Ransomware Attacks on Remote Learning Systems in 21 st Century: A Survey

all transactions the clients regardless where they are. The data and information are readily visible and can be recovered. In addition, it simplifies and speeds up communication and collaboration across various sectors. While digital information has improved the life of people in different fields, there are still some shortcomings and deficiencies that could impact the easing of operations like cyber-attacks. Cyber-attacks that are called cyberspace offences committed by internet criminals or hackers are aimed at harming the device or network of a person or an organization to make profits or reprisals. Any of the cyber threats, for instance phishing, spyware, spam, trojan and ransomware, would be the last to be focused on by the post. Ransomware is malicious software which tries to lock or encrypt data and files for the purposes of money-making (demanding ransom). Ransomware was described as the Webster dictionary “malware which requires a victim to pay for a restitution to access encrypted files” (Merriam-Webster’s dictionary, 2020). the this attack is one of the risky threats that can allow the system to get out without losses. the prohibits ABSTRACT The expanded use of computers and IT draws the attention of cybercriminals who design different strategies to jeopardize data and information protection and privacy of legitimate users. To jeopardize privacy, honesty, and availability of the data and information saved, interpreted, and distributed by machines, this is done by unscrupulous security scheme approaches in hardware and software systems. To make unauthorized entry, reveal, or modify data, malicious persons exploit vulnerabilities in computers, programs, and applications. An effective assault on a computer system like Ransomware could lead to devastating losses for individuals and groups. Financial information, scores, and medical records will be revealed in access to confidential personal details. Besides, ransomware poses growing risks to the enterprise and individual files and computers. It blocks the use of corrupted files or stolen computers to innocent victims until they normally pay a ransom in bitcoin form. In certain instances, even though a survivor pays the ransom, hackers do not have the decryption key. At times, attempting to decrypt files using the attacker’s key does more damage to systems-speiched files. Technological advances such as malware developing packages, bitcoins, and ransomware make it easier to maximize the number of ransomware attacks on personal computers, networks, and mobile devices. The study document aims to identify the attacks of ransomware and examine their effect on distant learning. There will be extensive discussion and analysis of different solutions and strategies. A detailed understanding of each of the technical difficulties and pitfalls for both organizations and developers is presented. Finally, the report would offer a general guideline for some preventive steps following the analysis on the effect and harm caused by ransomware that should be put in place to avoid such dangerous attacks on devices and infrastructure of remote learning.


Introduction
The future has changed most through digital conversion if not all content has been digital information. In addition, the automated data collection mechanism facilitating the bulk of the for instance phishing, spyware, spam, trojan and ransomware, would be the last to be focused on by the post. Ransomware is malicious software which tries to lock or encrypt data and files for the purposes of money-making (demanding ransom). Ransomware was described as the Webster dictionary "malware which requires a victim to pay for a restitution to access encrypted files" (Merriam-Webster's dictionary, 2020).
From the ransomware description it can be understood that this attack is one of the risky threats that can allow the system to get out without losses. Once the victim has been locked, it prohibits

ARTICLE INFO ABSTRACT
The expanded use of computers and IT draws the attention of cybercriminals who design different strategies to jeopardize data and information protection and privacy of legitimate users. To jeopardize privacy, honesty, and availability of the data and information saved, interpreted, and distributed by machines, this is done by unscrupulous security scheme approaches in hardware and software systems. To make unauthorized entry, reveal, or modify data, malicious persons exploit vulnerabilities in computers, programs, and applications. An effective assault on a computer system like Ransomware could lead to devastating losses for individuals and groups. Financial information, scores, and medical records will be revealed in access to confidential personal details. Besides, ransomware poses growing risks to the enterprise and individual files and computers. It blocks the use of corrupted files or stolen computers to innocent victims until they normally pay a ransom in bitcoin form. In certain instances, even though a survivor pays the ransom, hackers do not have the decryption key. At times, attempting to decrypt files using the attacker's key does more damage to systems-speiched files. Technological advances such as malware developing packages, bitcoins, and ransomware make it easier to maximize the number of ransomware attacks on personal computers, networks, and mobile devices. The study document aims to identify the attacks of ransomware and examine their effect on distant learning. There will be extensive discussion and analysis of different solutions and strategies. A detailed understanding of each of the technical difficulties and pitfalls for both organizations and developers is presented. Finally, the report would offer a general guideline for some preventive steps following the analysis on the effect and harm caused by ransomware that should be put in place to avoid such dangerous attacks on devices and infrastructure of remote learning. them from accessing their files and results. Sensitive files, including financial records, corporate databases, or personal files, are also attacked by Ransomware. Attackers then call for money to decrypt the data and files. The main objective of such attacks is typically money. There are several ways to accomplish their objectives, including calls to the unauthorized publication of private content and confidential content among the victims [1]. There were therefore two alternatives open to the survivor in this situation, either to pay them no guarantee that the data will be decrypted and recovered or to format their machines. Software and networks blockage can have detrimental effects, and multiple data issues can result, in lack of productivities and expenditure of time to recover files and services, and loss of useful information on a permanent or temporary basis [2]. Moreover, the economic problems which occur because of paying ransoms and income losses due to the suspension of development, such as governmental, education and others [3].
However, cybercrimes have an impact that exceeds shutdown and data and money loss schemes, which can lead to life loss. The first cyber-attack death in Germany was declared according to the New York Times on 11 September 2020 [4]. The crash occurred after which a woman was diagnosed as a critical illness and emergency when she went to Düsseldorf University Hospital. Consequently, she wanted a medical emergency. Surprisingly, medical personnel detected the cyber hackers that used ransomware attacks in attempt to compel the hospital to pay a rescue to release their devices compromised all operating systems, in addition to patient hospital data registers. There are various and distinct ransomware attacks in previous years [5] that have imperiled several corporations, organizations and governments. The "WannaCry" that started on 12 May 2017 targeted many hospitals, colleges, and governmental institutions was one of the worst waves ever. It passed through at least 150 universities and in 48 hours it corrupted some 230,000 computers and killed more than 2,00,000 people. "This has triggered film effects, hospitals paralyzed, transit grids interrupted and industries immobilized" [6,7].
Today, following the declaration on 30 January 2020 [8], by the Global Health Organization of COVID-19 as a pandemic, several governments/county countries have adopted distance learning to supplement a conventional education solution to disease prevention and avoid the outbreak of the virus between students and workers [6]. Converting into remote teaching means that, apart from students and computers, school networks and university systems are exposed to bugs, ransomware and cybercrimes, especially because certain people or students have no experience defending their devices from hackers and malware [9]. In addition, the issue of the nature and impact of cyber-attacks to distant learning risks and challenges in the education sector is being asked and of how this can be prevented?
"Prevention is better than treatment" says the general saying that with the recent growth of attacks because of accelerated technological progress, weaknesses have arisen in the field of digital technologies and in the education sector. Therefore, it is important to define security measures and how to deal with ransomware attacks. The objectives of the research paper are to categorize the ransomware attacks and analyze the impact of these attacks in distant learning. Different solutions and techniques are thoroughly discussed and analyzed. Detailed knowledge for both organizations and entrepreneurs also includes of the technical difficulties and disadvantages. In conclusion, the study would include a general guideline, after a review of the effect and harm caused by ransomware, on some mitigation steps which should be taken to stop such risky attacks on remote learning devices and infrastructures. This paper is organized as follows. In section 2, we provide an extensive literature review on ransomware.
Section 3 discussed the framework for analyzing ransomware using machine learning. Section 4 present the research discussion.
The recommendation was provided in section 5. While section 6 concludes the paper.

Literature Review
In this section, some security strategies and techniques to detect and avoid ransomware attacks will be addressed. Common approaches such as anti-viruses to identify and prevent machines from being infected have been used for combating attacks and identifying malware. Users are often asked what services they try to reach, websites, e-mail attachments and connections. Backup methods are essential in order to protect from threats by their different versions, and could help to re-image viruses, machines and workstations and recover archives [10]. New sophisticated malware families though, thanks to their complicated algorithms, are difficult to detect using standard approaches. This includes techniques.

Honeypot
Honeypot is a tool developed specifically to identify and capture various approaches to attacks used by hackers (Seungjin).
The honeypot strategy does not prevent or reduce attackers' target systems [11]. Thus, Honeypot's primary function is to gather and not deter information on the attack. Since it is a fake network administrator machine resource to serve as a decoy and to identify any unauthorized [12] entry. This method also functions as an interference file for the malware, i.e., it is a technique that can interrupt hackers into your system/server [13]. Honeypot's task is to be quiet and assume that the intruder is a real world. There are honeypots such that it is called a productive device and targeted by the attackers. It extracts data from the perpetrator and gives information about the assailant's movements [14]. In addition, the honeypot scheme must contain files to make the assailant believe it is a lawful server, not a decoy. In this situation, it is important that the user knows and has the characteristics of the ransomware types and the files that ransomware will invade. A proper safety system is then implemented on the network to prevent these attacks [15].
In summary, the Honeypot is widely classified in two categories: testing and manufacturing honeypots [11]. The Honeypots research is used to collect maximum information. This knowledge is used to understand the present threat and to create a stronger defense, while the manufacturing honeypot collects details about the attacker and mitigates the risks of the organization. The accelerated production and growth of high technology devices is currently increasing the number of ransomware attackers on different devices [16]. The Internet of Substances (IoT) is currently a trendy technical and research area. However, researchers have gained an interest in proposing various homeopathical approaches for tackling ransomware attacks based on their benefit and suitability for IoT applications for consumers to gather their trust in these devices. These include, [5,11], who uses social leopard algorithm to build an IDH that detects ransomware attacks on IoT networks.

Intrusion detection honeypot(s).
Honey Checking and Complex Event Processing are the mechanism proposed (CEP). The proposed IDH uses the CEP approach to compare the host functionality, network functionality and various activities of other applications such as the audit watch and firewall, which increases the accuracy of the aggregated performance. In the development area, the proposed IDH can also be easily deployed. The findings indicate that the Honey used to track file system activity is incredibly real by showing its reaction to the ransomware of the host. The assessment further confirms that, without limited data loss, the IDH proposed is effective in restricting ransomware activity. The proposed functionality does not however include auto-tabling and transfers learning, the mechanism for optimizing loads in IoT devices. Likewise [14], honeypot techniques were developed using investigated ransomware detection methods.
The methodology suggested can track all ransomware operations.
The benefit of this technology is that the suggested strategy uses the "Event Sentry or Microsoft File Server Resource Manager File Screening Service" function for monitoring Windows safety logs after detection of illegal activity. Apps such as e-mail reminders when threats are observed are a problem.
In addition, the technique proposed is not meant to detect ransomware threats, which in turn is detrimental to device users.
Moreover, the Dionaean honeypoth technique [15] was used for malware capture and analytics to capture various zero-day attacks and to ensure that the device has not been accessed/attacked. The strategy suggested can be divided into various classes depending on the actions and properties of caught Ransomware attacks. The classification would provide researchers with instructions on how to build a comprehensive malware protection system. However, on the higher operating system the system proposed cannot operate, except on the SQL 2000 XP version of windows. Additionally, the technique lacks high honeypot interaction capability.
A random forest approach for the identification of ransomware using a computer teaching technique was recently used by [17]. The main difference of the proposed strategy is to distribute disassembly by continuously abstracting the raw byte attributes, using a repetitive, programmed mining process that abnormally increases the detection speed. In addition [17], a new blocking method was proposed, which uses honeypots to detect and effectively avoid the spread of botnet in software-defined networks with disappointment techniques and botnet detection honeypots. The proposed technique has the potential to reduce the contamination rate to 25 per cent and to maximize the time expended by the competitor. This approach, however, lacks dispersed decoy managers that increase system traffic and thus decrease overall system output and productivity. We provide a summary of the existing Honeypot techniques presented in Table 1. It may also maximize the wasted time of the opponent.
There are no dispersed decoy managers which increase the load on the system.

SSD-Insider++
It is a ransomware scheme that protects user files from ransomware harm. It is a backup tool which saves copies of files in backup storage, it is found in the SSD console as a firmware. It has two functions, namely ransomware and very low-cost retrieval.
When ransomware is discovered, it is executed to recover the original files using the delays of the disk [18]. This technique is defined as a monitoring schedule for the routine detection of malicious ransomware behavior. Figure 1 illustrates how this technique works. In Figure 1 Reading LBA 1 is the first submission.
SSD-Insider++ produces a new entry, starting at LBA 1, with time stamp 0 seconds since there is no matched entry in the table. The table is also recorded. Initially, RL becomes 1 as one LBA is read.
The second and third queries are read respectively by LBAs 2 and 3. Based on LBA 1, RL is changed to 3. As LBA 1 has been read. It is simply ignored because there are duplicate reads. While recovery storage data using this technique is provided in Figure 2.   Assume that the infection with the ransomware is found in t.
New information is encrypted for LBAs 0, 1 and 2 and the malware removes the data for LBA 3. The original data is recovered only by modifying its mapping table to replace current mapping pairs (i.e.,

Machine Learning
Machine learning is an artificial intelligence division that deals with the design and creation of algorithms and technologies that enable computers to have "learning" property. Two levels of learning are commonly available: inductive and deductive.
General laws and decisions from Big Data inductively assumed.
The key role of machine learn is to derive useful knowledge from data, so data mining, statistics and theoretical computer science are very similar to each other. In several areas from mechanics to medicine Machine Learning is included [17].

Framework for Analyzing Ransomware Using Machine Learning
Experts also attempted to identify ransomware by studying the process by which the device identifies malicious programs through the effects it has on the computer and the programs.
Certain approaches have been adopted: To track and stop the large amount of zero-day ransomware attacks in the NTFS file system evaluate I/O queries and follow-up improvements to the system to secure the master file [23]. Another tool. the emphasis of a master learning approach to evaluate and categorize complex analyzes of ransomware using logistic regression [24]. Such tools make smart choices and lead activities to differentiate between usual program execution and irregular execution.
In addition, a ransomware detector using the Random Forest Technique was also suggested. Ultimately, SSD-Insider++ can read and write page by page. Also, ransomware will interpret, encrypt and overwrite the user data. Pages infected by ransomware thus display a standard IO output trend for reading after writing. Ransomware is the workaround in which to safeguard and recover original information in advance when compromised. However, existing methods, which backup and restore data via a file system, entail additional space costs for overhead backup and IO performance to assess ransomware intrusion and include the possibility of harm due to intelligent ransomware attacks to the backup data.

Recommendation
In this section, we include some suggestions to developers and scientists interested in this field of study. To provide a healthy learning atmosphere for students, teachers, professors, and guests, the ability to interact securely in an eLearning system is an important aspect. A required cybersecurity consideration should be taken into consideration to secure higher education institutions. f. Diligent copying of computers and files should be done to make them easy to restore where there has been a problem or information lost, such as using external disk or flash, etc. g.
In the interest of remote education, embezzlement. False messages may be received to submit materials, so the sources of information need to be considered.
h. Change the password to use solid passwords, consider using a minimum of 12 long, uppercase, and lowercase mixture characters.

i.
Do not open questionable connections and guarantee site protection (if students share them between them).
j. Careful management of networks is critical. Such that users will trust that a robust security protocol protects their company infrastructure.
k. Improve and promote cyber-security education and preparation for staff and students through LMSs, such as cybersecurity learning management systems (CyLMS).
l. Lastly, the e-learning environment needs strong and written cyber protection protocols for secure use, maintenance and/or responsible/acceptable use to mitigate possible weaknesses such as implementing network access points and preventing unwanted access. Additionally, other approaches were presented in this study, such as honeypot and SSD-insider. The advantages and drawbacks have been detailed. We also advise and advise academics and ransomware designers in a very informative way.