Abstract
Ransomware is a type of malicious software that holds access to computer resources for a ransom amount. This is accomplished through encrypting the personal files or denying access to the user interface. The access is reinstated only once ransom amount is paid to the attacker. There is a significant increase in ransomware attacks involving crypto ransomware, which encrypt the personal files present on a host or network attached storage and demand ransom in cryptocurrency. Improvements are being made by ransomware in the encryption algorithms, key exchange mechanisms and modes of lateral movement as time progresses. This change has to be reflected in the detections mechanisms to effectively defend against the attacks. Ransomware has become one of the highest damaging types of cyber-attack in the present time and organizations across the world have lost billions of dollars in damages caused due to disruption in business operations. Attackers have earned millions of dollars in ransom money from their victims. Effective detection of ransomware and preventing data loss through encryption is a leading field of research. This paper summarizes the latest research, security products and practices in the prevention, mitigation, and containment of ransomware attacks.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Ransomware damage report. https://cybersecurityventures.com/ransomware-damage-report-2017-5-billion/
Funny money: exploring the connection between bitcoin and ransomware. https://securityintelligence.com/funny-money-exploring-the-connection-between-bitcoin-and-ransomware/
Young, A., Yung, M.: Cryptovirology: extortion-based security threats and countermeasures. In: Proceedings of 1996 IEEE Symposium on Security and Privacy. IEEE (1996)
Virus Bulletin, January 1990. https://www.virusbulletin.com/uploads/pdf/magazine/1990/199001.pdf
Yaqoob, I., et al.: The rise of ransomware and emerging security challenges in the Internet of Things. Comput. Netw. 129, 444–458 (2017)
Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., Kirda, E.: Cutting the Gordian knot: a look under the hood of ransomware attacks. In: Almgren, M., Gulisano, V., Maggi, F. (eds.) DIMVA 2015. LNCS, vol. 9148, pp. 3–24. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-20550-2_1
Hampton, N., Baig, Z.A.: Ransomware: emergence of the cyber-extortion menace (2015)
Patyal, M., et al.: Multi-layered defense architecture against ransomware. Int. J. Bus. Cyber Secur. 1(2) (2017)
Pascariu, C., Barbu, I.-D.: Ransomware–an emerging threat. Int. J. Inf. Secur. Cybercrime 4(2), 27–32 (2015)
Chong, R.: Locky ransomware distributed via DOCM attachments in latest email campaigns. In: FireEye, 17 August 2016. Accessed Sept 2016
Aurangzeb, S., et al.: Ransomware: a survey and trends. J. Inf. Assur. Secur. 6(2) (2017)
Mohurle, S., Patil, M.: A brief study of wannacry threat: Ransomware attack 2017. Int. J. Adv. Res. Comput. Sci. 8(5) (2017)
Bad rabbit ransomware technical analysis. https://logrhythm.com/blog/bad-rabbit-ransomware-technical-analysis/
Adamov, A., Carlsson, A.: The state of ransomware. Trends and mitigation techniques. In: 2017 IEEE East-West Design & Test Symposium (EWDTS). IEEE (2017)
Thomas, G., Burmeister, O., Low, G.: Issues of implied trust in ethical hacking (2018)
Delphy, B.: Mimikatz (2016)
Mansfield-Devine, S.: Ransomware: taking businesses hostage. Netw. Secur. 2016(10), 8–17 (2016)
Ahn, G.-J., et al.: Ransomware 7 and cryptocurrency. Cybercrime Interdiscip. Lens 26, 105 (2016)
Sittig, D.F., Singh, H.: A socio-technical approach to preventing, mitigating, and recovering from ransomware attacks. Appl. Clin. Inform. 7(2), 624 (2016)
Parmar, B.: Employee negligence: the most overlooked vulnerability. Comput. Fraud. Secur. 2013(3), 18–20 (2013)
Luo, X., Liao, Q.: Awareness education as the key to ransomware prevention. Inf. Syst. Secur. 16(4), 195–202 (2007)
Goodman, J., Cormack, G.V., Heckerman, D.: Spam and the ongoing battle for the inbox. Commun. ACM 50(2), 24–33 (2007)
Anti-Spam and anti-malware protection. https://technet.microsoft.com/en-in/library/exchange-online-antispam-and-antimalware-protection.aspx
Eliminating spam within Gmail using machine learning. https://www.blog.google/products/g-suite/how-machine-learning-g-suite-makes-people-more-productive/
Cabaj, K., Mazurczyk, W.: Using software-defined networking for ransomware mitigation: the case of cryptowall. IEEE Netw. 30(6), 14–20 (2016)
Check point ransomware prevention. https://blog.checkpoint.com/wp-content/uploads/2015/07/sb-ransomware-threat-research.pdf
Adobe flash vulnerabilities. https://www.cvedetails.com/vulnerability-list/vendor_id-53/product_id-6761/Adobe-Flash-Player.html
Enterprise patching… is patchy, survey finds. https://www.theregister.co.uk/2017/06/05/enterprise_patching_survey_duo/
David, J.: Unpatched vulnerabilities-the big issues. Netw. Secur. 2003(12), 10–14 (2003)
Nieuwenhuizen, D.: A Behavioral-Based Approach to Ransomware Detection. MWR Labs Whitepaper, Whitepaper (2017)
Haber, M.J., Hibbert, B.: Privilege escalation. In: Privileged Attack Vectors, pp. 53–68. Apress, Berkeley (2018)
Viswanath, H., Mehtre, B.M.: System and method for zero-day privilege escalation malware detection. U.S. Patent Application No. 15/093,690 (2018)
Gajek, J.: Macro malware: dissecting a malicious word document. Netw. Secur. 2017(5), 8–13 (2017)
Lokuketagoda, B., et al.: R-Killer: an email based ransomware protection tool. Int. J. Comput. Inf. Eng. 5(2) (2018)
Usman, L., Prayudi, Y., Riadi, I.: Ransomware analysis based on the surface, runtime and static code method. J. Theor. Appl. Inf. Technol. 95(11) (2017)
Beuhring, A., Salous, K.: Beyond blacklisting: cyberdefense in the era of advanced persistent threats. IEEE Secur. Priv. 12(5), 90–93 (2014)
Durve, R., Bouridane, A.: Windows 10 security hardening using device guard whitelisting and Applocker blacklisting. In: 2017 Seventh International Conference on Emerging Security Technologies (EST). IEEE (2017)
O’dowd, A.: Major global cyber-attack hits NHS and delays treatment. BMJ Br. Med. J. 357 (2017)
Kurmus, A., Sorniotti, A., Kapitza, R.: Attack surface reduction for commodity OS kernels: trimmed garden plants may attract less bugs. In: Proceedings of the Fourth European Workshop on System Security. ACM (2011)
Google Chrome will start blocking flash by default. http://www.wired.co.uk/article/google-chrome-adobe-flash-html5
Scaife, N., et al.: Cryptolock (and drop it): stopping ransomware attacks on user data. In: 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS). IEEE (2016)
Ransomware protection RansomFree by cybereason. https://ransomfree.cybereason.com
Continella, A., et al.: ShieldFS: a self-healing, ransomware-aware filesystem. In: Proceedings of the 32nd Annual Conference on Computer Security Applications. ACM (2016)
Cryptostalker, prevent ransomware on linux. https://github.com/unixist/cryptostalker
Kaspersky anti-ransomware tool kaspersky lab. https://go.kaspersky.com/Anti-ransomware-tool.html
Introducing the malwarebytes anti-ransomware beta. https://blog.malwarebytes.com/malwarebytes-news/2016/01/introducing-the-malwarebytes-anti-ransomware-beta/
New Windows 10 security features protect against ransomware. https://blogs.microsoft.com/firehose/2017/09/06/new-windows-10-security-features-protect-against-ransomware/
Intercept X Sophos. https://www.sophos.com/en-us/medialibrary/PDFs/factsheets/sophos-intercept-x-dsna.pdf
Lee, J.K., Moon, S.Y., Park, J.H.: CloudRPS: a cloud analysis based enhanced ransomware prevention system. J. Supercomput. 73(7), 3065–3084 (2017)
Yun, J., et al.: CLDSafe: an efficient file backup system in cloud storage against ransomware. IEICE Trans. Inf. Syst. 100(9), 2228–2231 (2017)
Zimba, A.: Malware-free intrusion: a novel approach to ransomware infection vectors. Int. J. Comput. Sci. Inf. Secur. 15(2), 317 (2017)
Scaife, N., Traynor, P., Butler, K.: Making Sense of the ransomware mess (and planning a sensible path forward). IEEE Potentials 36(6), 28–31 (2017)
Shaikh, R., Sasikumar, M.: Data classification for achieving security in cloud computing. Procedia Comput. Sci. 45, 493–498 (2015)
Mansfield-Devine, S.: Ransomware: the most popular form of attack. Comput. Fraud. Secur. 2017(10), 15–20 (2017)
Addressing ransomware attacks and other malware ForeScout. https://www.forescout.com/company/resources/ransomware-solution-brief/
The no more ransom project. https://www.nomoreransom.org/en/index.html
Bridges, L.: The changing face of malware. Netw. Secur. 2008(1), 17–20 (2008)
Malin, C.H., Casey, E., Aquilina, J.M.: Malware Forensics: Investigating and Analyzing Malicious Code. Syngress, Waltham (2008)
Mell, P., Kent, K., Nusbaum, J.: Guide to malware incident prevention and handling. US Department of Commerce, Technology Administration, National Institute of Standards and Technology (2005)
Cohen, M.I., Bilby, D., Caronni, G.: Distributed forensics and incident response in the enterprise. Digit. Investig. 8, S101–S110 (2011)
Ransomware executive one-pager and technical document (CERT-US). https://www.us-cert.gov/sites/default/files/publications/Ransomware_Executive_One-Pager_and_Technical_Document-FINAL.pdf
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Maniath, S., Poornachandran, P., Sujadevi, V.G. (2019). Survey on Prevention, Mitigation and Containment of Ransomware Attacks. In: Thampi, S., Madria, S., Wang, G., Rawat, D., Alcaraz Calero, J. (eds) Security in Computing and Communications. SSCC 2018. Communications in Computer and Information Science, vol 969. Springer, Singapore. https://doi.org/10.1007/978-981-13-5826-5_3
Download citation
DOI: https://doi.org/10.1007/978-981-13-5826-5_3
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-5825-8
Online ISBN: 978-981-13-5826-5
eBook Packages: Computer ScienceComputer Science (R0)