*2.1. Ransomware*

Ransomware is defined as a form of malware that prevents users from accessing their resources and files either by encryption or blockage until a ransom is rendered to restore access to infected files. It provides a means for money-based extortion that affects both individuals and organizations [11]. It is a piece of software designed and implemented by cybercriminals to gain access to legitimate users without their knowledge and to perform malicious activities such stealing sensitive data and asking for a ransom. Due to a lack of proper technical background with little knowledge of how to preserve their data, short of making necessary file backups, some users, especially naive ones, end up paying ransom to restore access to their files. This ultimately leads cybercriminals and attackers to gain more significant revenues and helps to make this an opportunity for thriving businesses [12].

In 1989, the first ransomware attack was reported when infected floppy disks with AIDS Trojan were distributed amongs<sup>t</sup> biologists. The malware encrypted all the victims' system files with a ransom of USD 189 to undo the damage. The earliest variants of Ransomware were developed in 1980 [13]. Ransom was paid via postal mail. Today, ransomware authors order that paymen<sup>t</sup> is rendered via credit cards or cryptocurrency such as bitcoin [14].

In recent years there has been an increasing proliferation rate of different types of ransomware families that are spread like a worm, which involve advanced recoveryprevention schemes. This impacts home users, organizations, and the infrastructures of vital governmental establishments around the world [11].

WannaCry and Petaya [8] are examples of recent Ransomware which spreads through insecure compromised websites, exploiting weaknesses inherent in Microsoft Windows. On 12 May 2017, WannaCry was first observed as part of massive attacks over multiple countries [15]. These attacks affected many vital sectors, including governmen<sup>t</sup> organizations and the healthcare and telecommunications sectors. WannaCry is an example of crypto Ransomware that is based on public-key cryptography; something that is rather challenging to mitigate or recover from, as the encryption keys are stored on a remote command and control server (C&C). In the following subsections, we explain the ransomware lifecycle and main ransomware categories:
