NKINZI JOSELINE 20/U/ITD/12687/GV

Computer science Field , Cyber Security Problem , Ransomware, solutions and steps taken
to solve the problem in Kampala
What is Ransomware and what are the ways and steps of mitigating it?
My research project talks about a field of computer science, cyber security. Cyber security is the
practice of defending computers, servers, mobile devices, electronic systems, networks, and data
from malicious attacks. It's also known as information technology security or electronic
information security. This field faces a serious issue known as Ransomware. I have exposed the
understanding of this issue, how it affects, its solutions and the steps taken to mitigate the issue.
Ransomware is the biggest concern now in the digital world. In the year 2021, there were an
unprecedented number of ransomware attacks, and this trend continued to happen in Kampala
throughout this year. Ransomware is a malicious attack that leaves your data locked or encrypted
by anonymous cybercriminals. The attackers provide instructions on how to decrypt the files,
and the victims can eventually have their files back after paying a hefty “ransom” upfront.

As the word ransom suggests, it’s hacking into the user’s sensitive information and denying them
access to it until a ransom amount is paid to the hackers. Now, businesses such as those doing
ecommerce that need access to their data to run their daily operations suffer a lot from this
breach, highlighting a serious emphasis that needs to be given by them on their data security
strategies. Besides this, more and more attacks were reported after the pandemic since every
information circulated was using the means of digitalization.

Prevention is the best form of defense when it comes to ransomware. If you or your company
does not have robust preventative security measures in place, you can often find yourself in the
midst of a ransomware attack.

A ransomware attack can be utterly devastating. But if you act promptly immediately after a
ransomware attack, you can mitigate some of the damage using the following ways.

 Restrict administrative privileges: Use caution when handing out administrative

privileges as the admin account has access to everything, including changing
configurations or bypassing critical security settings.
 Patch applications: If you discover a security flaw, patch it as soon as possible to
prevent manipulation and abuse by hackers.
 Use application whitelisting: Application whitelisting is a proactive threat mitigation
technique that allows pre-authorized programs to run while all the others stay blocked by
default. It helps in identifying illegal attempts to execute malicious code and also
prevents unauthorized installations.
 Be wary of emails: Emails are the most vulnerable to ransomware, so it is imperative to
ramp up email security. Secure email gateways ensure all email communications get

1
NKINZI JOSELINE 20/U/ITD/12687/GV

filtered along with activation of URL defenses and attachment sandboxing to identify

threats proactively. As much as email phishing scams need prevention, also pay attention
to post-delivery protection.
 Provide security awareness training: Since human behavior initiates all ransomware
attacks, providing security awareness training is a must for all employees. This training is
imperative as it teaches users to distinguish real threats from legitimate data.
 Employ daily backups: Regular data backups are an integral part of a disaster recovery
plan. In the event of a ransomware attack, you can recover and access backed-up data.
You can always decrypt your original data by restoring successful backups. Besides
being extra careful, always remember that malware attacks, including ransomware, target
unpatched and obsolete software. So, it's important that all software running on your
machine is up-to-date with all the latest security updates in place.

These are some of the steps that can be followed to mitigate the issue of ransomware

 Stay Calm and Collected ,It's difficult to stay calm and composed when you cannot
access important files on your computer. But the first step to take after getting hit by
ransomware is to not panic and stay level-headed. Staying calm and taking a step back
can sometimes open doors for negotiations with the attacker.

 Take a Photo of the Ransomware Note ,The second step is to immediately take a
picture of the ransomware note on your screen through your smartphone or a camera.
This will help you in filing a police report and will expedite the process of recovery.

 Quarantine Affected Systems ,It's important to isolate the affected systems as soon as
possible. Ransomware typically scans the target network and propagates laterally to other
systems.

 Look for Decryption Tools, If you already know the name of your ransomware strain,
then you can simply plug it into the website and search for the matching decryption. The
list is not alphabetical, and the site adds new decryption tools to the bottom of the list.

 Disable Maintenance Tasks, You should immediately disable automated maintenance

tasks, such as temporary file removal and log rotation, on affected systems. This will
prevent these tasks from interfering with files that might be useful for forensics and
investigation analysis.

 Disconnect Backups ,It is imperative for you or your organization to secure your
backups by severing them from the rest of the network. You should also lock down
access to backup systems until after the infection gets removed

2
NKINZI JOSELINE 20/U/ITD/12687/GV

 Identify the Attack Variant

 To determine the ransomware strain, you can use free services such as Emsisoft’s online
ransomware identification tool or ID Ransomware.

 These services allow users to upload a sample of the encrypted file, any ransom note left
behind, and the attacker's contact information, if available. The analysis of this
information can identify the type of ransomware strain that has impacted the user's files.

 Reset Passwords ,Change all online and account passwords once you have disconnected
the affected systems from the network.

 Report the Ransomware, The moment you notice a ransomware attack, be sure to
contact law enforcement.

 .Decide Whether to Pay or Not, Only pay for ransomware if you have exhausted all
other options and the loss of data is more damaging to you or your company than paying
the ransom.

In conclusion, If you are a victim of a ransomware attack, keep in mind that you can reduce its
impact if you take prompt and immediate action following the attack, ransomware is relentless
and damaging. But with due diligence and by following good security hygiene, you can stop
these malicious attacks before they can cause significant damage.

References

1.https://www.simplilearn.com/introduction-to-cyber-security-article

2.https://www.makeuseof.com/ransomware-attack-steps-to-take/

3.https://www.thesagenext.com/blog/emerging-cybersecurity-challenges/