Ransomware Attacks Forensic Investigation [Dark Side of the Web]

BY SIFS India | June 07, 2023

Ransomware Attacks Forensic Investigation [Dark Side of the Web]

Abstract- Crime is a boorish act that is forbidden by law. Over the past two decades, internet has created unprecedented new opportunities for offending in many forms.

Numerous cyber threats are growing that have serious impacts on society in the form of economic disruptions, psychological disorders, threats to national defence, etc.

In addition to viruses, malware & ransomware are frequent problems seen by expounders.

Therefore, in this article you will have a basic understanding of ransomware with its type, evolution, target, and impact on society.


With the advancement of time, scientific knowledge is applied to practical aims which make the task easier and help to solve the problems of mankind and is termed as technology.

The internet is also a type of technology based on information that provides data on the global network using Standardized Communication Protocols.

At present, organizations including the public and private sectors use internet technology effectively and efficiently to fulfill their needs. But as the internet became the backbone of every organization, cyber attack is their biggest concern. 

Types of Malware

A computer is not only infected with viruses but there are different types of attacks faced by digital devices. Malware is a perennial attack that could use by a cyber criminal to interfere with a computer’s normal functioning, destruct the data, producing threats in willing of getting money.

Malware has seven types:

1. Trojans

2. Spyware

3. Adware

4. Rootkits

5. Ransomware

6. Worms

7. Keyloggers


Ransomware is a form of malevolent software that locks up the files on the computer, encrypts them, displays the notification, and demands ransom money to get the files back or unravel data.

The demand is usually in the form of virtual currency, bitcoin because it is strenuous to track. 

This type of attack becomes a global incidence, with the primary aim of making monetary gains through illicit means. The attack started through emails & expanded through spamming and phishing.  

Types of Ransomware

Attackers have developed a way to legitimatize files already on a victim’s computer. They attain this by encrypting files and then charging for access to the key.

This type of malware has begotten a new classification, crypto-ransomware but is more often known by the name of the prevalent version, Crypto Locker, or its variant Tesla Crypt and Crypt Wall. 

Although there are multitudinous strains of ransomware, they mainly fall into two main divisions:

1. Crypto Ransomware

2. Locker Ransomware

Table 1 - Crypto Ransomware and Locker Ransomware

Crypto Ransomware
Locker Ransomware

It is as simple as weaponizing strong encryption against victims to deny them access to those files. 

Heavily utilizes social engineering.

This locks the device’s user interface and then demands the victim for the ransom. 

Preys on users who do not utilize offline backups.

Evolution of Ransomware

From 1989 attacks of ransomware were started and got typical to crack with the expansion of type. Ransomware attack got very common after being included as a service in form of ransomware-as-a-service.

 Some of the famous cases regarding Ransomware -

• In August 2016, Bournemouth University successfully attacked and corrupted files with ransomware 21 times during the previous 12 months.

• In April 2016, A Network Hospital of Medstar Health in Maryland was attacked & blocked from working by the Sam-Sam Ransomware.

• In February 2016, Hollywood Presbyterian Medical was attacked by Locky ransomware, which disrupted working for two weeks until they paid 40 Bitcoin (about $17000) to recover its files. 


Figure 1 - Evolution of Ransomware

Targets for Ransomware

The number of people and businesses at a risk is increasing every year. Anyone can be targeted by ransomware attacks including individuals, government entities, hospitals, or private sectors. 

To understand the targets of Ransomware properly, it can be studied under two divisions:

1. User wise

2. System wise 

User Wise

All types of users of every age group can be targeted for getting ransom including people who are not technically knowledgeable who too can be pressurized by this attack.

Users can be of different types:

- The Average User

- Business Class User

- Emergency Service

- Financial Institutions

System Wise

All kind of system is valuable for criminals but they target the profitable system.

System can be of different types:

- Personal Computers (PC)

- Mobile Device

Impact of Ransomware

Ransomware not only targets home users, businesses can also get infected.

It leads to negative consequences, including:

• Temporary or permanent loss of sensitive or proprietary information,

• Disruption to regular operations,

• Financial loss incurred to restore system and files, &

• Potential harm to an organization’s reputation.

Paying the ransom does not guarantee that the encrypted files will be released; it only guarantees that the malicious actors receive the victim’s money, and in some cases, their banking information.

In addition, decrypting files does not mean the malware infection itself has been removed.

A Global Cyber Attack unleashed more than 200,000 computers across more than 150 countries that were affected by the “ransomware”, called “WannaCry”. 

The top five cities impacted by the ransomware attack are Kolkata followed by Delhi Bhubaneshwar, Pune, and Mumbai, while the top five states with maximum detections of the WannaCry virus are West Bengal, Maharashtra, Gujrat, Delhi NCR, and Odhisa.

Ransomware Attack Prevention

The best way to protect our system is to create a regular backup of files.

The malware only affects files that exist in the computer.

If the machine is infected by ransomware, reset the machine using the backup & reinstall the software to restore the files from the backup.

According to Microsoft’s Malware Protection Centre, other precautions include regularly updating your anti-virus program; enabling pop-up blockers; updating all software periodically; ensuring the smart screen (in Internet Explorer) is turned on, which helps in determining reported phishing and malware websites; avoid opening attachments that may appear suspicious.   

As the voguish saying, “Precaution is better than cure” Some steps for securing our systems are given below:

Step 1: Back up

Step 2: Avoid all spam links if unknown. Use Ad blockers can protect against advertising. Turning off Java and JavaScript.

Step 3: Patch and block. All the OS, browsers, and security systems should always be kept up-to-date & patched including third-party plug-ins, like Java and Flash.

Step 4: Drop and Roll. If a machine is found sign of infection, then to minimize the infection infected the machine should be immediately turned off, the network also should be turned off if the machine is on the network.


Increased growth of internet technology paves the wave for every individual and organization for accessing information with the touch of a fingertip.

The nature of the internet is vulnerable to threats. Due to the escalation of the internet, cyber crimes also improved in their way.

Security is a substantial thing since the unearthing of the Internet. Hence, cyber security becomes obligatory to take circumspection mechanisms for avoiding ransomware attacks further.