{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,23]],"date-time":"2026-02-23T23:10:21Z","timestamp":1771888221835,"version":"3.50.1"},"reference-count":40,"publisher":"Association for Computing Machinery (ACM)","issue":"05","license":[{"start":{"date-parts":[[2025,4,29]],"date-time":"2025-04-29T00:00:00Z","timestamp":1745884800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Commun. ACM"],"published-print":{"date-parts":[[2025,5]]},"abstract":"The evolution of ransomware reflects a shift toward a relative maturity and professionalization of the tactics, techniques, and procedures most used to conduct attacks.<\/jats:title>","DOI":"10.1145\/3697829","type":"journal-article","created":{"date-parts":[[2025,4,24]],"date-time":"2025-04-24T14:28:34Z","timestamp":1745504914000},"page":"36-47","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["Ransomware: Extortion Is My Business"],"prefix":"10.1145","volume":"68","author":[{"ORCID":"https:\/\/orcid.org\/0009-0002-8262-3887","authenticated-orcid":false,"given":"Jean-Yves","family":"Marion","sequence":"first","affiliation":[{"name":"University of Lorraine, LORIA (University of Lorraine, CNRS), Nancy, Grand Est, France"}]}],"member":"320","published-online":{"date-parts":[[2025,4,29]]},"reference":[{"key":"e_1_3_1_2_2","unstructured":"Aggressive Qakbot campaign and the Black Basta ransomware group targeting U.S. companies. Cybereason (Nov. 2022); https:\/\/tinyurl.com\/2b9b88l6"},{"key":"e_1_3_1_3_2","doi-asserted-by":"crossref","unstructured":"Bajpai P. and Enbody R. Know thy ransomware response: A detailed framework for devising effective ransomware response strategies. Digital Threats: Research and Practice 4.4 (Oct. 20 2023) 57:1\u201357:19.","DOI":"10.1145\/3606022"},{"key":"e_1_3_1_4_2","unstructured":"Bing C. Exclusive. U.S. to give ransomware hacks similar priority as terrorism. Reuters (June 3 2021); https:\/\/tinyurl.com\/29r63ln3"},{"key":"e_1_3_1_5_2","unstructured":"Burgess M. Leaked ransomware docs show Conti helping Putin from the shadows. Wired UK (Mar. 18 2022); https:\/\/tinyurl.com\/2yt89rms"},{"key":"e_1_3_1_6_2","unstructured":"Conti cyberattack on the HSE independent post incident review. PricewaterhouseCoopers (Dec. 3 2021); https:\/\/tinyurl.com\/23uermws."},{"key":"e_1_3_1_7_2","unstructured":"Culafi A. Mandiant: Compromised Colonial Pipeline password was reused. TechTarget (Jan. 2021); https:\/\/tinyurl.com\/27d8hrkc"},{"key":"e_1_3_1_8_2","unstructured":"Cyber Threat Overview. ANSSI; https:\/\/tinyurl.com\/2bcaqgb6"},{"key":"e_1_3_1_9_2","volume-title":"Data Breach Investigations Report","year":"2024","unstructured":"Data Breach Investigations Report. Verizon (2024)."},{"key":"e_1_3_1_10_2","unstructured":"Elsad A. Gumarin J.R. and Barr A. LockBit 2.0: How this RaaS operates and how to protect against it. Unit42 (June 2022); https:\/\/tinyurl.com\/27ognn9m"},{"key":"e_1_3_1_11_2","unstructured":"Goddard J. ProxyNoShell: A change in tactics exploiting ProxyShell vulnerabilities. Mandiant (Nov.2021); https:\/\/tinyurl.com\/22mohpx2."},{"key":"e_1_3_1_12_2","unstructured":"Howell C.J. and Maimon D. Darknet markets generate millions in revenue selling stolen personal data supply chain study finds. The Conversation (Dec. 2 2022); https:\/\/tinyurl.com\/27h3mhga."},{"key":"e_1_3_1_13_2","unstructured":"Howell C.J. and Tremblay L. An assessment of ransomware distribution on Darknet markets. LevelBlue (May 23 2023); https:\/\/tinyurl.com\/2a5pogtf"},{"key":"e_1_3_1_14_2","unstructured":"Huntley S. et al. Fog of war: How the Ukraine conflict transformed the cyber threat landscape. Threat Analysis Group (Feb. 2023); https:\/\/tinyurl.com\/2369vslq"},{"key":"e_1_3_1_15_2","unstructured":"International investigation\u2019s most harmful cyber crime group. National Crime Agency (Feb. 20 2024); https:\/\/tinyurl.com\/2bb52zkd."},{"key":"e_1_3_1_16_2","unstructured":"Internet Crime Complaint Center (IC3) | Annual Reports. 2023; https:\/\/tinyurl.com\/28k9b237"},{"key":"e_1_3_1_17_2","unstructured":"Internet Organised Crime Threat Assessment (IOCTA) 2024. Europol; https:\/\/tinyurl.com\/22zreozl"},{"key":"e_1_3_1_18_2","unstructured":"Krebs B. BlackCat Ransomware Group Implodes After Apparent $22M Payment by Change Healthcare \u2013 Krebs on Security. (Mar. 5 2024); https:\/\/tinyurl.com\/yt5ksdoz"},{"key":"e_1_3_1_19_2","unstructured":"Latin American governments targeted by ransomware. Insikt Group (Jun. 2022); https:\/\/tinyurl.com\/2yfkxs6m"},{"key":"e_1_3_1_20_2","unstructured":"Marathon not sprint: Zero-day exploit targeting popular Java library Log4j. Dasera (Dec. 18 2021)"},{"key":"e_1_3_1_21_2","unstructured":"Marchive V. Ransomchats (Jul. 9 2023); https:\/\/tinyurl.com\/2a8gygoh."},{"key":"e_1_3_1_22_2","doi-asserted-by":"crossref","unstructured":"McIntosh T. et al. Ransomware reloaded: Re-examining its trend research and mitigation in the era of data exfiltration. ACM Computing Surveys. (Aug. 30 2024).","DOI":"10.1145\/3691340"},{"key":"e_1_3_1_23_2","doi-asserted-by":"crossref","unstructured":"Meurs T. et al Ransomware: How attacker\u2019s effort victim characteristics and context influence ransom requested payment and financial loss. In Proceedings of the 2022 APWG Symp. on Electronic Crime Research (Nov. 2022) 1\u201313.","DOI":"10.1109\/eCrime57793.2022.10142138"},{"key":"e_1_3_1_24_2","unstructured":"Miles J.D. Royal Ransomware Group threatens to release sensitive information from City of Dallas. CBS News (May 19 2023);); https:\/\/tinyurl.com\/29f4x63n."},{"key":"e_1_3_1_25_2","unstructured":"Nakashima \u00a0 E. and Timberg \u00a0C.\u00a0NSA officials worried about the day its potent hacking tool would get loose. Then it did. Washington Post (May 16 2017)"},{"key":"e_1_3_1_26_2","unstructured":"Naydenov R. et al. Threat landscape for ransomware attacks. ENISA (2022); https:\/\/tinyurl.com\/2ak92tqs."},{"key":"e_1_3_1_27_2","article-title":"A major ransomware takedown suffers a strange setback","author":"Newman L.H.","year":"2023","unstructured":"Newman, L.H. A major ransomware takedown suffers a strange setback. Wired (Dec. 2023); https:\/\/tinyurl.com\/283l8dqd.","journal-title":"Wired"},{"key":"e_1_3_1_28_2","unstructured":"Opportunistic ransomware campaigns impacting US education sector. Microsoft Threat Intelligence (Oct. 2022); https:\/\/tinyurl.com\/2cf8gexr"},{"key":"e_1_3_1_29_2","doi-asserted-by":"publisher","DOI":"10.1145\/3582489"},{"issue":"11","key":"e_1_3_1_30_2","first-page":"238:1","article-title":"A survey on ransomware: Evolution, taxonomy, and defense solutions","volume":"54","author":"Oz H.","year":"2022","unstructured":"Oz, H. et al. A survey on ransomware: Evolution, taxonomy, and defense solutions. ACM Computing Surveys 54, 11 (Sept. 9, 2022), 238:1\u2013238:37.","journal-title":"ACM Computing Surveys"},{"key":"e_1_3_1_31_2","unstructured":"Santos D. Bunce D. and Galiette A. Threat assessment: Royal Ransomware. Unit 42 (May 9 2023); https:\/\/tinyurl.com\/2lbcoguw."},{"key":"e_1_3_1_32_2","unstructured":"Simas Z. Unpacking the MOVEit breach: Statistics and analysis. Emsisoft (July 18 2023);); https:\/\/tinyurl.com\/2c5sjfmn."},{"key":"e_1_3_1_33_2","unstructured":"Stolyarov V. and Sevens B. Exposing Internet access broker with ties to Conti. Threat Analysis Group (Mar. 2022);"},{"key":"e_1_3_1_34_2","unstructured":"Tanner A. Hinchliffe A. and Santos D. Threat assessment: BlackCat ransomware. Unit42 (Jan. 2022); https:\/\/tinyurl.com\/2xs7qmsd"},{"key":"e_1_3_1_35_2","unstructured":"The state of ransomware 2024. Sophos; https:\/\/tinyurl.com\/263xyz6q"},{"key":"e_1_3_1_36_2","unstructured":"The state of IT security in Germany 2023. Federal Office for Information Security; https:\/\/tinyurl.com\/2jmb2hy2"},{"key":"e_1_3_1_37_2","unstructured":"To keep fighting ransomware the United States needs more information. Washington Post\u00a0(May 15 2023); https:\/\/tinyurl.com\/2298zcoj"},{"key":"e_1_3_1_38_2","unstructured":"Vigna G. and Boyarchuk O. ESXi-targeting ransomware: The threats that are after your virtual machines (Part 1). VMware Security Blog (Sept. 28 2022);\u00a0https:\/\/tinyurl.com\/277qfbyy."},{"key":"e_1_3_1_39_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-981-99-5177-2_9"},{"key":"e_1_3_1_40_2","doi-asserted-by":"publisher","unstructured":"Wolff J. Cyberinsurance Policy: Rethinking Risk in an Age of Ransomware Computer Fraud Data Breaches and Cyberattacks. The MIT Press (Aug. 2022); 10.7551\/mitpress\/13665.001.0001.","DOI":"10.7551\/mitpress\/13665.001.0001"},{"key":"e_1_3_1_41_2","unstructured":"Yuceel H.C. Akira ransomware exploits Cisco ASA vulnerability. Picus (Sept. 11 2023); https:\/\/tinyurl.com\/298ercxm"}],"container-title":["Communications of the ACM"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3697829","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3697829","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T01:17:30Z","timestamp":1750295850000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3697829"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,4,29]]},"references-count":40,"journal-issue":{"issue":"05","published-print":{"date-parts":[[2025,5]]}},"alternative-id":["10.1145\/3697829"],"URL":"https:\/\/doi.org\/10.1145\/3697829","relation":{},"ISSN":["0001-0782","1557-7317"],"issn-type":[{"value":"0001-0782","type":"print"},{"value":"1557-7317","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,4,29]]},"assertion":[{"value":"2023-12-08","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-04-29","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}