A Technical Analysis of Modern Ransomware Operations and Defense Mechanisms

Naim Baftiu, Enes Sofiu, Tatjana Pachemska, Ana Atanasova

© 2026 Enes Sofiu, published by UIKTEN. This work is licensed under the Creative Commons Attribution-NonCommercial 4.0 International. (CC BY-NC 4.0).

Citation Information: SAR Journal. Volume 9, Issue 1, Pages 67-74, ISSN 2619-9955, https://doi.org/10.18421/SAR91-08, March 2026.

Received: 20 January 2026.
Revised: 16 March 2026.
Accepted: 22 March 2026.
Published: 27 March 2026.

Abstract:

Ransomware has evolved into one of the most disruptive cybersecurity threats, affecting critical infrastructure, healthcare, and enterprise environments worldwide. This paper presents a structured technical analysis of modern ransomware operations, focusing on attack lifecycle, propagation mechanisms, encryption design, and defensive controls. Through comparative analysis of WannaCry and NotPetya, the study identifies systemic weaknesses in patch management, identity security, and backup resilience. The paper contributes a consolidated framework aligning technical findings with established standards such as NIST CSF and ENISA guidance. Results demonstrate that layered defence, including proactive vulnerability management, privileged access control, network segmentation, and verified recovery capabilities, significantly reduces organisational risk and improves operational resilience.

Keywords – ransomware, crypto-ransomware, incident response, backup resilience, zero trust.
                   

                                                                      Full text PDF