VIJ Digital library
Articles

The Evolution of Ransomware: Tactics, Techniques, and Mitigation Strategies

Gourav Nagar
ieee/independent Researcher

Submission to VIJ 2024-06-30

Abstract

Ransomware has developed into one of the most dangerous cyber threats. It is developed for the purpose of encrypting the data, and the owner is to pay the specified amount of money for the decoder. From simple rudimentary to developed sort with advanced encryption methods and modern distribution techniques, this research article is a complete historical journey of ransomware. Some of the specific aspects of ransomware development include the process of how the attackers act, starting from the traditional approach of spraying the malware to another strategic approach of singling out industries and organizations for attacks.The article also analyzes how the world came to know about ransomware-as-a-service (RaaS). The analysts have attributed the docket to the fact that it has also made it easy for inexperienced and unskilled hackers to embrace the commodity space by merely launching ransomware attacks. Current ransomware strategies that hackers employ include double extortion, where they steal information and threaten to publish the stolen data publicly, besides demanding a ransom for the encrypted information. The use of coins in the payment of ransom is examined with regard to their anonymity and the emergence of targeting of key infrastructure and other giant entities.Tactics that can allow for minimizing the attacks’ impact are equally crucial in the fight against ransomware. Some of the extensive strategies highlighted in this article are basic cyber hygiene measures, backup and restore methodologies, and endpoint detection and prevention measures. Implementing frequent training exercises to sensitize users to the risks of ransomware attacks is underlined, as is the need to have a clearly outlined incident response procedure in case of infections to enable the speedy handling of the attacks.This paper argues that an ability to comprehend the complexity of today’s ransomware, along with multiple layers of a defense system, will help organizations improve their readiness against this adaptive and continuous threat. This paper contains an analysis of the current state of ransomware and measures that need to be taken to curb the threat posed by this cyber threat; thus, it can serve as a valuable resource to cybersecurity experts.

References

  1. Zimba, A., & Chishimba, M. (2019). Understanding the evolution of ransomware: paradigm shifts in attack structures. International Journal of computer network and information security, 11(1), 26.
  2. Aldaraani, N., & Begum, Z. (2018, April). Understanding the impact of ransomware: a survey on its evolution, mitigation and prevention techniques. In 2018 21st Saudi Computer Society National Computer Conference (NCC) (pp. 1-5). IEEE.
  3. McIntosh, T., Kayes, A. S. M., Chen, Y. P. P., Ng, A., & Watters, P. (2021). Ransomware mitigation in the modern era: A comprehensive review, research challenges, and future directions. ACM Computing Surveys (CSUR), 54(9), 1-36.
  4. Humayun, M., Jhanjhi, N. Z., Alsayat, A., & Ponnusamy, V. (2021). Internet of things and ransomware: Evolution, mitigation and prevention. Egyptian Informatics Journal, 22(1), 105-117.
  5. Oz, H., Aris, A., Levi, A., & Uluagac, A. S. (2022). A survey on ransomware: Evolution, taxonomy, and defense solutions. ACM Computing Surveys (CSUR), 54(11s), 1-37.
  6. Kapoor, A., Gupta, A., Gupta, R., Tanwar, S., Sharma, G., & Davidson, I. E. (2021). Ransomware detection, avoidance, and mitigation scheme: a review and future directions. Sustainability, 14(1), 8.
  7. Nadir, I., & Bakhshi, T. (2018, March). Contemporary cybercrime: A taxonomy of ransomware threats & mitigation techniques. In 2018 International Conference on Computing, Mathematics and Engineering Technologies (iCoMET) (pp. 1-7). IEEE.
  8. Hamad, M., & Eleyan, D. (2021). Survey on ransomware evolution, prevention, and mitigation. Int. J. Sci. Technol. Res., 10(02), 271-280.
  9. O'Kane, P., Sezer, S., & Carlin, D. (2018). Evolution of ransomware. Iet Networks, 7(5), 321-327.
  10. Muslim, A. K., Dzulkifli, D. Z. M., Nadhim, M. H., & Abdellah, R. H. (2019). A study of ransomware attacks: Evolution and prevention. Journal of Social Transformation and Regional Development, 1(1), 18-25.
  11. Alenezi, M. N., Alabdulrazzaq, H., Alshaher, A. A., & Alkharang, M. M. (2020). Evolution of malware threats and techniques: A review. International journal of communication networks and information security, 12(3), 326-337.
  12. Chaithanya, B. N. (2021). Early-stage analysis and mitigation tactics for ransomware assault exploits. Turkish Journal of Computer and Mathematics Education (TURCOMAT), 12(12), 3688-3701.
  13. Razaulla, S., Fachkha, C., Markarian, C., Gawanmeh, A., Mansoor, W., Fung, B. C., & Assi, C. (2023). The age of ransomware: A survey on the evolution, taxonomy, and research directions. IEEE Access.
  14. Jimmy, F. N. U. Understanding Ransomware Attacks: Trends and Prevention Strategies. DOI: https://doi. org/10.60087/jklst. vol2, (1), p214.
  15. Zaki, H. (2024). The Evolution, Impact, and Mitigation of Ransomware Attacks (No. 12018). EasyChair.
  16. Mohammad, A. H. (2020). Ransomware evolution, growth and recommendation for detection. Modern applied science, 14(3), 68.
  17. Shinde, R., Van der Veeken, P., Van Schooten, S., & van den Berg, J. (2016, December). Ransomware: Studying transfer and mitigation. In 2016 International Conference on Computing, Analytics and Security Trends (CAST) (pp. 90-95). IEEE.
  18. McKnight, J. (2017). The evolution of ransomware and breadth of its economic impact (Doctoral dissertation, Utica College).
  19. Jack, W., & Haider, A. (2024). Emerging Threats in Cybersecurity: an Analysis of Ransomware Attacks and Mitigation Strategies (No. 11818). EasyChair.
  20. Rains, T. (2023). Cybersecurity Threats, Malware Trends, and Strategies: Discover risk mitigation strategies for modern threats to your organization. Packt Publishing Ltd.
  21. Akhtar, S., & Akram, F. Decrypting the Threat: Understanding Ransomware Trends and Defense Tactics.
  22. Chakkaravarthy, S. S., Sangeetha, D., & Vaidehi, V. (2019). A survey on malware analysis and mitigation techniques. Computer Science Review, 32, 1-23.
  23. Hider, U. (2024). Ransomware Attacks: Evolution, Impacts, and Countermeasures (No. 11969). EasyChair.
  24. Rehman, R., Hazarika, G., & Chetia, G. (2011). Malware threats and mitigation strategies: a survey. Journal of Theoretical and Applied Information Technology, 29(2), 69-73.
  25. Baksi, R. P., & Upadhyaya, S. (2021, February). A game theoretic approach to the design of mitigation strategies for generic ransomware. In International Conference on Information Systems Security and Privacy (pp. 104-124). Cham: Springer Nature Switzerland.
  26. Gudimetla, S. R. (2022). Ransomware Prevention and Mitigation Strategies. Journal of Innovative Technologies, 5(1).
  27. Fernando, D. W., Komninos, N., & Chen, T. (2020). A study on the evolution of ransomware detection using machine learning and deep learning techniques. IoT, 1(2), 551-604.
  28. Maddireddy, B. R., & Maddireddy, B. R. (2021). Evolutionary Algorithms in AI-Driven Cybersecurity Solutions for Adaptive Threat Mitigation. International Journal of Advanced Engineering Technologies and Innovations, 1(2), 17-43.
  29. Davies, S. R., Macfarlane, R., & Buchanan, W. J. (2020). Evaluation of live forensic techniques in ransomware attack mitigation. Forensic Science International: Digital Investigation, 33, 300979.
  30. Monge, M. A. S., Vidal, J. M., & Villalba, L. J. G. (2018, August). A novel self-organizing network solution towards crypto-ransomware mitigation. In Proceedings of the 13th International Conference on Availability, Reliability and Security (pp. 1-10).
  31. Nawaz, H., & Ahmad, N. Cracking the Code: Understanding Ransomware Trends and Defense Strategies.
  32. Al-Rimy, B. A. S., Maarof, M. A., & Shaid, S. Z. M. (2018). Ransomware threat success factors, taxonomy, and countermeasures: A survey and research directions. Computers & Security, 74, 144-166.
  33. Ophoff, J., & Lakay, M. (2019). Mitigating the ransomware threat: a protection motivation theory approach. In Information Security: 17th International Conference, ISSA 2018, Pretoria, South Africa, August 15–16, 2018, Revised Selected Papers 17 (pp. 163-175). Springer International Publishing.
  34. Ahmad, H., & Akram, F. Ransomware Unveiled: Insights into Trends and Proactive Defense Tactics.
  35. Sittig, D. F., & Singh, H. (2016). A socio-technical approach to preventing, mitigating, and recovering from ransomware attacks. Applied clinical informatics, 7(02), 624-632.
  36. Beaman, C., Barkworth, A., Akande, T. D., Hakak, S., & Khan, M. K. (2021). Ransomware: Recent advances, analysis, challenges and future research directions. Computers & security, 111, 102490.
  37. Han, J. W., Hoe, O. J., Wing, J. S., & Brohi, S. N. (2017, December). A conceptual security approach with awareness strategy and implementation policy to eliminate ransomware. In Proceedings of the 2017 international conference on computer science and artificial intelligence (pp. 222-226).
  38. Makos, S., & Horrocks, I. Decrypting the Threat: Understanding Ransomware Trends and Defense Tactics.
  39. Teichmann, F., Boticiu, S. R., & Sergi, B. S. (2023). The evolution of ransomware attacks in light of recent cyber threats. How can geopolitical conflicts influence the cyber climate?. International Cybersecurity Law Review, 4(3), 259-280.
  40. Abraham, S., & Chengalur-Smith, I. (2010). An overview of social engineering malware: Trends, tactics, and implications. Technology in Society, 32(3), 183-196.
  41. Rizvi, S. M. H. (2024). Nanotechnology Applications in Enhanced Oil Recovery (EOR). Valley International Journal Digital Library, 135-143.
  42. Tatineni, S. (2018). Federated Learning for Privacy-Preserving Data Analysis: Applications and Challenges. International Journal of Computer Engineering and Technology, 9(6).
  43. Rizvi, S. M. H. (2024). Development of Sustainable Bio-Based Polymers as Alternatives to Petrochemical Plastics. Valley International Journal Digital Library, 107-124.
  44. Tatineni, S. (2019). Beyond Accuracy: Understanding Model Performance on SQuAD 2.0 Challenges. International Journal of Advanced Research in Engineering and Technology (IJARET), 10(1), 566-581.
  45. Rizvi, S. M. H. (2024). Advanced Analytical Techniques for Characterizing Petroleum-Derived Contaminants in the Environment. Valley International Journal Digital Library, 125-134.
  46. Tatineni, S. (2019). Cost Optimization Strategies for Navigating the Economics of AWS Cloud Services. International Journal of Advanced Research in Engineering and Technology (IJARET), 10(6), 827-842.
  47. Chaganti, K. R., & Chaganti, S. Deep Learning Based NLP and LSTM Models for Sentiment Classification of Consumer Tweets.
  48. Tatineni, S. (2019). Blockchain and Data Science Integration for Secure and Transparent Data Sharing. International Journal of Advanced Research in Engineering and Technology (IJARET), 10(3), 470-480.
  49. Nagesh, C., Chaganti, K. R., Chaganti, S., Khaleelullah, S., Naresh, P., & Hussan, M. (2023). Leveraging Machine Learning based Ensemble Time Series Prediction Model for Rainfall Using SVM, KNN and Advanced ARIMA+ E-GARCH. International Journal on Recent and Innovation Trends in Computing and Communication, 11(7s), 353-358.
  50. Jacob, H. (2023). Blockchain and Data Science Integration for Secure and Transparent Data Sharing. International Journal of Computer Science and Information Technology Research, 4(2), 1-9.
  51. Tatineni, S. (2023). AI-Infused Threat Detection and Incident Response in Cloud Security. International Journal of Science and Research (IJSR), 12(11), 998-1004.
  52. Chaganti, K. R., Ramula, U. S., Sathyanarayana, C., Changala, R., Kirankumar, N., & Gupta, K. G. (2023, November). UI/UX Design for Online Learning Approach by Predictive Student Experience. In 2023 7th International Conference on Electronics, Communication and Aerospace Technology (ICECA) (pp. 794-799). IEEE.
  53. Tatineni, S. (2019). Ethical Considerations in AI and Data Science: Bias, Fairness, and Accountability. International Journal of Information Technology and Management Information Systems (IJITMIS), 10(1), 11-21.
  54. JOY, L., RUH, L., & Talati, D. An Exploration of Cognitive Assistants and Their Challenges.
  55. Tatineni, S. (2020). Recommendation Systems for Personalized Learning: A Data-Driven Approach in Education. Journal of Computer Engineering and Technology (JCET), 4(2).
  56. Talati, D. V. AI Integration with Electronic Health Records (EHR): A Synergistic Approach to Healthcare Informatics December, 2023.
  57. Tatineni, S. (2021). Exploring the Challenges and Prospects in Data Science and Information Professions. International Journal of Management (IJM), 12(2), 1009-1014.
  58. Talati, D. (2023). Artificial Intelligence (Ai) In Mental Health Diagnosis and Treatment. Journal of Knowledge Learning and Science Technology ISSN: 2959-6386 (online), 2(3), 251-253.
  59. Dodiya, K., Radadia, S. K., & Parikh, D. (2024). Differential Privacy Techniques in Machine Learning for Enhanced Privacy Preservation.
  60. Talati, D. (2023). Telemedicine and AI in Remote Patient Monitoring. Journal of Knowledge Learning and Science Technology ISSN: 2959-6386 (online), 2(3), 254-255.
  61. Parikh, D., Radadia, S., & Eranna, R. K. (2024). Privacy-Preserving Machine Learning Techniques, Challenges And Research Directions. International Research Journal of Engineering and Technology, 11(03), 499.