Order Now
Uncategorized

Ransomware: Evolution, Mitigation, And Prevention

10 min read
Posted on 
April 25th, 2025
Home Uncategorized Ransomware: Evolution, Mitigation, And Prevention

Discussion

Ransomware is the most important and noteworthy subpart of malware, in which any type of sensitive data or information within the specific system, is kept locked by an attacker [1]. The locking of information is done by encryption technology and a typical amount of payment is demanded. After demanding for the money, the attacker sets the condition that he would decrypt the files as soon as he gets the money and the access will be returned to the intended user. The most basic motive of the ransomware attack is monetary and the respective attacker only demands for money. This type of payment is generally taken in digital currencies, such as in Etherium or Bitcoin. The reason for this is that the hacker could keep his or her identity hidden from the world [2]. The overall impact of this ransomware attack is more dangerous to the society since the demanded money is way more than the affordable range. Furthermore, the confidentiality as well as integrity of the data is lost. This report will be providing a brief explanation regarding the ransomware attacks and their overall impact on the world.

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

The attacks of ransomware are growing gradually and it is becoming one of the most vulnerable attacks in cyber world. The sensitive data or system is kept captive by the attacker and then the attacker demands for money [3]. There are various types of variants in the ransomware malware. These five typical ransomware variants are given below:

  1. i) CryptoLocker: The first and the foremost ransomware malware is the CryptoLocker. This particular ransomware malware started the destruction in 2013 and it is spread by the attachments of emails [4]. Therefore, the utilization of RSA public key encryptions to seal up the users’ files is done perfectly. Then, in the last phase, the ransom is demanded for returning the decryption keys of those files. More than 500000 machines and devices were affected by this ransomware malware during the year 2013 or 2014.
  2. ii) TeslaCrypt: This is the next distinct variant of the ransomware malware. The variant subsequently targeted the confidential files or folders, which were linked with downloaded contents, saved games, video games, maps and several others [5]. Although, these files were vital for these gamers, they saved them within the local drives.

iii) SimpleLocker: Another significant ransomware variant is the SimpleLocker, which targeted the Android platforms [6]. This variant came into account during the year of 2015 or 2016. This particular variant eventually infected the various Android versions and thus the files were encrypted and those files and folders were made inaccessible. The malicious payloads were delivered by this variant with the help of Trojan downloader.

  1. iv) WannaCry: The fourth type of ransomware variant is the WannaCry. This particular attack occurred in the month of May 2017 [7]. WannaCry is termed as the most significant attack that is being registered in the cyber world. About 250000 systems were infected in 116 different countries and apart from them, 150000 Android devices were also infected in this attack.
  2. v) NotPetya: Another important ransomware variant is the NotPetya malware. This came into account after WannaCry attack and this is the updated version of WannaCry [8]. This used the package of EternalBlue. Various Android devices and systems were infected in the entire world.

There are two categories of ransomware, which are Locker Ransomware and Crypto Ransomware. All the variants of ransomware fall under these two categories.

 

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

Figure 1: Taxonomy for Five Variants of Ransomware with Categories

(Source: Created by the Author in MS Word)

All the above mentioned variants of the ransomware malwares, the destructive variant is the WannaCry ransomware. This particular ransomware has infected the National Health Services or NHS in the United Kingdom [9]. The other companies were also affected by this within China, Europe, Russia and USA. It exploits the EternalBlue software and encrypts the confidential files and folders. A specific amount of cash is being demanded by this hacker.

Potential Threats by Ransomware

Five specific phases are present within the working mechanism of any specific ransomware attack. These are as follows:

  1. i) Exploitation or Infection: The first phase is completed by hacking an email and by exploiting the kit [10].
  2. ii) Delivery or Execution: In the second phase, the original ransomware executables are eventually delivered in the specific system.

iii) Back up Spoliation: This ransomware targets the backup files in the system and then removes these for the prevention of backup restoration.

  1. iv) User Notifications and Clean ups: This is the final phase where the backup data are eradicated and then payment is demanded by the user [11].

Various potential threats are present that are posed by the ransomware malware. These threats are given below:

  1. i) File Encryption: The most vital and noteworthy potential threat is the file encryption in ramsomware. The process of encryption helps to keep any file and data safe and secured by hiding it eventually [3]. This is done for keeping it safe from the unauthenticated users. The message or data is encoded by this technique in this method that only authorized users have the ability to access the data and thus the authenticated users could not access that data. The method of encryption converts the plain text to the cipher text and the message can only be decrypted by a specific key. Often this key is different for locking and unlocking the message [12]. The data could not decrypted by that key. However, in the attack of ransomware, this attacker can encrypt the data to the respective cipher text. This is thus a major threat for the users.
  2. ii) Deletion of Files: The second important threat caused by the ransomware malware is deleting several files. This attacker significantly deletes the confidential messages and even changes the content of the data [1]. The intended user is not even aware of the situation and thus threatening this individual is very easy for the attacker. He could even delete the files if he will not get the ransom.

iii) Losing Confidentiality of Data: Another significant potential threat posed by the malware of ransomware is losing the confidentiality of the data [2]. The specific data is often changed by the hacker and thus the integrity and confidentiality is lost. Hence, destruction occurs.

  1. iv) Locking the Systems: The fourth significant potential threat by ransomware is the locking up of systems. The attacker locks the intended system and data and next, he demands for cash from the user. This particular user could not open the files at any cost and hence gets ready to pay for the destruction [3].  There is an important aspect of system locking threat that even the cyber experts have no clue about cracking the typical codes. Hence, ransom is being demanded by the attacked.

During the month of May in 2017, a popular case study of cyber attack took place in the world. This attack is termed as WannaCry ransomware cyber attack. This attack particularly targeted those typical computer systems that were running on the operating system of Microsoft Windows. The crypto worm that caused the destruction is known as WannaCry Crypto worm [4]. This crypto worm encrypted the files and made a demand for ransom in the digital currency of Bitcoin. The WannaCry Crypto worm started the destruction through EternalBlue and it was executed by the popular group of hackers, known as Shadow Brokers. Around 500000 were infected in this case and varios popular organizations were harmed.

Two specific mitigation tools for the ransomware attack are given below:

  1. i) SSDT: The first mitigation tool is System Service Descriptor Table or SSDT. This is considered as the most effective and popular mitigation tool for ransomware malware [5]. While the file encryption is executed, all the activities could be easily notified about the location of the file storage. The entire cleaning up of systems is done with the help of this tool and thus the malware of ransomware is eradicated.
  2. ii) Procmon: The next important mitigation tool is the Procmon. This tool eventually shows all the desired activities within any specific system. Procmon has the core capability to filter the data so that the attacker does not get relevant information while hacking the system [6]. The honeypots are monitored by this mitigation tool and thus detection of the ransomware malware is much easier.

Therefore, from the above report, conclusion can be drawn that the malware of ransomware is easily and promptly spread over several kinds of malicious emails, fake websites, infected applications of software, infected external storages and many others. The respective incrementing number of these attacks could easily use the remote desktop protocols and any other approaches that have got zero interaction of users. The ransomware malware changes the respective login details of that particular user in any typical computing device. This malware can also encrypt the confidential files of data present in the infected network devices. Ransomware is the software, which has emerged from the cryptovirology and it significantly threatens for publishing that confidential information and data of the user. He even threatens to block the access of that system, only until the ransom is paid. When this ransomware malware eventually locks the specific system or encrypts the data, even the cyber experts could not get the track of decrypting that data. As this type of transactions is done by the help of digitalized currencies, the tracking of that hacker becomes much difficult and thus the hacker gets saved. This above report has properly explained the several threats and mitigation tools of the ransomware malware.

References

[1] Pathak, P. B., and Yeshwant Mahavidyalaya Nanded. “A dangerous trend of cybercrime: ransomware growing challenge.” International Journal of Advanced Research in Computer Engineering & Technology (IJARCET) Volume 5 (2016).

[2] Richardson, Ronny, and Max North. “Ransomware: Evolution, mitigation and prevention.” International Management Review13, no. 1 (2017): 10-21.

 [3] Bhardwaj, Akashdeep, Vinay Avasthi, Hanumat Sastry, and G. V. B. Subrahmanyam. “Ransomware digital extortion: a rising new age threat.” Indian Journal of Science and Technology 9, no. 14 (2016): 1-5.

[4] Continella, Andrea, Alessandro Guagnelli, Giovanni Zingaro, Giulio De Pasquale, Alessandro Barenghi, Stefano Zanero, and Federico Maggi. “ShieldFS: a self-healing, ransomware-aware filesystem.” In Proceedings of the 32nd Annual Conference on Computer Security Applications, pp. 336-347. ACM, 2016.

[5] Scaife, Nolen, Henry Carter, Patrick Traynor, and Kevin RB Butler. “Cryptolock (and drop it): stopping ransomware attacks on user data.” In Distributed Computing Systems (ICDCS), 2016 IEEE 36th International Conference on, pp. 303-312. IEEE, 2016.

[6] Yang, Tianda, Yu Yang, Kai Qian, Dan Chia-Tien Lo, Ying Qian, and Lixin Tao. “Automated detection and analysis for android ransomware.” In High Performance Computing and Communications (HPCC), 2015 IEEE 7th International Symposium on Cyberspace Safety and Security (CSS), 2015 IEEE 12th International Conferen on Embedded Software and Systems (ICESS), 2015 IEEE 17th International Conference on, pp. 1338-1343. IEEE, 2015.

[7] Kharraz, Amin, William Robertson, Davide Balzarotti, Leyla Bilge, and Engin Kirda. “Cutting the gordian knot: A look under the hood of ransomware attacks.” In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pp. 3-24. Springer, Cham, 2015.

[8] Mohurle, Savita, and Manisha Patil. “A brief study of wannacry threat: Ransomware attack 2017.” International Journal of Advanced Research in Computer Science 8, no. 5 (2017).

[9] Azmoodeh, Amin, Ali Dehghantanha, Mauro Conti, and Kim-Kwang Raymond Choo. “Detecting crypto-ransomware in IoT networks based on energy consumption footprint.” Journal of Ambient Intelligence and Humanized Computing (2017): 1-12.

[10] Homayoun, Sajad, Ali Dehghantanha, Marzieh Ahmadzadeh, Sattar Hashemi, and Raouf Khayami. “Know abnormal, find evil: Frequent pattern mining for ransomware threat hunting and intelligence.” IEEE Transactions on Emerging Topics in Computing (2017).

[11] Moore, Chris. “Detecting ransomware with honeypot techniques.” In Cybersecurity and Cyberforensics Conference (CCC), 2016, pp. 77-81. IEEE, 2016.

[12] Orman, Hilarie. “Evil offspring-ransomware and crypto technology.” IEEE Internet Computing 5 (2016): 89-94.

Order an Essay Now & Get These Features For Free:

Turnitin Report

Formatting

Title Page

Citation

Outline

Place an Order
Calculate the price
Pages (275 words)
$0.00
Course Scholars
Company
Legal
How Our Service is Used:
Course Scholars essays are NOT intended to be forwarded as finalized work as it is only strictly meant to be used for research and study purposes. Course Scholars does not endorse or condone any type of plagiarism.
Subscribe
No Spam
© 2025 Course Scholars. All rights reserved.
Course Scholars will be listed as ‘Course Scholars’ on your bank statement.

Order your essay today and save 15% with the discount code GINGER

Order Now