Paper 2020/1610

New directions in the ransomware phenomenon

Mihai-Andrei Costandache, Marian-Stefan Mihalache, and Emil Simion


Ransomware is a type of malware that blocks an user’s access to files and requests him/her a ransom. The main approach of an attacker is to encrypt the user’s files and give him/her the decrypting tool only after he/she pays the requested amount of money. The payment is usually done in difficult to trace currencies. In this paper, we provide a review of the ransomware phenomenon, making a clear distinction between the threats before and after WannaCry (which appeared in May 2017). Initially, we give two taxonomy examples from the literature and one designed by us. The first two taxonomies use ”Platform”, ”Cryptosystem”/”Crypto”, ”Severity”, ”Attack” and ”Target” as criteria (the terms appear in one of them or both), but we have chosen ”Target Zone”, ”Propagation”, ”Payment” and ”Weakness”. We further describe/compare ransomware programs, taking into account several aspects including how they work (e.g., encryption methods), whom they target (e.g., individuals/organizations), what impact they have and what weaknesses can be used to provide countermeasures (besides the general prevention techniques that we mention briefly).

Available format(s)
Publication info
Preprint. MINOR revision.
Contact author(s)
mihai constandache @ info uaic ro
marian mihalache @ info uaic ro
emil simion @ upb ro
2020-12-29: received
Short URL
Creative Commons Attribution


      author = {Mihai-Andrei Costandache and Marian-Stefan Mihalache and Emil Simion},
      title = {New directions in the ransomware phenomenon},
      howpublished = {Cryptology ePrint Archive, Paper 2020/1610},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.