of ransomware is Hybrid ransomware. This ransomware is the most aggressive
ransomware as it uses all possible means to maximize profits. According to Yaqoob et
al., (2017), Hybrid ransomware that attacks and causes encryption and locks
mechanisms, is more dangerous because it will cause data and device functionality to
be compromised. Indeed, Hybrid ransomware attacks can be more violent to users as
they canpossibly target Internet of Things (IoT) devices and systems and also
cause physical damages to users until the ransom is paid.Other than that, there are
other types of ransomware that are also dangerous because they use
government officers’ identity andthey are called Reveton or Police Ransomware.
According to Pathak &Nanded (2016), criminals will impersonate themselves as
local police by showing a notification page to inform victims that they have
been caught doing an illegal or malicious activity online that require them to pay fine
as a punishment

5
4.How To Mitigate Ransomware Attack

The first and most important step you should take to minimize the risk of a
ransomware attack is to invest in a cybersecurity solution that includes ransomware
attack mitigation. But that's not the only way to secure digital assets. Here are key
ransomware countermeasures that businesses can use to mitigate and prevent
ransomware attacks.

Create a Ransomware Mitigation Checklist

In addition to following the best cybersecurity practices listed above, here is a
checklist for protecting your assets from a ransomware attack:

1. Perform Regular Security Assessments

Conduct regular checks of all systems and data within business networks. If a
cyberattack occurs, business stakeholders can quickly discover everything that has
been compromised. These regular assessments can also help a company classify its
data based on importance.

2. Limit User Access

Once data has been classified based on its level of sensitivity, assess who should have
access to what. Limit access rights by only allowing employees access on a "need-to-
know" basis.

3. Utilize an Email Filtering System

Many email providers, like Outlook and Gmail, have a built-in filter that separates
spam emails from legitimate ones. But sometimes, harmful emails still get through.
Use an email filtering tool to add an extra layer of security.

4. Teach Your Employees About Ransomware

Mandate security training that covers what ransomware is, how these attacks start
(usually through phishing emails), and what to do if they suspect a potential attack.
All employees should know what to do if they receive a suspicious email.

5. Know What to Do if a Ransomware Attack Occurs

There are several measures you can put in place to minimize risk, but there's no way
for anyone to be 100% immune to cyberattacks. Work with IT administrators to
develop steps to follow in case of a ransomware hit.
These steps should include:
 Shut down the affected systems.
 Notify administrators immediately.

6
  Determine the cause of the breach.
 Understand what information has been lost.
Afterwards, reassess your ransomware mitigation strategies to determine how you can
strengthen protections for the future.

Set Up Multi-Factor Authentication (MFA) for Your Accounts

Multi-factor authentication requires users to go beyond entering a username and
password to access their accounts. With MFA in place, users will need to provide at
least two forms of verification.
MFA is a vital part of an identity and access management (IAM) policy. It can be
implemented across business systems and won't disrupt the user experience. At the
same time, MFA increases the likelihood that only authorized users access their
accounts — and reduces the risk of successful ransomware attacks.

Establish Password Management Guidelines

Require that all employees use complex passwords that are changed often and
managed with a password manager.
Employee passwords should contain a combination of letters, numbers, and special
characters. They should be updated regularly. And employees should not be allowed
to use the same password multiple times within a designated time frame.
A password manager can make a world of difference for businesses and their
employees. For companies, a password manager minimizes the risk that employee
passwords fall into the wrong hands and lead to ransomware attacks. Meanwhile,
employees can use a password manager to seamlessly track and update their
passwords.

Back Up All of Your Company Data Regularly

Set up redundant backups and secure them properly. It is usually a good idea to back
up data and systems across multiple data centers. Backups can be created across
several cloud providers as well.
Whenever possible, automatically schedule data backups. This ensures you won't
have to worry about backing up the most recent copies of your data and systems.
Instead, you can take solace that you can access up-to-date copies of your data and
systems at any time.

7
Update and Patch Your Software Frequently
Utilize patch management software to ensure software is kept up to date. The
software looks for security vulnerabilities in software and corrects them without
delay. It can also automatically download the latest versions of software.
Along with using software patches, keep an eye out for security vulnerabilities.
Follow the cybersecurity landscape to learn about new cyber threats as soon as they
are discovered. This can help you stay out in front of cybercriminals.

Add Tamper Protection for All of Your Corporate Devices

Use tamper protection to prevent malicious apps from changing the security settings
on corporate devices. Security solutions are available that make it simple to integrate
tamper protection capabilities across your device fleet.
Educate employees about the importance of using tamper protection technology.
Workers who understand the importance of this technology and how to use it
correctly can optimize the security on their devices.

5.Conclusion

Ransomware poses a significant threat to individuals, businesses, and organizations

by encrypting data and demanding payment for its release. Identifying ransomware
early through detection tools and security monitoring can help prevent severe damage.
The three main types—Crypto, Locker, and Hybrid ransomware—each have unique
attack methods, making comprehensive cybersecurity measures essential.
To mitigate ransomware attacks, organizations must implement best practices,
including regular security assessments, data backups, employee education, and multi-
factor authentication. Strong cybersecurity policies and proactive measures can
significantly reduce the risk of ransomware infections and ensure data integrity. By
staying vigilant and continuously updating security protocols, individuals and
businesses can protect themselves from this growing cyber threat.

8
References
Baker, K. (2023, January 29). What Is Ransomware Detection? Retrieved from Crowdstrike:
https://www.crowdstrike.com/en-us/cybersecurity-101/ransomware/ransomware-detection/

How to mitigate ransomware risk. (n.d.). Retrieved from Sophos:

https://www.sophos.com/en-us/cybersecurity-explained/ransomware-mitigation

9
 DFP40263 SECURE MOBILE COMPUTING
CASE STUDY
MARKING RUBRIC
CLO 3 : Demonstrate best practices in developing mobile security computing in
context of social environment

EXCELLENT GOOD MODERATE WEAK

CRITERIA
4 3 2 1
Excellent explanations of Clear explanations of the Moderate explanations Vague explanations of
Introduction and the introduction and introduction and of the introduction and the introduction and
Identification of identifies a sophisticated demonstrates an identifies acceptable identifies weak
Main Issues / understanding of the main accomplished understanding of some understanding of some
Problems issues/problems in the understanding of most of of the issues/problems of the issues/problems
case study. the issues/problems in the case study. in the case study.
Provide insightful and Provide a superficial
Analysis and Provide a thorough Provide an incomplete
thorough analysis of all analysis of some of the
Evaluation of analysis of most of the analysis of some of the
identified identified issues.
Issues / Problems issues identified. identified issues.
issues/problems.
Supports dianogsis and Supports research and Little action suggested
opinions with strong opinions with limited and/or inapproproate
No action suggested
Recommendations arguments and well- reasoning and evidence; solutions proposed to
and inappropriate
on Effective documented evidence; present a somewhat one- the issues in the case
solutions proposed to
Solutions / provide a balanced and sided argument; study.
the issues in the case
Strategies critical view; demonstrates little
study.
interpretation is both engagement with ideas
reasonable and objective. presented.
Specific and effectively Specific and clear but
Clear but does not Moderate conclusion
summarizes the case only shows a few
Conclusion show the objectives are but without clear
study. Objectives are objectives are achieved.
achieved. closure.
achieved.
Able to fulfill task
Responsibility Able to fulfill task according to scope and Able to fulfill task
Able to fulfill task
- Task according to scope and somehow meet some according to scope and
according to scope and
Requirement exceed expectations with expectations and less meets minimal
meets expectations with
- Team Work emphasis on excellent work quality. requirement with poor
good work quality.
- Quality of Work work quality. work quality.

GRAND T

(Total Score/1

10