Software Engineering Institute

Ransomware continues to be a grave security threat to both organizations and individual users. The increased sophistication in ransomware design provides enhanced accessibility and distribution capabilities that enable attackers of all types to employ this malicious tool. This report discusses ransomware, including an explanation of its design, distribution, execution, and business model. Additionally, the report provides a detailed discussion of encryption methods and runtime activities, as well as indicators that are useful in their detection and mitigation.

Ransomware has evolved into a sophisticated tool that is usable by even non-technical persons and has multiple variants offered as Ransomware as a Service (RaaS). RaaS decreases the risk for ransomware authors, since they do not perform attacks, and reduces the affiliates' cost to mount attacks. Additionally, as of 2019, some ransomware families have started threatening public disclosure of a victim’s sensitive data if they do not pay a ransom and are following through with the threat. This report recommends both proactive and reactive approaches that help avoid having to pay a ransom and minimize the loss of data.