The Evolving Menace of Ransomware: A Comparative Analysis of Pre-pandemic and Mid-pandemic Attacks

Document Type


Source of Publication

Digital Threats Research and Practice

Publication Date



Drawing upon direct interviews and secondary sources, this paper presents a qualitative comparative analysis of thirty-nine ransomware attacks, twenty-six of which occurred shortly before the outbreak of the COVID-19 pandemic and thirteen of which took place during the pandemic. The research objective was to gain an understanding of how ransomware attacks changed tactics across this period. Using inductive content analysis, a number of key themes emerged, namely: (1) ransomware attackers have adopted more sinister tactics and now commit multiple crimes to maximise their return, (2) the expanded attack surface caused by employees working from home has greatly aggravated the risk of malicious intrusion, (3) the preferred attack vectors have changed, with phishing and VPN exploits now to the fore, (4) failure to adapt common business processes from off-line to on-line interaction has created vulnerabilities, (5) the ongoing laissez-faire attitude towards cybersecurity and lack of preparedness continues to be a substantial problem, and (6) ransomware attacks now pose potentially severe consequences for individuals, whose personal data has become a central part of the game. Recommendations are proposed to address these issues.




Association for Computing Machinery (ACM)


Computer Sciences


Ransomware, Pandemic, COVID-19, Data exfiltration, Security policies

Indexed in Scopus


Open Access


Open Access Type

Gold: This publication is openly available in an open access journal/series