Ransomware has emerged as an infamous malware that has not escaped a lot of
myths and inaccuracies from media hype. Victims are not sure whether or not to
pay a ransom demand without fully understanding the lurking consequences. In
this paper, we present a ransomware classification framework based on
file-deletion and file-encryption attack structures that provides a deeper
comprehension of potential flaws and inadequacies exhibited in ransomware. We
formulate a threat and attack model representative of a typical ransomware
attack process from which we derive the ransomware categorization framework
based on a proposed classification algorithm. The framework classifies the
virulence of a ransomware attack to entail the overall effectiveness of
potential ways of recovering the attacked data without paying the ransom demand
as well as the technical prowess of the underlying attack structures. Results
of the categorization, in increasing severity from CAT1 through to CAT5, show
that many ransomwares exhibit flaws in their implementation of encryption and
deletion attack structures which make data recovery possible without paying the
ransom. The most severe categories CAT4 and CAT5 are better mitigated by
exploiting encryption essentials while CAT3 can be effectively mitigated via
reverse engineering. CAT1 and CAT2 are not common and are easily mitigated
without any decryption essentials.

By admin