Modern ransomware: Evolution, methodology, attack model, prevention and mitigation using multi‐tiered approach

Abstract

AbstractRansomware is a menace to the vibrant digital ecosystem. The exponential growth in ransomware attacks, its detrimental impacts, and the ever‐changing methods adopted by threat actor groups demands a focused understanding of the evolution of ransomware. This would help the organizations devise novel defensive frameworks and security controls against the modern ransomware. In this work, the impacts and evolution of ransomware through different phases up to its current form are detailed. Further, based on the study and analysis of the most prevalent modern ransomware variants, their most used tactics, techniques and procedures (TTPs) are identified as per the MITRE ATT&CK model. This acts as a platform to propose a generic attack model for “modern ransomware.” Building on the existing MITRE mitigation, D3FEND‐based approaches and considering the resource and budget constraints of organizations, a simplified three‐tier defensive model that is cost‐effective and implementable is put forward. Thus, this work aims to open avenues for understanding the TTPs, and attack methodology of “modern ransomware,” thereby developing feasible and implementable defensive security controls.