THE EVOLUTION AND MITIGATION OF RANSOMWARE: TECHNIQUES, TACTICS AND RESPONSE STRATEGIES

Ehigiator  Egho-Promise; George  Asante; Hewa  Balisane; Adeyinka Oluwabusayo Abiodun; Abdulrahman  Salih; Folayo  Aina; Halima Kure

doi:10.29121/granthaalayah.v13.i9.2025.6361

Authors

Ehigiator Egho-Promise Department of Computing, University College Birmingham, United Kingdom https://orcid.org/0000-0001-8948-1813
George Asante Department of Information Technology Education, Akenten Appiah-Menka University of Skills Training and Entrepreneurial Development, Kumasi, Ghana
Hewa Balisane Business School, The University of Law, United Kingdom.
Adeyinka Oluwabusayo Abiodun Africa Centre of Excellence on Technology Enhanced Learning, National Open University of Nigeria Abuja
Abdulrahman Salih Northumbria University London, Department of Computer and Information Science
Folayo Aina Department of Computing, School of Engineering and Computing, University of Central Lancashire, United Kingdom
Halima Kure Department of Engineering & Computing, University of East London

DOI:

https://doi.org/10.29121/granthaalayah.v13.i9.2025.6361

Keywords:

Ransomware, Malware, Mitigation, Response Strategies, Tactics, Evolution

Abstract [English]

Ransomware is still one of the most current and dangerous types of malware on the internet. Ransomware is detrimental in its impact towards both personal and corporate entities, while its consequences are often financially and operationally disastrous. This paper focuses on analysing the ransomware threat capabilities and trends during the last ten years and how cybercriminals have updated their approaches to the threat. The research explores the evolution of ransomware, such as the ransomware-as-a-service (raas), second-stage extortion schemes, sophisticated encryption, and obfuscation techniques. Further, the study measures present-day mitigation measures like endpoint protection, employee training, and incident response systems and defines unmet needs in the present defensive measures. While the paper evaluates cases where organisations have successfully enacted response strategies, organization must ensure proactivity, backed-up presence and effective cybersecurity policies. In addition, the study expects future developments in ransomware attacks to involve artificial intelligence tools to enhance the strategies and attacks towards the key areas of interest, such as the healthcare and energy sectors. The study highlights the necessity for effective legal measures to counter the work of ransomware actors who operate internationally and offers improvements to the policy and defence measures.

Downloads

Download data is not yet available.

References

Alshaikh, H., Ramadan, N., & Hefny, H. A. (2020). Ransomware Prevention and Mitigation Techniques. International Journal of Computer Applications, 177(40), 31–39. https://doi.org/10.5120/ijca2020919899 DOI: https://doi.org/10.5120/ijca2020919899

Chen, Q., & Bridges, R. A. (2017, December). Automated Behavioral Analysis of Malware: A Case Study of WannaCry Ransomware. In 2017 16th IEEE International Conference on Machine Learning and Applications (ICMLA) (454–460). IEEE. https://doi.org/10.1109/ICMLA.2017.0-119 DOI: https://doi.org/10.1109/ICMLA.2017.0-119

Chidukwani, A., Zander, S., & Koutsakis, P. (2022). A Survey on the Cybersecurity of Small-To-Medium Businesses: Challenges, Research Focus and Recommendations. IEEE Access, 10, 85701–85719. https://doi.org/10.1109/ACCESS.2022.3197899 DOI: https://doi.org/10.1109/ACCESS.2022.3197899

Conti, M., Gangwal, A., & Ruj, S. (2018). On the Economic Significance of Ransomware Campaigns: A Bitcoin Transactions Perspective. Computers & Security, 79, 162–189. https://doi.org/10.1016/j.cose.2018.08.008 DOI: https://doi.org/10.1016/j.cose.2018.08.008

Duraibi, S., Kaur, C., & Pawar, A. B. (2023, December). Cyber Extortion Unveiled: The Evolution, Tactics, Challenges, and Future of Ransomware. In 2023 International Conference on Computational Science and Computational Intelligence (CSCI) (861–867). IEEE. https://doi.org/10.1109/CSCI62032.2023.00144 DOI: https://doi.org/10.1109/CSCI62032.2023.00144

Farion-Melnyk, A., Rozheliuk, V., Slipchenko, T., Banakh, S., Farion, M., & Bilan, O. (2021). Ransomware Attacks: Risks, Protection, and Prevention Measures. In 2021 11th International Conference on Advanced Computer Information Technologies (ACIT) (473–478). IEEE. https://doi.org/10.1109/ACIT52158.2021.9548507 DOI: https://doi.org/10.1109/ACIT52158.2021.9548507

Jenkinson, A. (2022). Ransomware and Cybercrime. CRC Press. https://doi.org/10.1201/9781003278214 DOI: https://doi.org/10.1201/9781003278214

Mos, M. A., & Chowdhury, M. M. (2020). The Growing Influence of Ransomware. In 2020 IEEE International Conference on Electro Information Technology (EIT) (643–647). IEEE. https://doi.org/10.1109/EIT48999.2020.9208254 DOI: https://doi.org/10.1109/EIT48999.2020.9208254

O'Kane, P., Sezer, S., & Carlin, D. (2018). Evolution of Ransomware. IET Networks, 7(5), 321–327. https://doi.org/10.1049/iet-net.2017.0207 DOI: https://doi.org/10.1049/iet-net.2017.0207

Berrueta, E., Morato, D., Magana, E., & Izal, M. (2019). A Survey on Detection Techniques for Cryptographic Ransomware. IEEE Access, 7, 144925–144944. https://doi.org/10.1109/ACCESS.2019.2945839 DOI: https://doi.org/10.1109/ACCESS.2019.2945839

Alenezi, M. N., Alabdulrazzaq, H., Alshaher, A. A., & Alkharang, M. M. (2020). Evolution of Malware Threats and Techniques : A Review. International Journal of Communication Networks and Information Security, 12(3), 326–337. https://doi.org/10.17762/ijcnis.v12i3.4723 DOI: https://doi.org/10.17762/ijcnis.v12i3.4723

Ryan, M. (2020). The Ransomware Revolution : How Emerging Encryption Technologies Created a Prodigious Cyber Threat (Doctoral dissertation, UNSW Sydney).

Ucci, D., Aniello, L., & Baldoni, R. (2019). Survey of Machine Learning Techniques for Malware Analysis. Computers & Security, 81, 123–147. https://doi.org/10.1016/j.cose.2018.11.001 DOI: https://doi.org/10.1016/j.cose.2018.11.001

Hacquebord, F., Hilt, S., & Sancho, D. (2022). The Near and Far Future of Ransomware Business Models. Trend Micro Research.

Lee, K., Lee, S.-Y., & Yim, K. (2019). Machine Learning-Based File Entropy Analysis for Ransomware Detection in Backup Systems. IEEE Access, 7, 110205–110215. https://doi.org/10.1109/ACCESS.2019.2931136 DOI: https://doi.org/10.1109/ACCESS.2019.2931136

Nagar, G. (2024). The Evolution of Ransomware: Tactics, Techniques, and Mitigation Strategies. Valley International Journal Digital Library, 1282–1298. https://doi.org/10.18535/ijsrm/v12i06.ec09 DOI: https://doi.org/10.18535/ijsrm/v12i06.ec09

Yaqoob, I., Ahmed, E., ur Rehman, M. H., Ahmed, A. I. A., Al-Garadi, M. A., Imran, M., & Guizani, M. (2017). The Rise of Ransomware and Emerging Security Challenges in the Internet of Things. Computer Networks, 129, 444–458. https://doi.org/10.1016/j.comnet.2017.09.003 DOI: https://doi.org/10.1016/j.comnet.2017.09.003

Wang, Z., Liu, C., Qiu, J., Tian, Z., Cui, X., & Su, S. (2018). Automatically Traceback RDP‐based Targeted Ransomware Attacks. Wireless Communications and Mobile Computing, 2018(1), 7943586. https://doi.org/10.1155/2018/7943586 DOI: https://doi.org/10.1155/2018/7943586

Szücs, V., Arányi, G., & Dávid, Á. (2021). Introduction of the ARDS-Anti-Ransomware Defense System Model Based on The Systematic Review of Worldwide Ransomware Attacks. Applied Sciences, 11(13), 6070. https://doi.org/10.3390/app11136070 DOI: https://doi.org/10.3390/app11136070

McIntosh, T., Kayes, A. S. M., Chen, Y. P. P., Ng, A., & Watters, P. (2021). Ransomware Mitigation in the Modern Era: A Comprehensive Review, Research Challenges, and Future Directions. ACM Computing Surveys (CSUR), 54(9), 1–36. https://doi.org/10.1145/3479393 DOI: https://doi.org/10.1145/3479393

Chittooparambil, H. J., Shanmugam, B., Azam, S., Kannoorpatti, K., Jonkman, M., & Samy, G. N. (2019). A Review of Ransomware Families and Detection Methods. In Recent Trends in Data Science and Soft Computing: Proceedings of the 3rd International Conference of Reliable Information and Communication Technology (IRICT 2018) (pp. 588–597). Springer International Publishing. https://doi.org/10.1007/978-3-319-99007-1_55 DOI: https://doi.org/10.1007/978-3-319-99007-1_55

Ganguli, P. (2024). The Rise of Cybercrime-as-a-Service : Implications and Countermeasures. SSRN. https://doi.org/10.2139/ssrn.4959188 DOI: https://doi.org/10.2139/ssrn.4959188

Kang, Q., & Gu, Y. (2023). A Survey on Ransomware Threats: Contrasting Static and Dynamic Analysis Methods. Preprints. https://doi.org/10.20944/preprints202311.0798.v1 DOI: https://doi.org/10.20944/preprints202311.0798.v1

Meurs, T., Cartwright, E., Cartwright, A., Junger, M., & Abhishta, A. (2024). Deception in Double Extortion Ransomware Attacks: An Analysis of Profitability and Credibility. Computers & Security, 138, 103670. https://doi.org/10.1016/j.cose.2023.103670 DOI: https://doi.org/10.1016/j.cose.2023.103670

O'Meara, M. M. K., & Parisi, A. (2020). Current Ransomware Threats. https://apps.dtic.mil/sti/trecms/pdf/AD1110335.pdf

Kapoor, A., Gupta, A., Gupta, R., Tanwar, S., Sharma, G., & Davidson, I. E. (2021). Ransomware Detection, Avoidance, and Mitigation Scheme: A Review and Future Directions. Sustainability, 14(1), 8. https://doi.org/10.3390/su14010008 DOI: https://doi.org/10.3390/su14010008

Cappello, M. (2024). A Comprehensive Analysis of EDR (Endpoint Detection and Response), EPP (Endpoint Protection Platform), and Antivirus Security Technologies (Master’s Thesis, Πανεπιστήμιο Πειραιώς).

Kaur, H., & Tiwari, R. (2021, November). Endpoint Detection and Response Using Machine Learning. In Journal of Physics: Conference Series (2062, 1, 012013). IOP Publishing. https://doi.org/10.1088/1742-6596/2062/1/012013 DOI: https://doi.org/10.1088/1742-6596/2062/1/012013

Prince, N. U., Al Mamun, M. A., Basfar, R., Wadho, S. A., Asim, M. M., Rabby, S. M. A. H., & Ali, S. (2024). Strengthening Enterprise Cybersecurity: A Survey on Ransomware Mitigation and Recovery Strategies. Nanotechnology Perceptions, 446–462.

Silverman, R. (2016). Surely, we'll Need Backups. Preservation, Digital Technology & Culture, 45(3), 102–121. https://doi.org/10.1515/pdtc-2016-0013 DOI: https://doi.org/10.1515/pdtc-2016-0013

Rudd, E. M., Rozsa, A., Günther, M., & Boult, T. E. (2016). A Survey of Stealth Malware Attacks, Mitigation Measures, and Steps Toward Autonomous Open World Solutions. IEEE Communications Surveys & Tutorials, 19(2), 1145–1172. https://doi.org/10.1109/COMST.2016.2636078 DOI: https://doi.org/10.1109/COMST.2016.2636078

Ahmad, A., Maynard, S. B., Desouza, K. C., Kotsias, J., Whitty, M. T., & Baskerville, R. L. (2021). How Can Organizations Develop Situation Awareness for Incident Response: A Case Study of Management Practice. Computers & Security, 101, 102122. https://doi.org/10.1016/j.cose.2020.102122 DOI: https://doi.org/10.1016/j.cose.2020.102122

Skopik, F., Settanni, G., & Fiedler, R. (2016). A Problem Shared is a Problem Halved: A Survey on the Dimensions of Collective Cyber Defense Through Security Information Sharing. Computers & Security, 60, 154–176. https://doi.org/10.1016/j.cose.2016.04.003 DOI: https://doi.org/10.1016/j.cose.2016.04.003

Mierzwa, S., Drylie, J., & Bogdan, D. (2022). Ransomware Incident Preparations With Ethical Considerations and Command System Framework Proposal. Journal of Leadership, Accountability and Ethics, 19(2), 110. https://doi.org/10.33423/jlae.v19i2.5112 DOI: https://doi.org/10.33423/jlae.v19i2.5112

Lubin, A. (2022). The Law and Politics of Ransomware. Vanderbilt Journal of Transnational Law, 55, 1177.

Al-Hawamleh, A. (2024). Cyber Resilience Framework: Strengthening Defenses and Enhancing Continuity in Business Security. International Journal of Computing and Digital Systems, 15(1), 1315–1331. https://doi.org/10.12785/ijcds/150193 DOI: https://doi.org/10.12785/ijcds/150193

Jakka, G., Yathiraju, N., & Ansari, M. F. (2022). Artificial Intelligence in Terms of Spotting Malware and Delivering Cyber Risk Management. Journal of Positive School Psychology, 6(3), 6156–6165.

Nguyen, C., Jensen, M., & Day, E. (2023). Learning Not to Take The Bait: A Longitudinal Examination of Digital Training Methods and Overlearning on Phishing Susceptibility. European Journal of Information Systems, 32(2), 238–262. https://doi.org/10.1080/0960085X.2021.1931494 DOI: https://doi.org/10.1080/0960085X.2021.1931494

Alraizza, A., & Algarni, A. (2023). Ransomware Detection Using Machine Learning: A Survey. Big Data and Cognitive Computing, 7(3), 143. https://doi.org/10.3390/bdcc7030143 DOI: https://doi.org/10.3390/bdcc7030143

Begovic, K., Al-Ali, A., & Malluhi, Q. (2023). Cryptographic Ransomware Encryption Detection: Survey. Computers & Security, 132, 103349. https://doi.org/10.1016/j.cose.2023.103349 DOI: https://doi.org/10.1016/j.cose.2023.103349

Md Sultan, A., Bakar, A., Abdul Ghani, A. A., Mohd Ali, N., & Admodisastro, N. (2020). Hybrid Obfuscation Technique to Protect Source Code from Prohibited Software Reverse Engineering. IEEE Access, 8, 187326–187342. https://doi.org/10.1109/ACCESS.2020.3028428 DOI: https://doi.org/10.1109/ACCESS.2020.3028428

Kara, I. (2022). Fileless malware threats: Recent Advances, Analysis Approach Through Memory Forensics, and Research Challenges. Expert Systems with Applications, 214, 119133. https://doi.org/10.1016/j.eswa.2022.119133 DOI: https://doi.org/10.1016/j.eswa.2022.119133

Kibet, A., Esquivel, R., & Esquivel, J. (2022). Ransomware : Ransomware as a Service (RaaS), Methods to Detect, Prevent, Mitigate and Future Direction. Journal of Emerging Technologies and Innovative Research, 9(11), b264–b278.

Alkhalil, Z., Hewage, C., Nawaf, L., & Khan, I. (2021). Phishing attacks: A Recent Comprehensive Study and a New Anatomy. Frontiers in Computer Science, 3. https://doi.org/10.3389/fcomp.2021.563060 DOI: https://doi.org/10.3389/fcomp.2021.563060

Hopkins, M., & Dehghantanha, A. (2017). Exploit kits: The Production Line of the Cybercrime Economy. arXiv preprint. https://doi.org/10.1109/InfoSec.2015.7435501 DOI: https://doi.org/10.1109/InfoSec.2015.7435501

Vitla, S. (2024). Unsecured Remote Desktop Protocol (RDP) access: A Gateway for Ransomware Attacks and Corporate Extortion. Journal of Computer Science and Technology Studies, 6(2), 150–165. https://doi.org/10.32996/jcsts.2024.6.2.17 DOI: https://doi.org/10.32996/jcsts.2024.6.2.17

Trautman, L., & Ormerod, P. (2018). WannaCry, Ransomware, and the Emerging Threat to Corporations. SSRN Electronic Journal. https://doi.org/10.2139/ssrn.3238293 DOI: https://doi.org/10.2139/ssrn.3238293

Warikoo, A. (2023). Perspective Chapter: Ransomware. In IntechOpen. https://doi.org/10.5772/intechopen.108433 DOI: https://doi.org/10.5772/intechopen.108433

Hillman, D., Harel, Y., & Toch, E. (2023). Evaluating Organizational Phishing Awareness Training on an Enterprise Scale. Computers & Security, 132, 103364. https://doi.org/10.1016/j.cose.2023.103364 DOI: https://doi.org/10.1016/j.cose.2023.103364

Balisane, H., Egho-Promise, E., Lyada, E., Aina, F., Sangodoyin, A., & Kure, H. (2024). The Effectiveness of a Comprehensive Threat Mitigation Framework in Networking: A Multi-Layered Approach to Cybersecurity. International Research Journal of Computer Science, 11(6), 529–538. https://doi.org/10.26562/irjcs.2024.v1106.03 DOI: https://doi.org/10.26562/irjcs.2024.v1106.03

Almulla, Z., & Rahman, H. (2025). The Role of Network Segmentation and Micro-Segmentation in Operational Technology Security. In Proceedings of the ICAIIC 2025 (pp. 342–347). IEEE. https://doi.org/10.1109/ICAIIC64266.2025.10920695 DOI: https://doi.org/10.1109/ICAIIC64266.2025.10920695

Connolly, Y. A., & Wall, D. (2019). The Rise of Crypto-Ransomware in a Changing Cybercrime Landscape: Taxonomising Countermeasures. Computers & Security, 87, 101568. https://doi.org/10.1016/j.cose.2019.101568 DOI: https://doi.org/10.1016/j.cose.2019.101568

Samonte, M. J., Jose, M. Z., Sandoval, M., & De Luna, J. M. (2024). Exploring Data Breach Prevention Strategies in Real-Time Systems Integration and Architecture in the Healthcare Industry. In Proceedings of the 2024 12th International Conference on Computer and Communications Management (ICCCM '24) (pp. 155–163). Association for Computing Machinery. https://doi.org/10.1145/3688268.3688291 DOI: https://doi.org/10.1145/3688268.3688291

Albshaier, L., Budokhi, A., & Aljughaiman, A. (2024). A Review of Security Issues when Integrating IoT with Cloud Computing and Blockchain. IEEE Access, 12, 109560–109595. https://doi.org/10.1109/ACCESS.2024.3435845 DOI: https://doi.org/10.1109/ACCESS.2024.3435845

Pour, M. S., Nader, C., Friday, K., & Bou-Harb, E. (2023). A Comprehensive Survey of Recent Internet Measurement Techniques for Cybersecurity. Computers & Security, 128, 103123. https://doi.org/10.1016/j.cose.2023.103123 DOI: https://doi.org/10.1016/j.cose.2023.103123

Egho-Promise, E., Idahosa, S., Asante, G., & Okungbowa, A. (2024). Digital Forensic Investigation Standards in Cloud Computing. Universal Journal of Computer Sciences and Communications, 3(1), 23–45. https://doi.org/10.31586/ujcsc.2024.923 DOI: https://doi.org/10.31586/ujcsc.2024.923

Thomas, J. E., & Galligher, G. C. (2018). Improving Backup System Evaluations in Information Security Risk Assessments to Combat Ransomware. Computer and Information Science, 11(1), 14–25. https://doi.org/10.5539/cis.v11n1p1 DOI: https://doi.org/10.5539/cis.v11n1p14

Egho-Promise, E. I., Asante, G., Balisane, H., Salih, A., Aina, F., Kure, H., & Gavua, E. K. (2025). Leveraging Artificial Intelligence For Predictive Cybersecurity: Enhancing Threat Forecasting and Vulnerability Management. International Journal of Innovative Research in Advanced Engineering, 12(2), 68–79. https://doi.org/10.26562/ijirae.2025.v1202.01 DOI: https://doi.org/10.26562/ijirae.2025.v1202.01

Ferdous, J., Islam, M. R., Mahboubi, A., & Islam, M. (2024). AI-Based Ransomware Detection: A Comprehensive Review. IEEE Access, 12, 136666–136695. https://doi.org/10.1109/ACCESS.2024.3461965 DOI: https://doi.org/10.1109/ACCESS.2024.3461965

Egho-Promise, E., Lyada, E., Asante, G., & Aina, F. (2024). Towards Improved Vulnerability Management in Digital Environments: A Comprehensive Framework for Cybersecurity Enhancement.

Connolly, A. Y., & Borrion, H. (2022). Reducing Ransomware Crime: Analysis of Victims' Payment Decisions. Computers & Security, 119, 102760. https://doi.org/10.1016/j.cose.2022.102760 DOI: https://doi.org/10.1016/j.cose.2022.102760

Bajwa, J., Munir, U., Nori, A., & Williams, B. (2021). Artificial Intelligence in Healthcare: Transforming the Practice of Medicine. Future Healthcare Journal, 8(2), e188–e194. https://doi.org/10.7861/fhj.2021-0095 DOI: https://doi.org/10.7861/fhj.2021-0095

Wang, L., Wei, X., Zhang, Y., Gao, Y., & Niu, Q. (2023). A Double Encryption Protection Algorithm for Stem Cell Bank Privacy Data Based on Improved Aes and Chaotic Encryption Technology. PLoS ONE, 18(10), e0293418. https://doi.org/10.1371/journal.pone.0293418 DOI: https://doi.org/10.1371/journal.pone.0293418

Sharma, A., Babbar, H., & Vats, A. K. (2024). Enhanced Ransomware Detection Using Gradient Boosting Algorithms: A Cybersecurity Dataset Approach. In 2024 5th IEEE Global Conference for Advancement in Technology (GCAT) (pp. 1–5). IEEE. https://doi.org/10.1109/GCAT62922.2024.10923841 DOI: https://doi.org/10.1109/GCAT62922.2024.10923841

Hicks, A. (2023). SoK : Log-Based Transparency Enhancing Technologies. arXiv preprint arXiv :2305.01378.