Technical and behavioural training and awareness solutions for mitigating ransomware attacks

Abstract

Over the years, there has been a significant increase in cyber security risks and vulnerabilities with one of the most severe threat being ransomware attacks. Ransomware, a variant of malware, encrypts files, data, and often locks computer systems, and retains the decryption key until victims pay a ransom. Current method of ransomware mitigation is the analysis and classification of the ransomware and its variants to propose solution for detection and prevention. This mitigation approach omits technology users as part of the solution especially given their role in falling prey to ransomware by means of social engineering attack vectors. The purpose of this qualitative study was to highlight current and emerging ransomware vectors, and to identify cyber security awareness and education solutions that can be applied to mitigate socially engineered ransomware attacks. A semi-structured interview with executives and managers from several financial, technology, construction, transportation, education, and health industries revealed the lack of current awareness and training approaches to mitigate against socially engineered ransomware attacks. This study recommends some specific cybersecurity training and awareness approaches to consider in order to enable technology users resist and mitigate against ransomware attacks.