Ransomware is a form of extortion-based attack that locks the victim's digital resources and requests money to release them. Although the concept of ransomware is not new (i.e., such attacks date back at least as far as the 1980s), this type of malware has recently experienced a resurgence in popularity. In fact, over the last few years, a number of high-prole ransomware attacks were reported. Very recently, WannaCry ransomware infected thousands of vulnerable machines around the world, and substantially disrupted critical services such as British healthcare system. Given the size and variety of threats we are facing today, having solutions to eectively detect and analyze unknown ransomware attacks seems necessary.In this thesis, we argue that it is possible to develop novel defense mechanisms, and protect user data from a large number of ransomware attacks with zero data loss. We show that such an approach is both feasible and eective. To support this claim, we investigate how a successful ransomware attack interacts with the operating system resources. In the rst part of this thesis, we perform an evolutionary-based analysis to understand the destructive behavior of these attacks. We show that by monitoring lesystem activity, it is possible to design practical defense systems that could stop a large number of ransomware attacks, even those using sophisticated encryption capabilities. In the second part, we propose a novel dynamic analysis system, called Unveil, that is designed to analyze ransomware attacks, and model their interactions with the lesystem. In the third and the last part, we propose an end-point framework, called Redemption, to protect user data from ransomware attacks. We demonstrate that our proposed solution can be retrotted into existing operating systems, and achieve zero data loss against current ransomware families without introducing alarm fatigue.5