A behavioural in-depth analysis of ransomware infection

Ransomware is a type of malware that has spread rapidly over the last 4 years, causing significant damage, especially in Windows environments. It is designed to encrypt or block victim's data, including documents, backups, and databases, unless a ransom is paid. In this study, the authors present the results of their research on Windows crypto-ransomware during the last 3 years by exploring and discussing the relevant ransomware behaviours. The results of this study can be used to identify or to detect the ransomware. Indeed, these behaviours were extracted from in-depth manual analysis of more than 20 ransomware families, including the known and the recent families. In addition, some extracted behaviours were automatically searched for more than 200 different ransomware collected during 2019.