the security awareness and security practices in prevention of … · 2020-05-13 · the security...

21
European Journal of Scientific Research ISSN 1450-216X / 1450-202X Vol. 156 No 2 May, 2020, pp.197 - 217 http://www. europeanjournalofscientificresearch.com The Security Awareness and Security Practices in Prevention of Ransomware Attacks: Case Study of Shaqra University Naif Alotaibi Shaqra University, KSA Abstract Digitalization has helped in reducing crime rates around the world but on at the same time it creates a problematic gap of the personal security and security of confidential information of individual users or even for organizations. At present, there are many types of cyber-attacks and Ransomware is also one of them. As this is a quite new attacks among other malicious virus, security awareness and enhanced cyber security policies are considered to be an effective tool in preventing ransomware attacks. This research is going to understand the security awareness and effectiveness of existing IT security policies and Shaqra University from Saudi Arabia has been used as case study for this research. And finally based on the findings, recommendations have been provided to increase the security awareness regarding ransomware attacks as well as to improve the security level in preventing further ransomware attacks. 1. Introduction In this age of digitalization, information is gathered digitally and can be accessed within a span of second, can be accessed with the help of internet and easily recovered at a cheaper cost and efforts. Digitalization and the use of internet of things (IoT) has made our life easier and comfortable but as it is said that everything has two sides- advantages and disadvantages, it has some disadvantages also which we cannot avoid. Digitalization has helped in reducing crime rates around the world but on the same time it creates a problematic gap of the personal security and security of confidential information of individual users or even for organizations. At present, there are many types of cyber-attacks like spyware, intruders, spams, phishing, virus, malware, Trojan virus etc. Ransomware is also one of them and considered as a theft. It is a kind of infection that once transmitted it is hard to eradicate from the computer system of the users. Right now, Ransomware has been appeared as one of the most devastating and most worrying type of malwares among all others. Cyber-criminals who are the mastermind behind this Ransomware attack are continuously developing and renovating their attacking platform and with the increase of internet paired devices around the world, different types of Ransomware are appearing everyday with new outlook. The first outbreak of Ransomware found in 2005 with the prevalence of Trojan.Gpcoder Ransomware strain and with the innovating attacking platform today Ransomware has different worms to attack (Owens, 2016). These types of attacks are mainly designed for revenue generation and some of the most vicious Ransomware worms are crypto Ransomware, locker Ransomware, fake antivirus scams and fake apps. More or less, most of the countries around the world have faced the malicious attack of Ransomware; however Russia, United States, Italy, Japan and United Kingdom are top six countries where users are impacted by Ransomware most frequently (Osterman Research, Inc., 2016). Recently Saudi Arabia, one of the giants in Petrochemical and mining industry has been attacked by some serious attacks of Ransomware strain. The vicious attack of Ransomware is increasing with a fast-pace and within 2013- 2014 the prevalence of Ransomware attacks have been increased by 250% (Green, 2017).

Upload: others

Post on 24-Jun-2020

1 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: The Security Awareness and Security Practices in Prevention of … · 2020-05-13 · The Security Awareness and Security Practices in Prevention of Ransomware Attacks: Case Study

European Journal of Scientific Research ISSN 1450-216X / 1450-202X Vol. 156 No 2 May, 2020, pp.197 - 217 http://www. europeanjournalofscientificresearch.com

The Security Awareness and Security Practices in Prevention of

Ransomware Attacks: Case Study of Shaqra University

Naif Alotaibi

Shaqra University, KSA

Abstract

Digitalization has helped in reducing crime rates around the world but on at the

same time it creates a problematic gap of the personal security and security of confidential information of individual users or even for organizations. At present, there are many types of cyber-attacks and Ransomware is also one of them. As this is a quite new attacks among other malicious virus, security awareness and enhanced cyber security policies are considered to be an effective tool in preventing ransomware attacks. This research is going to understand the security awareness and effectiveness of existing IT security policies and Shaqra University from Saudi Arabia has been used as case study for this research. And finally based on the findings, recommendations have been provided to increase the security awareness regarding ransomware attacks as well as to improve the security level in preventing further ransomware attacks.

1. Introduction In this age of digitalization, information is gathered digitally and can be accessed within a span of second, can be accessed with the help of internet and easily recovered at a cheaper cost and efforts. Digitalization and the use of internet of things (IoT) has made our life easier and comfortable but as it is said that everything has two sides- advantages and disadvantages, it has some disadvantages also which we cannot avoid. Digitalization has helped in reducing crime rates around the world but on the same time it creates a problematic gap of the personal security and security of confidential information of individual users or even for organizations. At present, there are many types of cyber-attacks like spyware, intruders, spams, phishing, virus, malware, Trojan virus etc. Ransomware is also one of them and considered as a theft. It is a kind of infection that once transmitted it is hard to eradicate from the computer system of the users. Right now, Ransomware has been appeared as one of the most devastating and most worrying type of malwares among all others. Cyber-criminals who are the mastermind behind this Ransomware attack are continuously developing and renovating their attacking platform and with the increase of internet paired devices around the world, different types of Ransomware are appearing everyday with new outlook.

The first outbreak of Ransomware found in 2005 with the prevalence of Trojan.Gpcoder Ransomware strain and with the innovating attacking platform today Ransomware has different worms to attack (Owens, 2016). These types of attacks are mainly designed for revenue generation and some of the most vicious Ransomware worms are crypto Ransomware, locker Ransomware, fake antivirus scams and fake apps. More or less, most of the countries around the world have faced the malicious attack of Ransomware; however Russia, United States, Italy, Japan and United Kingdom are top six countries where users are impacted by Ransomware most frequently (Osterman Research, Inc., 2016). Recently Saudi Arabia, one of the giants in Petrochemical and mining industry has been attacked by some serious attacks of Ransomware strain. The vicious attack of Ransomware is increasing with a fast-pace and within 2013-2014 the prevalence of Ransomware attacks have been increased by 250% (Green, 2017).

Page 2: The Security Awareness and Security Practices in Prevention of … · 2020-05-13 · The Security Awareness and Security Practices in Prevention of Ransomware Attacks: Case Study

The Security Awareness and Security Practices in Prevention of Ransomware Attacks: Case Study of Shaqra University 198

At present world, Ransomware attach has become a global endemic problem toughing every counties in the world. However, Ransomware has becoming a wide-ranging threat worldwide but there are some countries which are much prone to this. In case of attack of Ransomware strain, crypto Ransomware made up to 64% of the overall binary based Ransomware attack while locker Ransomware accounted for rest 36% of the attack in whole (Savage et al., 2015). Being the world’s largest oil producer, Saudi Arabia has many worlds’ leading companies and a healthy and fast-moving economy and due to this reason cyber criminals and Ransomware attackers using this opportunity throughout their attacks. According to the report of Savage et al. (2015), Saudi Arabia is the most attacked and targeted country in the Middle East region and also ranked 31st worldwide. Already, this country has been affected by Shamoon and Greenbug malwares with the main purpose to steal the confidential information and to capture data of the organizations as hostage in exchange of money (Alkhalisi, 2017). Shamoon has been considered as the most serious malicious malware attack in Saudi Arabia which first took place in 2012 and these Ransomware worms are targeting the energy sector mainly. Shamoon has been resurfaced again in 2016 with more deadly worms than before, disrupting the operations of many Saudi government bodies like the multinational giant Sadara (Barth, 2016). Moreover, Saudi Arabia has faced another cyber malware attack in March 2017 named stonedrill which is like Shamoon but the purpose of this attack cannot been identified.

In case of Saudi Arabia, as these types of Ransomware attacks are quite new than other countries so there are not enough researches behind the issues of prevalence of Shamoon Ransomware attacks which took place in 2012 and 2017. It is never simple to foresee what way the Ransomware will develop in Saudi Arabia in near future. More researches are necessary to take a look at the examples of the past and attempt to further Ransomware attacks what may occur later on. It is main motivation of the research to understand and analyze the trends of Ransomware attacks in Saudi Arabia. This paper will demonstrate the security awareness and preventive strategies to prevent Ransomware attacks by considering the case studies of Shaqra University, Saudi Arabia in order to find out the occurrences and frequencies of these types of Ransomware attacks. This will help to understand the attack’s trends so that tackling strategy can be developed.

The main purpose of this research is to propose security policies and strategies that can be adopted in preventing ransomware attacks by understanding the security awareness related to ransomware attacks and the level of IT security and prevention strategies against such attacks. In doing so, this research will be focused on Shaqra University, Saudi Arabia to understand their security awareness and security practices against ransomware attacks and their counter-measure to prevent such ransomware attacks.

In order to achieve the research aim for this study, following objectives has been considered and the literature will be reviewed and data collection and result analysis will be conducted by considering the following research objectives: Reviewing the existing literature to understand the ransomware attacks, historical trends and prevalence of ransomware attacks. Understanding the level of security awareness regarding ransomware attacks at Shaqra University, Saudi Arabia. Evaluating the current security policies and prevention strategies to combat ransomware attacks at Shaqra University. Recommending preventive policies and strategies in preventing ransomware attacks for Shaqra University.

2. Literature Review The word Ransomware is basically a combination of ransom and software, which is actually a malware program designed to attack a system, get control of the user’s private and confidential information as hostages and then demands money for release of such files. This malware worm and its different occurrences appeared like a decade ago in 2005. When the Ransomware strain gets activated into the user’s system, then all the files like .doc, .mp3, .xls etc. will be encrypted by a private key which is only accessible to the attacker and in return to those files a ransom is then demanded by the attackers. It is very tough for the users to detect the files or information that have been attacked and encrypted by

Page 3: The Security Awareness and Security Practices in Prevention of … · 2020-05-13 · The Security Awareness and Security Practices in Prevention of Ransomware Attacks: Case Study

199 Naif Alotaibi Ransomware strain and as a result user will have only one option left which is to pay the ransom to get back the files in decrypted format. Usually, the asking ransoms have to be paid through Bitcoin.

Ransomware is basically a form of malware that encrypts the protected files in a targeted device and captures those files as hostage until the users recompense the ransom to the attackers in exchange of their files (Gallo and Liska, 2016). Again, Brewer (2016) emphasizes that this malicious attack not only demand money from the users, but also it damages the data, causes interruption in the system, steals the confidential information from the database of the system and even causes serious security breach in case of different organizations. There are basically two categories of Ransomware which are most commonly used by the attackers at present. The most common type is the Locker Ransomware, of which the main purpose is to lock the computer of the users, preventing the users to access to the computer (Wenham, 2012). Other common type of Ransomware attacks is crypto Ransomware which aims to encrypt personal and confidential data and files from the user’s computer and asks money in exchange of these captured information. Despite having some common objectives of those Ransomware attacks, all of them have some different strategies to adopt during the attack (Kirkland, 2013). conducting a serious cyber extortion using the platform of Ransomware is a successful implementation and execution of a well-planned process of the cyber criminals. Cyber criminals are simultaneously in search for gap in the system and even a single logjam in the system can lead to a serious attack by the malwares. The infection method of Ransomware is a step-by-step process executed by the criminals. According to Monika, Zavarsky and Lindskog (2016), the common route for Ransomware to enter into the computer is Trojan which appears as a normal file when users directly or unintentionally downloaded in the computer. When the users execute the file then the activity of Ransomware starts by encrypting the file and simultaneously prompting the messages saying that the decryption of these files will not take place unless or until the users pay the ransom amount. Normally those ransoms are paid through Bitcoin or other digital mode of currency and due to this modality user cannot even trace the producers of the Ransomware (Monika, Zavarsky and Lindskog, 2016). Failure to pay the ransom amount within the timeframe will results an increase to the ransom amount or may cause removal of the encrypted files from the computer. One of the most dangerous effects of particular Ransomware is that only the producer of the worm has the key to decrypt the files. Ali, Murthy and Kohun, (2016) described the process of Ransomware attack as follows: Malware infected the computer (s) after downloading by the users. Functionality will be damaged by the malware and there will be ransom messages from the attackers. If user pays the ransom, functionality will be recovered. If ransom is not paid then the ransom will be increased and deadline will be extended

Ransomware attackers use different schemes to enter into the user’s computer. A common method used by these distribution services is to purchase readdressed or forwarded web traffic from a traffic distribution system (TDS) vendor so that it can lead towards an exploit kit containing hosting site (Savage et al., 2015). This readdressed or forwarded web traffic mainly originates from adult-content based websites and when the exploit kit become constructive in manipulating susceptibility in the victim’s computer, it guides the user computer to automatically downloading the malware (Kenyon and McCafferty, 2016). Another important route used by the Ransomware is malicious advertisements which are commonly referred as malvertisement (Savage et al., 2015). Malicious advertisement publishes into legitimate websites are Ransomware trains that it can lead towards an exploit kit containing hosting site upon clicking on the links. Cyber criminals use instantaneous bidding to purchase advertisement spaces or web traffic which provide them abundant access to the worldwide users and allow them to operate their malicious activities globally (Gupta and Sharma, 2009).Kuk and Ranđelović (2017), in their book named-‘Knowledge discovery in cyberspace’ discussed that within the year of 2005-2006 the attack of Ransomware first seen in Russia (Kuk and Ranđelović, 2017). According to the report of Trend Micro (2006), a Ransomware attack has been taken place in 2006 which was then named as TROJ_CRYZIP.A. This Ransomware strain zipped different types of files prior to replacing the original file and it then left in the user’s system along with only the password-protected zipped files. That variant of Ransomware (TROJ_CRYZIP.A) asked for $300 to the users in exchange of their lost files (Trend Micro, 2006). On the other hand, Bhardwaj et al. (2016) showed the

Page 4: The Security Awareness and Security Practices in Prevention of … · 2020-05-13 · The Security Awareness and Security Practices in Prevention of Ransomware Attacks: Case Study

The Security Awareness and Security Practices in Prevention of Ransomware Attacks: Case Study of Shaqra University 200 historical trend of rise of Ransomware attacks. The first ever known Ransomware worm was discovered in 1986 which was named AIDS Trojan or PC Cyborg by Joseph Popp. After that in May 2005, an extortion Ransomware strain occurred and after this attack in the middle of 2006 Ransomware attacks became more serious with the use of refined RSA encryption system and with much higher key sizes and some of those Ransomware worms were MayArchive, CryZip, Archiveus, TROJ.RANSOM.A, and Gpcode etc. (Orman, 2016). One of the serious attacks of Ransomware happened in 2011 when Microsoft itself became the target of Ransomware worm and users of Microsoft windows system installed in their PC were asked to activate their windows by the imitation of Ransomware. Then again in 2013, Stamp.EK Ransomware worm which was a Mac OS system based Ransomware exploited the kit surfaces and profligate more than $5 million within only four months in 2013 (Cabaj, 2015). Ransomware become popular with its manifold variants from 2015 by using multiple attacking platforms and caused serious damage. In early 2015, another new Ransomware worm- CrytoWall came to the picture as the leading Ransomware worm by replacing the Cryptolocker (Francis, 2016). Previously the typical encrypted file types of Ransomware strain was. DOC, .PDF, .XLS, .JPG, .ZIP and other different extensions of files (Singh, 2017). But at present Ransomware is changing its platform to gain access over the cyber security system by changing its attacking modality and worm types. Like in early 2015, another new Ransomware worm- CrytoWall came to the picture as the leading Ransomware worm by replacing the Cryptolocker (Francis, 2016).

3. Methodology and Data Collection This research is intended to evaluate the security awareness and preventive policies of Ransomware attacks in Shaqra University, Saudi Arabia. This will be done through the investigation of current security practices and then provide some recommendations to enhance security practices against ransomware attacks. However, this project addresses two research questions as follows:

1. What is the present security awareness and security policies to prevent ransomware attacks at Shaqra University?

2. How the security awareness among all employees considering security policies and future strategies in preventing ransomware attacks can be developed at Shaqra University? The reliability of the findings and results mainly depend on the selection of the appropriate

research design, research methods, data collection and data analysis. Research Methods

In order to conduct this research, different methodologies have been adopted. These methodologies are qualitative research approach, quantitative research approach, questionnaire surveys, and interviews etc. In a broader sense, this project is based on the study of Shaqra University, Saudi Arabia to understand their security awareness and preventive measures in place to prevent ransomware attacks and in order to find out such information a number of surveys have been performed and an interview has been conducted. Basically, two surveys are conducted to find out necessary information about the project context: first one is with all employee groups of the university and the second one is with the IT department’s employees of the University to understand their security policies and preventive measures towards ransomware attacks. The interview is conducted with Interview with the Deputy Manager of the IT department of Shaqra University to understand in-depth about the previous ransomware attacks they have tackled and future strategies to prevent further ransomware attacks. Also, one of the main purpose of these surveys and interview is to understand to what extent the existing preventive measures and control prevent or tackle the ransomware attacks.

Page 5: The Security Awareness and Security Practices in Prevention of … · 2020-05-13 · The Security Awareness and Security Practices in Prevention of Ransomware Attacks: Case Study

201 Naif Alotaibi

The first one is security awareness survey which is distributed among all the employees of the university while the second survey questionnaire is designed for only the IT department employees of the university to find out the security practices undertaken by their organizations. The following section will discuss these two different surveys in more detail: Security Awareness Survey

This survey questionnaire has been considering the all employee groups as the targeted participants and was aimed to find out their awareness about any sorts of malicious attacks. Basically, this survey targeted mainly the employees who have authorized access to their university network and employee portal. Moreover, employees have been asked to their general security practices when using organizational network and types of anti-virus software they have installed in their workstation to protect them from such attacks. Though, this survey helped the researcher to get basic information about the security awareness and behavior among all employee groups, but a further questionnaire survey with only IT dept. employees will support this survey to get much robust information about the security policies of Shaqra University. This is another questionnaire survey like the same as security awareness survey, but in this case only the employees of the IT department are selected. The main purpose of this questionnaire survey is to find out the security awareness level and existing ransomware attack prevention strategies adopted by Shaqra University. Data Collection

Data collection process has been started after designing the survey questionnaires and interview questions. Data collection process is the most critical and significant steps of this research as the aim and objectives of this project is solely depended on the findings from the primary data collected through surveys and interviews. With the help of the collected data through surveys, the security awareness among the employees and security practices within the IT structure of the university will be determined. Moreover, responses obtained from the interview will be used to understand and evaluate the current security practices for Shaqra University. Furthermore, the recommendations will be based on the findings from these surveys and interview. For this reason, extra care has been taken during the data collection process of this project. Sample Size and Confidence Level

With the distribution of the survey questionnaires, data collection process starts. But before distributing the survey questionnaires, sample size has been determined and in doing so the total number of employees in each audience groups were obtained. In order to calculate the sample size, the confidence level and margin of the error of the sample size has been calculated. According to O'Gorman (2004), two statistics named confidence level and margin of error can determine to what extent the selected sample size can represent the whole population. Confidence level measures the surety of the sample size. As for example, a confidence level of 95% means that it is 95% certain and a confidence level 99% means that it is 99% certain. Most of the researchers use 95% of confidence level. This project has used 95% of confidence level to calculate the sample size. Samples Selection

Sample selection is a crucial part of data collection process as during sample selection process it is needs to be ensured that the selected sample will signify an accurate representation of the total population from where the samples have been chosen (Phillips and Stawarski, 2008). As a result, samples have been selected in a reliable way for this project. Though, during the sample selection process for this project, some aspects have been taken into account when selecting the samples. For these two different survey types with different targeted audiences at Shaqra University, all the participants who are selected for the survey have at least one authorized access account to their system

Page 6: The Security Awareness and Security Practices in Prevention of … · 2020-05-13 · The Security Awareness and Security Practices in Prevention of Ransomware Attacks: Case Study

The Security Awareness and Security Practices in Prevention of Ransomware Attacks: Case Study of Shaqra University 202 network of Shaqra University whether it is employee portal or IT system user account. For the all employee survey at Shaqra University, participants from different department within the university were selected regardless of their understanding of the ransomware attacks. They were from different academic background; aged between 18-54 years; and have different professional experiences in Shaqra University. Furthermore, the samples for each of the two surveys were randomly selected based on the availability of the employees so that most accurate and efficient results can be obtained throughout this project. On the other hand, for IT employee survey, only employees who dedicatedly work at the IT department of Shaqra University were selected. In case of IT employee survey, participants from different job role and positions have been selected to get diversified insights about the security policies and strategies about ransomware attacks such as database administrator, supervisor, network administrator, and maintenance member etc. However, it should be noted that the samples have been chosen for each of the survey within the targeted organization- Shaqra University. Data Analysis

As mentioned earlier, survey questionnaires was one of the data collection methodologies for this research and there were two different set of survey questionnaires distributed among different targeted audiences among Shaqra University. The following section will evaluate the collected data from these survey questionnaires. Security Awareness Survey Analysis

In case of the security awareness survey participants are the employees from all but different departments of Shaqra University. The purpose of this security awareness survey was to gather information and understand all employee’s knowledge and awareness about ransomware attacks. First two questions were related to their education level and age which will present demographic information of the employees and rest questions represents their awareness regarding ransomware attacks.

Third question was related to the employee’s knowledge about the ransomware attacks. And when they were asked about the ransomware virus, responses showed that majority of the employees are not aware of the ransomware virus. Furthermore, figure 4.3 reveals that only 43% of the participants are aware about the ransomware virus where nearly 57% of the participants within the employees of Shaqra University do not know what a ransomware virus is. This is so alarming considering the basic security awareness among the employees within an organization as Zetter (2016) mentioned that one of the first step towards preventing the treats of ransomware virus is self-awareness among the employees of an organisation so that they can take at least basic preventive step towards combating ransomware virus. Moreover, Ali (2016) emphasized that employees of an organization are the first level of defence against ransomware attacks. Considering this, it can be said that this a weak point for the IT security of Shaqra University as most of the employees are not aware of the ransomware virus.

Page 7: The Security Awareness and Security Practices in Prevention of … · 2020-05-13 · The Security Awareness and Security Practices in Prevention of Ransomware Attacks: Case Study

203 Naif Alotaibi

Figure 4.3: survey question 3- Security awareness questionnaire

When the participants were asked about their first level contact in case of any suspicious virus file or computer related problems, two-third of them replied that they do know who to contact if they suspect any virus file or computer problem. On the other hand, 33.37% of the participants replied that they do not whom they should contact in case of any virus or other such suspicious activities in their computer. According to InfoSec (2015), employees who are well-known about the person to contact in time of any suspicious activities at their service station are less risky to the organizational security than who do not know because they will contact their first-level contact in case of any virus outbreak or doubtful activity in their computer. Considering this, it can be said that this a not a strong point for the IT security of Shaqra University as some of the employees are not aware of whom to contact if they suspect any virus file or computer problem.

Figure 4.4: survey question 4- Security awareness questionnaire

When the employees were asked about the installed anti-virus on their personal computer, most of the participants replied that there is an anti-virus installed on their computer. Furthermore, figure 4.5 showed that 71.08% of the participants mentioned that they have anti-virus installed on their personal computer while 18.07% of the respondents replied they do not have anti-virus installed on their personal computer.

Page 8: The Security Awareness and Security Practices in Prevention of … · 2020-05-13 · The Security Awareness and Security Practices in Prevention of Ransomware Attacks: Case Study

The Security Awareness and Security Practices in Prevention of Ransomware Attacks: Case Study of Shaqra University 204

Figure 4.5: survey question 5- Security awareness questionnaire

Next question was related to the use of official or organizational email ID for external purposes. When the participants were asked whether they use their organizational email or any confidential information in any websites, nearly half of the participants mentioned that they do not share email and information to external websites while other half of the respondents said that they use organizational email and information to get access into other websites. One of the main reasons of ransomware attacks is that using organizational email ID for external websites may increase the chance of malware attacks and other illegitimate activities (Khanse, 2016). This is another weakest point for the information security of Shaqra University as it is well-known that organizational network becomes susceptible when organizational email or confidential information has been used into other websites that are not trusted by the network.

Figure 4.6: survey question 6- Security awareness questionnaire

When the participants were asked whether they have received instructions from the information security department of their organization not to open anonymous email, majority of the respondents said that they have been informed and well-aware about this. Furthermore, figure 4.7 shows that 74.70% of the participants have received instructions about not opening anonymous mail from the information security department whereas 22.89% participants said that they did not receive such instructions.

Page 9: The Security Awareness and Security Practices in Prevention of … · 2020-05-13 · The Security Awareness and Security Practices in Prevention of Ransomware Attacks: Case Study

205 Naif Alotaibi

Figure 4.7: survey question 7- Security awareness questionnaire

The next question was about the continuous backup of the data. When the participants were asked whether they take back up on their personal computer, only 38% respondents said that they used to back up their information and data on their computer while nearly 54% of the respondents said that they do not back up their data on their computer. This is a weak point about the security awareness among the employees of Shaqra University, as back up of computer data is one of the crucial steps in preventing the aftermath of ransomware attacks. Goldstein (2017) mentioned that backing up the data is an important step to impede the increasing occurrence of ransomware attacks.

The next question was related to the communication received by the employees from department of information security regarding the ransomware virus during this year. In response to this question, 56.63% of the participants mentioned that they received such email communication whereas rest of them said that they did not get such communication regarding the ransomware virus during this year.

Figure 4.9: survey question 9- Security awareness questionnaire

The last question of this questionnaire was about the responsible person for the protection of the organizational data. Figure 4.10 shows that 43.37% of the respondents believe that IT department is responsible for the data protection while 49.5% of the participants believe that all employees within an organization are responsible for the protection of organizational data. According to the Data Projection Act of Saudi Arabia, everyone within an organization is responsible for data protection (Reda and Alsheikh, 2018). It can be said that, employees of Shaqra University should be communicated and well-aware about the fact that all of the employees who have access to the organizational network will

Page 10: The Security Awareness and Security Practices in Prevention of … · 2020-05-13 · The Security Awareness and Security Practices in Prevention of Ransomware Attacks: Case Study

The Security Awareness and Security Practices in Prevention of Ransomware Attacks: Case Study of Shaqra University 206 be held responsible for any kind of data breach or loss and all of them are responsible for their organizational data protection.

Figure 4.10: survey question 10- Security awareness questionnaire

IT Department Employee Survey Analysis

This is another questionnaire survey like the same as security awareness survey, but in this case only the employees of the IT department are selected to find out some technical details about the awareness about ransomware attacks. Furthermore, this survey was conducted to find out an in-depth analysis of the security awareness of the IT dept. employees, as they are the most critical part of their organization and take necessary actions in preventing malicious attacks like ransomware virus. For this survey, IT employees from different job role were selected as shown below.

The second question was related to the most prominent threat actors behind ransomware attacks. From figure 4.12 it is seen that most of the IT employees (71.43%) believe that professional criminals who are capable of creating sophisticated and effective new variants of ransomware virus are the predominant threat actors to ransomware attacks. On the other hand, 28.57% of the respondents believe that nation-states with massive capabilities to launch and manage attacks are the threat actors behind ransomware attacks.

Figure 4.12: survey question 2- IT employee survey questionnaire

Third question was related to the proposed action plan after ransomware virus detection. Nearly 92.86% of the employees mentioned that organizations should isolate and shut down offending systems and accounts when they detect malicious ransomware virus and then they should recover encrypted

Page 11: The Security Awareness and Security Practices in Prevention of … · 2020-05-13 · The Security Awareness and Security Practices in Prevention of Ransomware Attacks: Case Study

207 Naif Alotaibi files from their backup and mitigate the initial attack vector as much as possible. Again, 64.29% of the participants said that an immediate in-house response is essential after detecting ransomware virus.

Figure 4.13: survey question 3- IT employee survey questionnaire

Fourth question was asked about the current ability of Shaqra University IT department to

either block or detect ransomware virus before it locks or encrypt the data from the system. From the responses, it can be said that the IT security framework of Shaqra University is more than average. Furthermore, figure 4.14 shows that 42.85% of the respondents believe that their organization’s ability in detecting or preventing ransomware virus is on average level, followed by 28.57% of the respondents who believe that organization’s ability in detecting or preventing ransomware virus is above average level and 7.14% of them believe that their prevention framework is superior than peers organizations within the same sector.

Figure 4.14: survey question 4- IT employee survey questionnaire

Nearly 35.71% of the participants from IT department mentioned that they have received suspicious report of the ransomware attacks from the employees of their organization while rest of the participants did not get any report on the same.

Page 12: The Security Awareness and Security Practices in Prevention of … · 2020-05-13 · The Security Awareness and Security Practices in Prevention of Ransomware Attacks: Case Study

The Security Awareness and Security Practices in Prevention of Ransomware Attacks: Case Study of Shaqra University 208

Figure 4.15: survey question 5- IT employee survey questionnaire

When the participants were asked about the potential entry mode of ransomware virus, they

mentioned that phishing mail attachment is the main route of ransomware virus (92.86% of the responses) as well as other route such as visiting compromised websites (71.43%), malvertisements (50%), and exploit kits (50%). According to the report of Symantec (2017), phishing mail, malvertisements, spam mail, and exploit kit are the main routes for ransomware to arrive on a computer.

Figure 4.16: survey question 6- IT employee survey questionnaire

Next, participants were asked about the typical detection system when ransomware attempts to

enter into the network of their organization. 64.29% of the responses stated that commercial anti-malware tools are effective in detecting the entry of ransomware virus. On the other hand, some of the participants said that intrusion detection system, behavioral monitoring, and user detection are also successful in detecting ransomware virus. According to Kim et al. (2017), behavioral monitoring system and process monitoring is the most effective way to detect possible ransomware entry into the system.

Page 13: The Security Awareness and Security Practices in Prevention of … · 2020-05-13 · The Security Awareness and Security Practices in Prevention of Ransomware Attacks: Case Study

209 Naif Alotaibi

Figure 4.17: survey question 7- IT employee survey questionnaire

Eighth question of the questionnaire asked the participants about the time needed to detect a

ransomware virus and the responses are showed in following figure 4.18. 50% of the respondents said that within an hour ransomware can be detected, while 14.29% of the participants said that they were able to detect ransomware in real-time. On the other hand, 14.29% of the participants said that it took a business day to detect ransomware virus into the system.

Figure 4.18: survey question 8- IT employee survey questionnaire

It is necessary to have a ransomware response plan so that an organization does not have to

compromise their confidential company data. When the IT employees of Shaqra University were asked about the ransomware response plan, only 35.71% said that they have ransomware response plan in place. This is a weakest point in preventing ransomware attack for Shaqra University as it is mandatory to have an immediate emergency response plan to combat the ransomware attacks.

Page 14: The Security Awareness and Security Practices in Prevention of … · 2020-05-13 · The Security Awareness and Security Practices in Prevention of Ransomware Attacks: Case Study

The Security Awareness and Security Practices in Prevention of Ransomware Attacks: Case Study of Shaqra University 210

Figure 4.19: survey question 9- IT employee survey questionnaire

When the participants were asked about the effectiveness of their anti-malware solution in

preventing ransomware attacks, only 14.29% replied that it is completely effective while 72% of them replied that it is somewhat effective. It can be said that the current anti-malware solution installed in Shaqra University is not sufficient enough to protect them from ransomware attacks and it needs to be strengthened.

Figure 4.20: survey question 10- IT employee survey questionnaire

Then the participants were asked whether they want to replace their current AV/ endpoint

security solution, then half of the participants (50%) said that they would like to stick to the existing solution while another half of them said that they are considering new solution (28.57%) and planning to replace the existing endpoint solution with a new one (21.43%).

Figure 4.21: survey question 11- IT employee survey questionnaire

Page 15: The Security Awareness and Security Practices in Prevention of … · 2020-05-13 · The Security Awareness and Security Practices in Prevention of Ransomware Attacks: Case Study

211 Naif Alotaibi

Besides existing AV/ endpoint security solution, participants shared that at Shaqra University they have other security solutions to combat ransomware such as data backup and recovery (92.86%), updating operating systems and software with latest patches (85.71%), application whitelisting (42.86%), security/ behavioral analytics (35.71%) and email and web gateways (21,43%) etc. According to Myers (2013), backing up data, filtering EXEs in email, using cryptolocker prevention kit, disabling RDP, updating OS and software with latest patches, and using a reputable security suite are the best way to combat ransomware attacks.

Figure 4.22: survey question 12- IT employee survey questionnaire

As it is mentioned earlier, data backup and recovery is the most significant way to prevent

ransomware attacks and it is advisable to backup data continuously (Goldstein, 2017). Participants were asked about the frequency of data backup and it is found that 50% of the respondents backed up their data once a week, 14.29% of the respondents used to back up once in a month, and rest 35.71% of the participants mentioned that they backed up their data when they get free time.

Figure 4.23: survey question 13- IT employee survey questionnaire

When respondents were asked whether their organizational allocated budget for ransomware

security will change or not, nearly 65% of them replied that it will be the same and no further changes will happen anytime soon. 14.29% of the respondents feel that the budget for ransomware security will

Page 16: The Security Awareness and Security Practices in Prevention of … · 2020-05-13 · The Security Awareness and Security Practices in Prevention of Ransomware Attacks: Case Study

The Security Awareness and Security Practices in Prevention of Ransomware Attacks: Case Study of Shaqra University 212 be increased by more than 20% and 7.14% of them expected that it will increase by 6-10%. On the other hand, 14.29% of the respondents feel that the budget for ransomware security will be decreased.

Figure 4.24: survey question 14- IT employee survey questionnaire

Finally, participants were asked about their opinion- in which ransomware-related

cybersecurity investment their organizations will make in future. In response to this, there were several techniques that are focused by the IT employees in which they are expecting that Shaqra University will invest more in preventing ransomware related attacks such as data backup and recovery (92.86%), anti-malware tools (78.57%), user training (71.43%), system and software updates (78.57%), and third party partnerships (57.14%) etc.

Figure 4.25: survey question 15- IT employee survey questionnaire

From the survey questionnaires with all employees of Shaqra University and especially with the IT employees it is found that the current security policy and organizational security practices of Shaqra University has some strong points as well as some weaknesses to a great extent. Security awareness is considered to be a primary attempt for ransomware virus prevention. However, the most of the employees at Shaqra University do not even know about ransomware virus and even they do not aware whom to contact if they find any suspect or abnormal activities in their personal computer. Most of the employees of Shaqra University used to provide their official email ID and other information which could be confidential to their organization in order to get access or surf websites that could be compromised. In this case, it is very easy to be attacked by the ransomware virus and loose

Page 17: The Security Awareness and Security Practices in Prevention of … · 2020-05-13 · The Security Awareness and Security Practices in Prevention of Ransomware Attacks: Case Study

213 Naif Alotaibi organizational information. Again, majority of the employees do not do backup their data regularly which is a major issues for the IT policy of Shaqra University. Most of the employees believed that it is the IT department who is only responsible for the protection of organizational data. As the employees are the main vigilant of any kind of cyber-attacks and it is not fully present among the employees of Shaqra University. Due to this lack of awareness and knowledge of organizational IT policy, it can be said that Shaqra University is undoubtedly prone to the ransomware attacks. It is advisable that Shaqra University needs to develop new strategies and policies to improve their weakness in case of security awareness among all the employees of their organization and recommendations based on the analysis of these findings in case of Shaqra University. Research Findings

From the data analysis of the survey questionnaires and interview, several points have been found which are considered to be strength regarding the security awareness and existing security policy and organizational security framework of Shaqra University. On the other hand, several points are found as weaknesses considering security awareness about malicious attacks such as Ransomware virus and security policy of Shaqra University. This section will discuss the research findings regarding IT security level of Shaqra University and current security framework.

From the data analysis, it is found that the IT department of Shaqra University is capable of identifying the potential risks and predominant threat actors behind the ransomware attacks. In case of Shaqra University, professional criminals who are capable of creating sophisticated and effective new ransomware variants are main threat of the ransomware attacks. On the other hand, it is identified that ransomware virus usually entered and attacked the IT network system of Shaqra University by means of email attachment, spam mail, malvertisements, and exploit kit. This finding is aligned with the literature as according to the literature (Savage et al., 2015), traffic distribution system (TDS) and malvertisement are the two common routes of entry of ransomware viruses.

Another strength of Shaqra University is that, they have placed a response plan in time of ransomware attacks which is capable of preventing the outbreak of the virus and as a result they are capable of protecting their organizational information. They have multiple network security tools in order to detect the presence of ransomware virus such as anti-malware tools, user detection, intrusion detection system, behavioral monitoring technique, and email and web gateways. Moreover, they also have firewall protection software, and the IT department seeks to bring modern programs protection to prevent attacks from ransomware virus. With the help of these tools they are being able to detect the presence of ransomware virus at its access into the system so that it is able to prevent the propagation of the ransomware virus. From the data analysis, the effectiveness of these ransomware prevention tools can be proved as the IT department of Shaqra University is able to detect the presence of any malicious virus into their system within a very short time even in real-time which is a strongest point to consider. The IT employees are well-aware about the first level of defense against ransomware attacks and they usually maintain a data backup policy and used to back up their confidential data in a regular manner. Although, some employees mentioned that they used to back up their data when they are free but this is not acceptable considering the prevalence of ransomware attack which may occur anytime. So it is advisable to suggest a data backup policy for the employees of Shaqra University.

It is observed from the data analysis that they have received reports from the IT maintenance team about the infiltration attempts of ransomware virus into their system, but with their pre-installed modern security system in-place they were successful to prevent the ransomware attack from further spreading. Considering the preventive actions in time of ransomware attacks, the security team from the Department of Information Technology of Shaqra University provided immediate solutions to solve problems related to ransomware attacks. Also, they have some of the strategies in place including the isolation of the infected device virus to avoid spreading in the network and update of anti-virus programs. About the organization's systems, there is always a server for saving backups periodically and there are network monitoring programs to detect any kind of intrusion and illegal entry

Page 18: The Security Awareness and Security Practices in Prevention of … · 2020-05-13 · The Security Awareness and Security Practices in Prevention of Ransomware Attacks: Case Study

The Security Awareness and Security Practices in Prevention of Ransomware Attacks: Case Study of Shaqra University 214 continuously. Furthermore, IT department of Shaqra University is working with latest cyber security technologies and training their IT employees, not only to protect the organization from the ransom virus, but all viruses that cause disruption of the work of the Organization. In addition, their IT department have a plan to develop a program to raise awareness among the users to protect the data in the organization so that they are well-aware of the basic preventive actions and methods used for this ransomware attacks.

Although it is found from the data analysis that the IT security policy and practices in Shaqra University against ransomware attacks are satisfactory but there is a huge lacking of awareness among the general employees in Shaqra University. Most of the employees are do not even know this type of malicious attack. Most of the employees do not follow security protocols considering data backup, information protection and data privacy regulations of the organization. So, it is mandatory to raise security awareness level of all employees of Shaqra University to prevent ransomware attacks, otherwise only security practices and preventive tools and strategies against ransomware attacks may not save their system network from these viruses.

Conclusions The main purpose of this reseearch is to understand the security awareness related to ransomware attacks and to understand the level of IT security and prevention strategies against such attacks. In doing so, this research will be focused on Shaqra University, Saudi Arabia to understand the ransomware attacks and their counter-measure to prevent such ransomware attacks.

This research found that the present security strategy and security practices of Shaqra University has some robust focuses in preventing ransomware attacks and also, they have a few shortcomings. Security awareness is thought to be an essential endeavor for the prevention of ransomware attacks for any organization. In this case, the majority of the employees at Shaqra University don't think about ransomware attacks and even they don't aware about the cyber-security communication procedure in the situation of any suspect or unauthorized exercises in their organizational network. Most of the employees of Shaqra University believed that it is the IT division who is in charge of the insurance of organizational confidential information. Because of this absence of mindfulness and information of hierarchical IT approach, it can be said that Shaqra University is without a doubt inclined to the ransomware assaults. It is prudent that Shaqra University needs to develop new systems and strategies to improve their present security framework and IT security best practices throughout their organization.

It can be concluded that this research has successfully found out the current level of security awareness among the employees of Shaqra University regarding ransomware attacks and have successfully identified the existing IT security policies and practices at Shaqra University and finally proposed recommendations to improve the gap in combating future ransomware attacks. It can be said that in preventing malicious attacks such as ransomware virus, not only IT department but employees from all department of an organization need to follow and adhere to the security principles and practice the security guidelines of the organization from data loss due to ransomware attacks. this research has some limitations which open new scope for further works in the similar context. One of the main limitations of this research is the limited number of participants during the survey questionnaires due to the lack of availability of the employees of Shaqra University and also for the lack of timeframe in collecting these surveys for this research. As a result, this research evaluated the security awareness among the employees of Shaqra University based on the responses from 83 participants. In addition, only 14 participants from the IT department joined the IT employee survey which does not seem appropriate for a survey analysis research. To get a better insight about the current security policies and future strategies in preventing Ransomware attacks a large number of sample size is required and this can be achieved if further research is conducted in this context. Furthermore, this research used interview with only one participant. A group interview with several team members of IT team would

Page 19: The Security Awareness and Security Practices in Prevention of … · 2020-05-13 · The Security Awareness and Security Practices in Prevention of Ransomware Attacks: Case Study

215 Naif Alotaibi be beneficial to get more understanding about the IT security policies and future actions in preventing malicious attacks such as ransomware attacks. This research has considered the case studies of Shaqra University only and it cannot be extrapolated for other industries or organizations from other sectors in Saudi Arabia. Further work can be done with different industries from different sectors from Saudi Arabia to understand and compare the security awareness and security policies adopted at different organizations in Saudi Arabia. In order to understand the security level of Shaqra University against ransomware attacks, survey questionnaires and interview methodologies have been adopted and from the responses the level of security in preventing malicious attacks such as ransomware attacks were determined. But this may not reveal the true nature of security level of an organization. In this case, a penetration test against the network’s security of this organization would be an effective method to evaluate the susceptibility of the installed IT security of Shaqra University. Further research can be conducted using such method.

References [1] Ali, M. (2016). Is Your Company Ready for a Ransomware Attack?. [online] Harvard Business

Review. Available at: https://hbr.org/2016/10/is-your-company-ready-for-a-ransomware-attack [Accessed 14 Jan. 2018].

[2] Alreck, P. and Settle, R. (2004). The survey research handbook. Boston: McGraw-Hill/Irwin. [3] American Bankers Association (2016). Ransomware. [online] Aba.com. Available at:

http://www.aba.com/Tools/Function/Cyber/Pages/Ransomware.aspx [Accessed 23 Aug. 2017]. [4] Brace, I. (2003). Questionnaire Design. London, GBR: Kogan Page, Limited. [5] Bryman, A. (2008). Social research methods. Oxford: Oxford University Press. [6] Creswell, J. (2014). Research design. Thousand Oaks, California: SAGE Publications. [7] Crowe, J. (2016). Cyber Attack Statistics: Majority of Victims Aren't Changing Their Security

in 2017. [online] Blog.barkly.com. Available at: https://blog.barkly.com/cyber-attack-statistics-2016 [Accessed 23 Aug. 2017].

[8] Cyber Threat Alliance (2016). Lucrative ransomware attacks: Analysis of the CryptoWall

Version 3 threat. [online] Cyber Threat Alliance. Available at: http://cyberthreatalliance.org/cryptowall-report-v3.pdf [Accessed 23 Aug. 2017].

[9] Goldstein, J. (2017). Data Backup: Minimizing The Impact of Ransomware. [online] Backblaze Blog | Cloud Storage & Cloud Backup. Available at: https://www.backblaze.com/blog/data-backup-minimizing-impact-ransomware/ [Accessed 14 Jan. 2018].

[10] Heater, B. (2017). How ransomware conquered the world. PC Magazine Digital Edition, pp.109-118.

[11] Imperva (2017). Downtime is key cost of ransomware attacks - Information Age. [online] Information Age. Available at: http://www.information-age.com/downtime-key-cost-ransomware-attacks-123465510/ [Accessed 23 Aug. 2017].

[12] InfoSec (2015). Insider vs. Outsider Threats: Identify and Prevent. [online] InfoSec Resources. Available at: http://resources.infosecinstitute.com/insider-vs-outsider-threats-identify-and-prevent/#gref [Accessed 14 Jan. 2018].

[13] Ivanov, A., Emm, D., Sinitsyn, F. and Pontiroli, S. (2016). Kaspersky Security Bulletin 2016.

The ransomware revolution. [online] Securelist - Information about Viruses, Hackers and Spam. Available at: https://securelist.com/kaspersky-security-bulletin-2016-story-of-the-year/76757/ [Accessed 23 Aug. 2017].

[14] Khanse, A. (2016). Ransomware Attacks, Definition, Examples, Protection, Removal. [online] The Windows Club. Available at: http://www.thewindowsclub.com/ransomware-attacks-definition-faq [Accessed 14 Jan. 2018].

[15] Kim, J., Ji, S. and Kim, S. (2017). A Machine Learning based Ransomware Detection Model using a Hybrid Analysis. Journal of Security Engineering, 14(4), pp.263-280.

Page 20: The Security Awareness and Security Practices in Prevention of … · 2020-05-13 · The Security Awareness and Security Practices in Prevention of Ransomware Attacks: Case Study

The Security Awareness and Security Practices in Prevention of Ransomware Attacks: Case Study of Shaqra University 216 [16] Kirkland, M. (2013). 6 Tips to Stay Safe Online. [Blog] IT News & Security Blog. Available at:

http://thechipmerchant.com/it-blog/tech-tip/how-to-stay-safe-online/ [Accessed 1 May 2017]. [17] Kuk, K. and Ranđelović, D. (2017). Knowledge Discovery in Cyberspace. 1st ed. Hauppauge:

Nova Science Publishers, Inc. [18] Lavrakas, P. (2008). Encyclopedia of survey research methods. Thousand Oaks, Calif.: SAGE

Publications. [19] Lord, N. (2017). A History of Ransomware Attacks: The Biggest and Worst Ransomware

Attacks of All Time. [Blog] The Digital Guardian. Available at: https://digitalguardian.com/blog/history-ransomware-attacks-biggest-and-worst-ransomware-attacks-all-time [Accessed 1 May 2017].

[20] Marchenkov, S. (2015). Cryptolocker, trick or threat: phishing e malware alla ricerca

dell'anello debole. 1st ed. Bologna: Università di Bologna. [21] Mayring, P. (2007). Mixed methodology in psychological research. Rotterdam: Sense

Publishers. [22] McDonald, J., Coronado, V. and Johnson, R. (2003). Questionnaire design. [Atlanta, GA]:

Departmentt of Health and Human Services, Centers for Disease Control and Prevention, National Center for Chronic Disease Prevention and Health Promotion, Division of Reproductive Health.

[23] Monika, Zavarsky, P. and Lindskog, D. (2016). Experimental Analysis of Ransomware on Windows and Android Platforms: Evolution and Characterization. Procedia Computer Science, 94, pp.465-472.

[24] Myers, L. (2013). 11 things you can do to protect against ransomware, including Cryptolocker. [online] WeLiveSecurity. Available at: https://www.welivesecurity.com/2013/12/12/11-things-you-can-do-to-protect-against-ransomware-including-cryptolocker/ [Accessed 14 Jan. 2018].

[25] O'Gorman, T. (2004). Applied adaptive statistical methods. Philadelphia, PA: Society for Industrial and Applied Mathematics.

[26] Orman, H. (2016). Evil Offspring - Ransomware and Crypto Technology. IEEE Internet

Computing, 20(5), pp.89-94. [27] Osterman Research, Inc. (2016). Understanding the Depth of the Global Ransomware Problem.

An Osterman Research Survey Report. [online] Black Diamond, Washington: Osterman Research, Inc. Available at: https://www.malwarebytes.com/pdf/white-papers/UnderstandingTheDepthOfRansomwareIntheUS.pdf [Accessed 1 May 2017].

[28] Owens, B. (2016). 'Ransomware' cyberattack highlights vulnerability of universities. Nature. [29] Phillips, P. and Stawarski, C. (2008). Data collection. San Francisco: Pfeiffer. [30] Reda, E. and Alsheikh, T. (2018). [online] Uk.practicallaw.thomsonreuters.com. Available at:

https://uk.practicallaw.thomsonreuters.com/4-520-9455?__lrTS=20170927144527817&transitionType=Default&contextData=(sc.Default)&firstPage=true&bhcp=1 [Accessed 14 Jan. 2018].

[31] Saris, W. and Gallhofer, I. (2014). Design, Evaluation, and Analysis of Questionnaires for

Survey Research. Somerset: Wiley. [32] Savage, K., Coogan, P. and Lau, H. (2015). The evolution of ransomware. SECURITY

RESPONSE. [online] Symantec. Available at: http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-evolution-of-ransomware.pdf [Accessed 1 May 2017].

[33] Singh, T. (2017). Evolving Threat Agents: Ransomware and their Variants. International

Journal of Computer Applications, 164(7), pp.28-34. [34] Symantec (2017). Internet Security Threat Report 2017. [online] Symantec.com. Available at:

https://www.symantec.com/security-center/threat-report [Accessed 23 Aug. 2017].

Page 21: The Security Awareness and Security Practices in Prevention of … · 2020-05-13 · The Security Awareness and Security Practices in Prevention of Ransomware Attacks: Case Study

217 Naif Alotaibi [35] Trend Micro (2017). Ransomware! Ransomware! Ransomware!. [Blog] TrendLabs Security

Intelligence Blog. Available at: http://blog.trendmicro.com/trendlabs-security-intelligence/ransomware21-ransomware21-ransomware21/ [Accessed 1 May 2017].

[36] Wenham, P. (2012). Ransomware – your money, or you'll never see your company's data again. Engineering & Technology Reference, 1(1).

[37] Zetter, K. (2016). 4 Ways to Protect Against the Very Real Threat of Ransomware. [online] WIRED. Available at: https://www.wired.com/2016/05/4-ways-protect-ransomware-youre-target/ [Accessed 14 Jan. 2018].