**1. Introduction**

Ransomware attacks have emerged as one of the most prominent cyberattacks in the last 5 years affecting organizations globally. The Verizon Data Breach Investigation Report (DBIR) 2021 states that 37% of global organizations said that they were hit by ransomware [1]. The world saw a 151% year-on-year increase in the number of ransomware attacks by mid-2021 [2].

Ransomware is a family of malware that is designed to block or limit victims from accessing their system by either locking the system's screen or encrypting files on a system until ransom is paid. Ransom operators demand the victim to pay the ransom in crypto, usually, bitcoin.

Ransomware variants are of two types—encryptors and lockers [3]. The encrypting ransomware encrypts the files on the victim's machine and demands a ransom for the decryption key. On the other hand, lockers do not encrypt the file but lock the victim's system so that the files are inaccessible.

Ransomware tactics and techniques have evolved considerably over the years. The evolution of ransomware can be broken down into three key timeframes: pre-2014, between 2015 and 2017, and post-2017. During the pre-2014 era, ransomware attacks were widespread but random with a very low ransom demand. Post-2015, attackers started deploying ransomware post-exploitation. This shift reduced the number of victims that an attacker could exploit, but this gave operators much more control over ransomware deployment. This enabled targeted and successful encryption of files on the victim's network and justified demands for a higher ransom. Led to the rise

of targeted attacks that were highly successful leading to a higher ransom demand. Post-2017, the ransomware threat landscape witnessed the emergence of ransomware as a service (RaaS) and big game hunting (BGH). Big game hunting refers to when attackers leverage ransomware to target large and high-value organizations [4].

Subsequent sections highlight a brief history on ransomware, how ransomware is distributed, high-profile ransomware groups, and how to prevent, defend, and respond to ransomware attacks.
