[Series] Inside Different Generations of Ransomware

First Post:

Last Update:

Word Count:
312

Read Time:
1 min

Background

Through working on my Inside Different Generations of RATs series, I started to notice an interesting pattern:

While remote access tools evolve in terms of architecture and communication design, ransomware shows more visible and rapid evolution—not only technically, but also operationally.

The term “ransomware” became clear in my mind when I was a middle school student. In 2017, WannaCry spread across almost the entire global network. WannaCry is not the first ransomware in history, but it is absolutely the most impactful one for me (not only because of its red GUI, but also the kernel vulnerabilities it exploited).

Unlike RATs, ransomware is not just about maintaining access. It is designed around a very specific objective: enforcing payment through impact.

Because of this, its evolution reflects a combination of:

  • cryptographic advancements
  • propagation strategies
  • increasingly structured operational models

This makes ransomware a particularly interesting subject to study from an evolutionary perspective.

Inside Different Generations of Ransomware

In this new series, I aim to analyze ransomware not just as individual samples, but as part of an evolving ecosystem.

Instead of focusing solely on “what a sample does”, I want to understand:

  • how ransomware spreads
  • how encryption is implemented
  • how design decisions change across different generations

Planned Focus

In this series, I will mainly focus on:

  • Encryption strategy (implementation, key handling, correctness)
  • Propagation mechanisms (manual deployment, exploit-based spreading, lateral movement)
  • Internal design (program structure, modularity, configuration)
  • Evolution across generations

This post serves as a roadmap and planning note for the series, just like my first series
Inside Different Generations of RATs.

Draft Generations

Unlike the RAT series, where the classification emerges from analyzing specific families,
the generational model for ransomware is still being explored.

At this stage, I plan to group ransomware based on:

  • encryption capabilities
  • propagation mechanisms
  • and operational models

This classification will likely evolve as more samples are analyzed.

Articles

(Coming soon…)

THANKS FOR READING