Abstract

An ever-increasing number of Internet-enabled devices over the past decade have highlighted the requirement for robust cybersecurity primitives to effectively deal with contemporary forms of cybercrime. Among the recent cybercrime threat canvass, ransomware has come to limelight as a prominent form of crypto-virus, aiming to hamper everyday user device operation through unsolicited encryption of device data. The perpetrators on successfully encrypting user data, require a payment or ransom, often in the form of digital currencies to furnish a decryption key. Depending on the urgency and criticality of data restoration, both novice users as well as corporate organizations have been observed to pay significant compensations for reinstating normal operation, often without any post-payment assurances. The present paper seeks to review the history and recent evolution of ransomware attacks, providing a detailed taxonomic classification of the inherent attack vectors and currently available mitigation techniques. Furthermore, preventive recommendations are discussed to aid users and organizations in securing devices against ransomware threats. Finally, financial and long-term implications of making ransom payments, along with online resources made available by security and law-enforcement concerns are overviewed to increase end user awareness and equip them against this increasingly successful form of recent cybercrime.