Order Now
Uncategorized

Ransomware: Types, Prevention, And Recent Attacks

11 min read
Posted on 
April 18th, 2025
Home Uncategorized Ransomware: Types, Prevention, And Recent Attacks

What is Ransomware?

Ransomware is considered to be a malware’s subset and in ransomware attack the data that is present in the computer of the victim gets locked which is done by means of encryption. Once the data gets encrypted by the attacker then they makes payment demands from the victim in order to decrypt the file and return the access of the file to the user. The main motive of this type of attack is to demand money [1]. This type of cyber-attack is generally different from the other type of cyber-attacks, mainly due to the reason that whenever this attack occurs the victim gets notified about the attack so as to make the victim aware of the fact that an exploit has occur and they need to follow certain steps in order to recover their data from the attack. This step mainly includes the ways in which the payment is going to be done. The payment demanded by the attacker is generally in the form of virtual currency which includes the bitcoin and many more [2]. Bitcoin is generally demanded because by this way the identity of the attacker would remain hidden.

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

Ransomware is of various type some of the types have been listed below:

  • Bad Rabbit: This is considered to be a strain of Ransomware which first attacked some of the organizations in Russia and Eastern Europe. This ransomware Bad Rabbit spread by the attackers by making use of a fake Adobe Flash update in some of the websites which were compromised. In this type of attack the machine which is infected gets redirected to the page which showed the message that demands money [3]. The amount of money demanded was around 05 bitcoin which is about $285. 
  • Cerber: Cloud-based Office 365 users were the main victims of this attack. This attack had impacted a huge amount of people by making use of an elaborate campaign related to phishing. The major reason lying behind the spread of this malware was due to the growing need for SaaS backup in addition to on-premises.
  • CryptoLocker:Ransomware existed in one form or another but it came into prominence in the year of 2013 when CryptoLocker attack was launched. In the year of 2014 the original CryptoLocker botnet was shut down, however before the shutdown of this the hackers associated with this attack had earned an amount of around $3 million from the victims [4].
  • GoldenEye:GoldenEye is considered to be a ransomware which is similar to another kind of ransomware known as the Petya ransomware. In this type of attack the Hackers are associated with spreading a GoldenEye ransomware by making use of massive campaign whose main target was the human resources departments. Once the downloading of the file is completed a macro gets launched which is associated with encrypting the files present in the victims computer. The golden eye is associated with adding an 8 digit random character extension at the end of each file which gets encrypted. Followed by this the ransomware is also associated with modifying the MBR (Master Boot Record) of the user’s hard drive with a custom boot loader [5].
  • KeRanger:As per ArsTechnica, KeRanger ransomware is considered to be a ransomware which was discovered on a popular BitTorrent client. This type of ransomware is not distributed at wide range however this is generally considered to be first ransomware that was fully functional and was mainly designed for the purpose of locking the Mac OS X applications [6].
  • Spider: This is considered to be another form of ransomware which is generally spread by making use of spam emails. This type of ransomware is generally kept hidden in the Microsoft Word documents which are responsible for the installation of the the malware on the computer of the victim whenever the file is downloaded. This Word document consists of malicious macros and whenever this micros are executed, then the ransomware begins to download and encrypt the data of the victim.
  • WannaCry: This is considered to be a widespread ransomware campaign which is associated with affecting all the organizations throughout the entire world. The ransomware has been associated with affecting almost more than 125,000 organizations [7]. The strain of this ransomware is termed as WCry or WanaCrypt0r and is associated with affecting the Windows machines by means of Microsoft exploit which is known as EternalBlue.

Malicious email attachments, infected software apps, infected external storage devices and compromised websites acts as the major source of spreading of the ransomware malware. A growing number of attacks have used remote desktop protocol and other approaches that don’t rely on any form of user interaction.

During an ransomware attack of lockscreen variant the malware is associated with changing the credentials of a victim’s login page in a device; whereas in case of data kidnapping attack, the malware is associated with encryption of the files present in the device which is infected along with the other connected network devices as well [8].

In the early days of these kind of attacks the attacker used to lock the access to the web browser or to the Windows desktop which was done in such a manner that by application of the reverse-engineering could be applied in order to reopen the locked web browser [9]. With advancement in technologies the hackers have been associated with creating new versions of ransomware which are associated with the usage of strong, public-key encryption to deny access to files on the computer.

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

The presence of the Ransomware kits on the deep web have been associated with allowing the cybercriminals to purchase and use a software tool to launch a ransomware attack which consists of specific capabilities and this is followed by the generation of this malware so as to distribute them and launch an attack by demanding a ransom amount which is to be paid in the form of bitcoin accounts [10]. In case of the RaaS scenario, the provider is associated with the collection of the ransom payments which is followed by taking a certain percentage. This is generally done before distribution it to the service user.

Types of Ransomware

Some of the examples by which the attacker might proceed in order to extort money from the victims have been listed below:

  • In some cases it is seen that the victim are provided with a pop-up message or email ransom note that provides the warning in which they demands a sum of money and if it is not paid within a specific date, then the private key that is required for the purpose of unlocking the device or for decrypting the file would be destroyed.
  • Whereas in many cases it is seen that the victims are duped into believing the fact that they are a subject of an official inquiry. Once they are informed about the fact that they are using an unlicensed software or illegal web content in their computer, then the victim is provided with certain instructions regarding the procedure of paying the further fine [11].

Some of the recent ransomware attacks have been listed below:

One of the ransomware attack was faced by the “National Health Service” of U.K. and it was seen that they were affected heavily due to this attack and it was seen that they were forced to shut done the services at the time of attack. According to report published regarding this event stated that that due to this attack thousands of the companies got affected and the impact almost caused the companies with a damage that might have exceed an amount of more than $1 billion [12].

The report of 2017 Internet Security Threat Report by Symantec, stated that the amount of ransom demanded which has been demanded in year of 2016 is almost triple the demand than has been made in the last two years and the sum of total demand made is almost more than $1,077. It is very difficult to say about how often all the demands are met. According to the study made by IBM stated that almost amongst the 70% of executives that they surveyed stated that they have already made the payments as the per the ransomware demand, whereas the study conducted by the Osterman Research stated that only a mere amount of 3% of U.S.-based companies had paid. In most of the payments made it has been seen that it works that is the files are recovered whereas there exists no assurance regarding the occurrence of the risks [13]. According to the Bulletin by Kasper Security in the year of 2016 stated that almost 20% of the companies were not able to recover the file even after the payment was made

Mobile ransomware also existed in the year of 2015. One of the malicious Android app known as the Porn Droid was associated with locking the phone of the user which was associated with changing the access PIN number of the user and also made demand of $500 as a payment.

The most common way of protecting the users data from the ransomware attacks and other types of cyber extortion, is by backing up the computing devices regularly along with updating the software which includes the antivirus software. It is essential for the End users to be cautious while clicking on the links present in the emails that are received from the strangers or opening any kind of attachments present in the email [14]. The Victims should do anything that is need in order avoid the paying of ransom amount. It is almost not possible to stop ransomware attacks but certainly there exists few important data protection measures. This measures can be used by the individuals and organizations so as to minimize the effects along with recovering the files as quick as possible. Another way of protecting the files against infection is by the deployment of the endpoint protection software [15]. This acts as one of the most effective way of protecting the data from any kind of infection because it would be ensuring the backing up of the files.

Sources and Modes of Spreading

The above report helps in concluding to the fact that the popularity of ransomware has increased due to its success. Ransomware has evolved in last few years which have caused a lot of damages to the organizations as well as to the individuals. In this type of attacks are associated with demanding a ransom amount which is done in terms of bitcoin and once the payments are provided the attacker would be providing the victim with an access to the systems and files. There are various kind of ransomware and they are evolving day by day. In this report few common ransomware have been discussed along with providing the ways by which the ransomware attack can be mitigated. The report has also discussed about the ways by which the ransomware works along with discussing about the various ransomware that has occurred in last few years.

References:

K. Lee S.Y. Moon J.H. Park CloudRPS: A cloud analysis based enhanced ransomware prevention system Springer 2016.

Singh Y. S. Jeongb J. H. Parka “A survey on cloud computing security: Issues threats and solutions” Journal of Network and Computer Applications 2016.

L. Richet “Extortion on the internet: the rise of crypto-ransomware” Harvard 2016.

Chouhan R. Singh “Security attacks on cloud computing with possible solution” International Journal of Advanced Research in Computer Science and Software Engineering vol. 6 no. 1 January 2016.

A. Bamiah S. N. Brohi “Seven deadly threats and vulnerabilities in cloud computing” International Journal Of Advanced Engineering Sciences And Technologies (IJAEST) vol. 9 no. 1 pp. 087-090 2011.

S. Chou “Security threats on cloud computing vulnerabilities” International Journal of Computer Science & Information Technology (IJCSIT) vol. 5 no. 3 June 2013.

Singh P. Patel P. Singh “A review of cloud computing threats & security issues” International Journal of Advanced Technology in Engineering and Science (IJATES) vol. 03 no. 01 March 2015.

Galibus V. Krasnoproshin R. O. Albuquerque E. P. Freitas Elements of cloud storage security: concepts designs and optimized practices Springer 2016.

O’Gorman G. McDonald “Ransomware: a growing menace” Symantec Corporation 2012.

Coles “9 cloud computing security risks every company faces And What Proactive Steps You Can Take to Protect Your Data” Skyhigh Networks 2016.

Gradon “Crime science and the internet battlefield: Securing the analog world from digital crime” Security & Privacy IEEE vol. 11 no. 5 pp. 93-95 2013.

Zhang H. Antunes S. Aggarwal “Defending connected vehicles against malware: Challenges and a solution framework” Internet of Things Journal IEEE vol. 1 no. 10 pp. 10-21 2014.

Brewer “Ransomware attacks: detection prevention and cure” LogRhythm Labs September 2016.

Bleiberg, Report on How Ransomware Pivoted to the Enterprise, 2016.

Lukan, The top cloud computing threats and vulnerabilities in an enterprise environment, November 2014.

Order an Essay Now & Get These Features For Free:

Turnitin Report

Formatting

Title Page

Citation

Outline

Place an Order
Calculate the price
Pages (275 words)
$0.00
Course Scholars
Company
Legal
How Our Service is Used:
Course Scholars essays are NOT intended to be forwarded as finalized work as it is only strictly meant to be used for research and study purposes. Course Scholars does not endorse or condone any type of plagiarism.
Subscribe
No Spam
© 2025 Course Scholars. All rights reserved.
Course Scholars will be listed as ‘Course Scholars’ on your bank statement.

Order your essay today and save 15% with the discount code GINGER

Order Now