Computer Engineering and Intelligent Systems

Ransomware has become a form of electronic warfare and cybercrime, which is increasing day by day due to the large revenue of money it has generated, which estimated at millions of dollars. The act of paying or refusing it also poses another challenge to the countries and organizations, as their laws and regulations say not to pay the extortionists, but in return, to the needs of these organizations for their data, it will respond to the blackmailers and pay the ransom, which encouraged the extortionists to produce much dangerous ransomware.A part of the results in this paper includes the timeline for the most ransomware that appeared in 2019, such that the paper listed nine ransomware this year, started by (Mega Cortex) which appeared in January 2019, and ended by (Double Extortion) which appeared in November from the same year. In addition, the study found that: most of the ransomware uses a combination of three algorithms, like REvil and NetWalker, which use (RSA-2048, ECDH, and Chacha20) algorithms, while most of the ransomware jointly uses the RSA & AES algorithms. In addition, the paper pointed out that: REvil and LockBit2.0 have the largest amounts of ransoms, which is ($50) million for each one, instead (DoppelPaymer) has the lowest ransom which is ($1.2) million. While CLOP, REvil, and LockBit2.0 are the most dangerous ransomware in 2019, because of their wide separation and attacks in many countries in Europe, Asia, and USA.

Keywords: Cyberattack, Ransomware, Ransom, Encryption, AES, RSA, RC4

DOI: 10.7176/CEIS/10-1-02

Publication date:September 30^th 2023