INTERNATIONAL JOURNAL OF SCIENTIFIC & TECHNOLOGY RESEARCH VO`LUME 10, ISSUE 02, FEBRUARY 2021 ISSN 2277-8616 271 IJSTR©2021 www.ijstr.org Survey On Ransomware Evolution, Prevention, And Mitigation Mousab Hamad, Derar Eleyan. Abstract: Ransomware transformed into a form of criminal business. malware that takes over a victim's machine or data unusable. it is booming so fast all the world, it is a dangerous threat to users‘ and corporates‘ data file. Ransomware encrypts files on an infected computer and holds the key to decrypt the files until the victim pays a ransom (this is why it is called ransomware). Ransomware is causing losses financially from hundreds of millions of dollars annually. Every year passes we observe a new version of this destructive malware. And the new versions have new technologies to bypass the defenders. In this paper, we present a brief history of ransomware, the best methods to prevent the infection, how to detect it, and how to recover from this infection. This monster has estimated financial damage of $1 billion. The fact that many Internet users appear to have no awareness of ransomware and do how to awake and protect themselves, they think that with a highly automated tool like it they won‘t be targeted because they are normal users in Cyberspace. Index Terms: Ransomware, Malware, Automated Virus, Cyberspace ———————————————————— I. INTRODUCTION Ransomware, in other words, called crypto infection, has gotten critical consideration among internet scientists over the most recent couple of years. offenders utilize this malware to take individuals' private data. The payment or request can be digital money or requests to buy from assigned stores [1]. Ransomware is built and developed to disrupt access to the data or even access to the machine itself. The attackers then exploit the victim for the recovery of the equipment or data. Ransomware displays a screen containing a message about the terms of the ransom (ransom note), and in our days. Some ransomware would go to the extent of displaying on this screen some Child pornography and highlight the threatening to the victim's life. These scary techniques are the facilitation that criminals use to make paying felt easier. [2] As known as Internet play like a double-edged sword and here the Internet and new technologies like cloud computing and digital currency such as Bitcoin and Ethereum provide the best ground for offenders especially those who are developing ransomware. The amount of money the perpetrator receives as ransom is between $300 and $700 for people and between $10,000 and $17,000 for companies [4]. According to the FBI's Cyber Crime Complaint Center, between April 2014 and June 2015, ransomware attacks caused an estimated $ 18 million in damage [5]. In many situations, the only way to retrieve the files which are is to pay the ransom even though it is not recommended. In general, [6] mentioned two types of ransomware: Locky and Crypto, Crypto ransomware uses encryption technologies to lock chosen files from user access; this is much more difficult to overcome and the harm can be permanent. Crypto ransomware is also the most common form used by cybercriminals. On the other hand, Locky ransomware locks the whole device from the user's entry point, but it is normally easy to resolve. The third form of ransomware called scareware. The third type was not considered as a type of ransomware but some researchers did count it as one. The scareware attempts to persuade the victim to buy antivirus which if it is not a fake one. It should remove the virus. All of these are included in the display message. The antivirus is non-functional malware too [7,8]. Some security mechanisms can detect ransomware based on its Activities such as File System Activities, Registry Activities, Control Management Unit, Network Operation, and Lock mechanism [9,10]. Options of heal from ransomware might not always be present because some encryption is too much Hard to crack without a decryption key even though Defense companies are consistent Develop and release an anti-ransomware program and Tools for decryption in response to the threat [10,12]. Detecting the malware early in the event of an attack is one of the important things to make the damages less than the target of the offender for both Businesses and individuals [9,10]. If anyone determined to pay the ransom. That does not inflect him from contacting the FBI. In all situations, the FBI supports all victims to report their incidents especially if it is ransomware. In 2019, the IC3 received 2,047 complaints identified as ransomware with adjusted losses of over $8.9 million [37]. In this paper, the evolution of ransomware attacks stated to enterprises and individuals is stated. and recommend Prevention strategies and describing the best practices. We elaborate on the financial impact of the different categories of ransomware information systems and recommend mitigation strategies. The remainder of the paper is structured as follows: Section II introduces the literature review. Section III consists of detection and prevention techniques of the ransomware. Section IV discusses the ransomware lifecycle. Section V discusses the mitigation strategies and best recovering methods. The Related works are discussed in Section VI. and the conclusion is described in Section VII. II. LITERATURE REVIEW 1. Ransomware Evolution Ransomware isn't a new idea, the first ransomware that showed up in 1989 was named the PC CYBORG (Helps) Trojan. Joseph Popp evolved the first ransomware program in 1989, with the name of the bad diseases in that time. ‗AIDS‘ (PC Cyborg) which was treated and considered as a Trojan. Floppy discs were used to spread this Trojan. Once the floppy disc is inserted into the machine, the AIDS program encrypted ________________________  Mousab Hamad, Applied Computing Department, Faculty of Applied Science, Palestine Technical University Kadoorie, Tulkarem, Palestine.  Derar Eleyan, Associate Professor in Information Systems, Applied Computing Department, Faculty of Applied  Science, Palestine Technical University Kadoorie, Tulkarem, Palestine