Awareness Education as the Key to Ransomware Prevention

Q4 Social Sciences

Journal of Information Systems Security Pub Date : 2007-07-01 DOI:10.1080/10658980701576412

X. Luo, Qinyu Liao

{"title":"Awareness Education as the Key to Ransomware Prevention","authors":"X. Luo, Qinyu Liao","doi":"10.1080/10658980701576412","DOIUrl":null,"url":null,"abstract":"In the paradigm of Information Systems (IS), information security research has received increased attention from both academic researchers and industry practitioners alike. This intriguing phenomena is related to the growing recognition that, notwithstanding the advances in information technology (IT) for data collection, storage, and processing at a remarkable rate, users’ concerns over security of what is surreptitiously collected and the privacy violations resulting from their misuse of IT have also skyrocketed. Such sophisticated threats as phishing, pharming, and spyware have further exacerbated users’ worries about information confidentiality, integrity, and availability. Therefore, understanding of pertinent issues in information security vis-a-vis technical, theoretical, managerial, and regulatory aspects of information systems is becoming increasingly important to the IT community. Today’s organizations confront not only keen peer competition in business society but also increasingly sophisticated information security threats in cyber world, as online presence and business transaction are considered as a possible profit-driven avenue and a necessary means for global competence. In computer virology, as technologies continue to evolve, advanced encryption algorithms, on the positive side, can be utilized to effectively protect valuable information assets of enterprises. On the negative side, however, they can also be employed by malicious attackers to conduct pernicious activities in search of profits or benefits. Past information security research has investigated such malware programs as Trojan horse, worms, and spyware from a plethora of scientific perspectives (Warkentin, Luo, and Templeton, 2005), and relevant strategies and tactics have been proposed to alleviate and eradicate the cyber threats (Luo, 2006). Recently, the emergence of a new form of malware in cyberspace known as ransomware or cryptovirus has drawn attention among information security practitioners and researchers. Imposing serious threats to information assets protection, ransomware victimizes Internet users by hijacking user files, encrypting them, and then demanding payment in exchange for the decryption key. Seeking system vulnerabilities, ransomeware invariably tries to seize control over the victim’s files or computer until the victim agrees to the attacker’s demands, usually by transferring funds to the designated online currency accounts such as eGold or Webmoney or by purchasing Address correspondence to Xin Luo, Department of Computer Information Systems, School of Business, Virginia State University, Petersburg, Virginia, 23806. E-mail: xluo@vsu.edu Awareness Education as the Key to Ransomware Prevention","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2007-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"103","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Systems Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1080/10658980701576412","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"Social Sciences","Score":null,"Total":0}

引用次数: 103

Abstract

In the paradigm of Information Systems (IS), information security research has received increased attention from both academic researchers and industry practitioners alike. This intriguing phenomena is related to the growing recognition that, notwithstanding the advances in information technology (IT) for data collection, storage, and processing at a remarkable rate, users’ concerns over security of what is surreptitiously collected and the privacy violations resulting from their misuse of IT have also skyrocketed. Such sophisticated threats as phishing, pharming, and spyware have further exacerbated users’ worries about information confidentiality, integrity, and availability. Therefore, understanding of pertinent issues in information security vis-a-vis technical, theoretical, managerial, and regulatory aspects of information systems is becoming increasingly important to the IT community. Today’s organizations confront not only keen peer competition in business society but also increasingly sophisticated information security threats in cyber world, as online presence and business transaction are considered as a possible profit-driven avenue and a necessary means for global competence. In computer virology, as technologies continue to evolve, advanced encryption algorithms, on the positive side, can be utilized to effectively protect valuable information assets of enterprises. On the negative side, however, they can also be employed by malicious attackers to conduct pernicious activities in search of profits or benefits. Past information security research has investigated such malware programs as Trojan horse, worms, and spyware from a plethora of scientific perspectives (Warkentin, Luo, and Templeton, 2005), and relevant strategies and tactics have been proposed to alleviate and eradicate the cyber threats (Luo, 2006). Recently, the emergence of a new form of malware in cyberspace known as ransomware or cryptovirus has drawn attention among information security practitioners and researchers. Imposing serious threats to information assets protection, ransomware victimizes Internet users by hijacking user files, encrypting them, and then demanding payment in exchange for the decryption key. Seeking system vulnerabilities, ransomeware invariably tries to seize control over the victim’s files or computer until the victim agrees to the attacker’s demands, usually by transferring funds to the designated online currency accounts such as eGold or Webmoney or by purchasing Address correspondence to Xin Luo, Department of Computer Information Systems, School of Business, Virginia State University, Petersburg, Virginia, 23806. E-mail: xluo@vsu.edu Awareness Education as the Key to Ransomware Prevention

查看原文本刊更多论文

意识教育是防范勒索软件的关键

在信息系统(IS)的范式中，信息安全研究越来越受到学术研究者和行业从业者的关注。这一有趣的现象与越来越多的人认识到，尽管信息技术(IT)在数据收集、存储和处理方面以惊人的速度取得了进步，但用户对秘密收集的内容的安全性以及因滥用IT而导致的隐私侵犯的担忧也在飙升。诸如网络钓鱼、诈骗和间谍软件等复杂的威胁进一步加剧了用户对信息机密性、完整性和可用性的担忧。因此，对信息系统的技术、理论、管理和监管方面的信息安全相关问题的理解对IT界变得越来越重要。当今的组织不仅要面对商业社会中激烈的同行竞争，还要面对网络世界中日益复杂的信息安全威胁，因为在线存在和商业交易被认为是一种可能的利润驱动途径和全球竞争力的必要手段。在计算机病毒学中，随着技术的不断发展，先进的加密算法可以有效地保护企业宝贵的信息资产，这是积极的一面。然而，从消极的一面来看，它们也可以被恶意攻击者利用来进行有害的活动，以寻求利润或利益。过去的信息安全研究已经从众多的科学角度调查了特洛伊木马、蠕虫和间谍软件等恶意软件程序(Warkentin, Luo, and Templeton, 2005)，并提出了相关的策略和战术来缓解和消除网络威胁(Luo, 2006)。最近，网络空间中出现了一种名为勒索软件或加密病毒的新型恶意软件，引起了信息安全从业者和研究人员的注意。勒索软件对信息资产保护构成严重威胁，它通过劫持用户文件，对其进行加密，然后要求支付赎金以换取解密密钥，从而使互联网用户受害。为了寻找系统漏洞，勒索软件总是试图控制受害者的文件或计算机，直到受害者同意攻击者的要求，通常是通过将资金转移到指定的在线货币账户，如eGold或Webmoney，或通过购买地址通信到Xin Luo，计算机信息系统系，弗吉尼亚州立大学商学院，彼得堡，弗吉尼亚州，23806。电子邮件:xluo@vsu.edu意识教育是预防勒索软件的关键

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Information Systems Security Social Sciences-Safety Research

CiteScore

0.40

自引率

0.00%

发文量