Key Factors Influencing the Rise of Current Ransomware Attacks on Industrial Control Systems

Gazzan, Mazen; Alqahtani, Abdullah; Sheldon, Frederick T.

doi:10.1109/ccwc51732.2021.9376179

Cited by 8 publications

(4 citation statements)

References 42 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Lastly, ransomware attacks on transportation systems can be motivated by politics. State-sponsored actors may execute ransomware attacks on transportation systems to destroy their rivals' infrastructure or further their political ambitions [47]. These attacks may be part of a larger operation to destabilise or destroy the economy of the target nation.…”

Section: Interruptions In Servicementioning

confidence: 99%

Modus Operandi, Factors, Implications and Governance of Ransomware Attacks on Transportation Systems

Mohamad,

Yan,

Aziz

et al. 2024

Atlantis Highlights in Social Sciences, Education and Humanities

View full text Add to dashboard Cite

An efficient transportation system provides numerous benefits to people, businesses, and the larger community, including effective transportation of people and goods, enhanced economic growth, less congestion and travel time, improved access to education and healthcare and other benefits. The digital revolution has transformed the transportation sector, making it more efficient, sustainable, and customer centric. As public transit networks grow increasingly digital, so does the possibility of cyberattacks, one of the common attacks being ransomware, which could cause severe repercussions, leading to service disruptions and putting people at risk. Engaging in document review and paper analysis of past literature and government documents, this paper investigates the modus operandi, factors, implications, and governance of ransomware attacks on the transportation system. The study found various factors that motivate ransomware in transportation systems such as financial gain, service disruption, espionage, and political motivations. This further leads to various implications such as disruption of the normal operation of public transportation networks, financial losses, loss of vital data, harm to health and safety of users, degradation of the reputation of public transportation networks, as well as legal and regulatory repercussions. In Malaysia, ransomware is governed by Section 5 of Computer Crimes Act 1997 for unauthorised modification, Penal Code's Sections 378 for theft, 420 for deception, and 506 for criminal intimidation, as well as relevant provisions of the Personal Data Protection Act of 2010. The study is expected to contribute to the body of literature on ransomware and cybersecurity in the context of transportation systems.

show abstract

Section: Interruptions In Servicementioning

confidence: 99%

Modus Operandi, Factors, Implications and Governance of Ransomware Attacks on Transportation Systems

Mohamad,

Yan,

Aziz

et al. 2024

Atlantis Highlights in Social Sciences, Education and Humanities

View full text Add to dashboard Cite

show abstract

“…Ransomware presents a significant threat to organizations and individuals, as it encrypts files rendering computer systems inoperable. A decryption key may be provided after a ransom is paid [5,6], but not always. The irreversible effect of such an attack can be devastating due to the disruption in services and especially because, in some cases, after paying the ransom, the decryption key provided is useless [7] in restoring operations.…”

Section: Introductionmentioning

confidence: 99%

Novel Ransomware Detection Exploiting Uncertainty and Calibration Quality Measures Using Deep Learning

Gazzan,

Sheldon

2024

Information

Self Cite

View full text Add to dashboard Cite

Ransomware poses a significant threat by encrypting files or systems demanding a ransom be paid. Early detection is essential to mitigate its impact. This paper presents an Uncertainty-Aware Dynamic Early Stopping (UA-DES) technique for optimizing Deep Belief Networks (DBNs) in ransomware detection. UA-DES leverages Bayesian methods, dropout techniques, and an active learning framework to dynamically adjust the number of epochs during the training of the detection model, preventing overfitting while enhancing model accuracy and reliability. Our solution takes a set of Application Programming Interfaces (APIs), representing ransomware behavior as input we call “UA-DES-DBN.” The method incorporates uncertainty and calibration quality measures, optimizing the training process for better more accurate ransomware detection. Experiments demonstrate the effectiveness of UA-DES-DBN compared to more conventional models. The proposed model improved accuracy from 94% to 98% across various input sizes, surpassing other models. UA-DES-DBN also decreased the false positive rate from 0.18 to 0.10, making it more useful in real-world cybersecurity applications.

show abstract

“…Their reach extends beyond traditional computers to mobile and IoT/Cyber-Physical Systems, necessitating a deep dive into ransomware behavior and the evaluation of defense strategies across different platforms [4]. The substantial impact of such attacks is evident from the global damages inflicted on various systems around the world [5][6][7][8]. Given the complexity of ransomware, showcased by variants like LockBit 2.0, it is clear that advanced preventative and remediation strategies are needed [9,10].…”

Section: Introductionmentioning

confidence: 99%

An Incremental Mutual Information-Selection Technique for Early Ransomware Detection

Gazzan,

Sheldon

2024

Information

Self Cite

View full text Add to dashboard Cite

Ransomware attacks have emerged as a significant threat to critical data and systems, extending beyond traditional computers to mobile and IoT/Cyber–Physical Systems. This study addresses the need to detect early ransomware behavior when only limited data are available. A major step for training such a detection model is choosing a set of relevant and non-redundant features, which is challenging when data are scarce. Therefore, this paper proposes an incremental mutual information-selection technique as a method for selecting the relevant features at the early stages of ransomware attacks. It introduces an adaptive feature-selection technique that processes data in smaller, manageable batches. This approach lessens the computational load and enhances the system’s ability to quickly adapt to new data arrival, making it particularly suitable for ongoing attacks during the initial phases of the attack. The experimental results emphasize the importance of the proposed technique in estimating feature significance in limited data scenarios. Such results underscore the significance of the incremental approach as a proactive measure in addressing the escalating challenges posed by ransomware.

show abstract

Key Factors Influencing the Rise of Current Ransomware Attacks on Industrial Control Systems

Cited by 8 publications

References 42 publications

Modus Operandi, Factors, Implications and Governance of Ransomware Attacks on Transportation Systems

Modus Operandi, Factors, Implications and Governance of Ransomware Attacks on Transportation Systems

Novel Ransomware Detection Exploiting Uncertainty and Calibration Quality Measures Using Deep Learning

An Incremental Mutual Information-Selection Technique for Early Ransomware Detection

Contact Info

Product

Resources

About