Understanding the Evolution of Ransomware: Paradigm Shifts in Attack Structures

  title={Understanding the Evolution of Ransomware: Paradigm Shifts in Attack Structures},
  author={Aaron Zimba and Mumbi Chishimba},
  journal={International Journal of Computer Network and Information Security},
  • Aaron Zimba, Mumbi Chishimba
  • Published 8 January 2019
  • Computer Science
  • International Journal of Computer Network and Information Security
The devasting effects of ransomware have continued to grow over the past two decades which have seen ransomware shift from just being opportunistic attacks to carefully orchestrated attacks. [] Key Method We propose a ransomware categorization framework that classifies the virulence of a given ransomware based on a proposed classification algorithm that is based on data deletion and file encryption attack structures. The categories that increase in severity from CAT1 to CAT5 classify the technical prowess…

Figures and Tables from this paper

A Survey on Ransomware: Evolution, Taxonomy, and Defense Solutions
A comprehensive survey on ransomware and ransomware defense research with respect to PCs/workstations, mobile devices, and IoT/CPS platforms over the period of 1990-2020 is presented, giving a detailed overview of ransomware evolution, and comprehensively analyze the key building blocks of ransomware.
Survey On Ransomware Evolution, Prevention, And Mitigation
A brief history of ransomware, the best methods to prevent the infection, how to detect it, and how to recover from this infection is presented.
Ransomware Anti-Analysis and Evasion Techniques: A Survey and Research Directions
The anatomy of the malware’s invariant intrusions and infection vectors are illustrated, and the various anti-analysis and evasive techniques that are deployable by Ransomware are analyzed.
On the Effectiveness of Behavior-Based Ransomware Detection
A number of techniques to manipulate entropy to match the original file are identified, showing that partial encryption, of as little as 3–5% of a file’s data is sufficient to ransom most file formats.
Game Theoretic Analysis of Ransomware: A Preliminary Study
A game-theoretic model is developed to analyze the attack landscape and to determine under what conditions the defender is in a position of advantage to successfully neutralize the attack.
Teaching Cyber Security Topics Effectively in a College or University with Limited Resources
  • C. V. Gonzalez, Gwang Jung
  • Computer Science, Education
    2019 International Conference on Computational Science and Computational Intelligence (CSCI)
  • 2019
This paper addresses what resources would be required to develop courses to effectively teach students the cyber security concepts and methods at small colleges or universities with limited resources.
SARI Penelitian dalam paper ini adalah untuk mensimulasikan dan menganalisis ransomware untuk memetakan evolusi dari ransomware tersebut, ransomware yang diteliti adalah WannaCry, Petya, NotPetya dan


RansomTracer: Exploiting Cyber Deception for Ransomware Tracing
An auxiliary ransomware traceable system called RansomTracer, which discovers and ensnares the attacker through a network deception environment and uses an auxiliary tracing technology to find the attacker, finally achieving the goal of deterring the ransomware attacker and countering the RDP attack ransomware.
Evolution of ransomware
This study examines the pathway from the first clumsy ransomware attempts to the present day sophisticated ransomware attack campaigns and argues that this low-impact extortion, using highly automated methods, has proven very rewarding for the criminals.
The dynamic analysis of WannaCry ransomware
  • Da-Yu Kao, Shou-Ching Hsiao
  • Computer Science
    2018 20th International Conference on Advanced Communication Technology (ICACT)
  • 2018
The dynamic analysis of WannaCry ransomware explores behavioural indicators and extracts important IOCs (Indicators of Compromise) and Yara tool to create customized patterns is useful for malware information sharing mechanism.
Cutting the Gordian Knot: A Look Under the Hood of Ransomware Attacks
A long-term study of ransomware attacks that have been observed in the wild between 2006 and 2014 suggests that by looking at I/O requests and protecting Master File Table MFT in the NTFS file system, it is possible to detect and prevent a significant number of zero-day ransomware attacks.
Hobby hackers to billion-dollar industry: the evolution of ransomware
A 0-Day Aware Crypto-Ransomware Early Behavioral Detection Framework
This paper puts forward an efficient and effective framework for building crypto-ransomware early detection models that protect users, whether individuals or organizations, of being victimized by such attack.
Improving Backup System Evaluations in Information Security Risk Assessments to Combat Ransomware
The ransomware process, functional backup architecture paradigms, their ability to address ransomware attacks, and suggestions to improve the guidance in NIST SP-800-30 and information security risk assessments to better address ransomware threats are reviewed.
Towards Data Resilience: The Analytical Case of Crypto Ransomware Data Recovery Techniques
The analyses have led to the conclusion that no matter how devastating a crypto ransomware attack might appear, the key to data recovery options lies in the underlying attack structure and the implemented data deletion methodology.
What Petya/NotPetya Ransomware Is and What Its Remidiations Are
The Petya attack is the attack that this paper discusses, especially the most recent version of it, which is referred as NotPetya, which explains how it works, and where and how it spreads.