Skip to main content
SpringerLink
Log in

Systematic literature review and metadata analysis of ransomware attacks and detection mechanisms

  • Review
  • Published:
Journal of Reliable Intelligent Environments Aims and scope Submit manuscript

Abstract

Ransomware is advanced and upgraded malicious software which comes in the forms of Crypto or Locker, with the intention to attack and take control of basic infrastructures and computer systems. The vast majority of these threats are aimed at directly or indirectly making money from the victims by asking for a ransom in exchange for decryption keys. This systematic literature analysed the anatomy of ransomware, including its trends and mode of attacks to find the possible solutions by querying various academic literature. In contrast to previous reviews, sources of ransomware dataset are revealed in this review paper to ease the challenges of researchers in getting access to ransomware datasets. In addition, a taxonomy of ransomware current trends is presented in the paper. We discussed the articles in detail, the evolution and trend in ransomware researches. Most of the techniques deployed could not completely prevent ransomware attacks because of its obfuscation techniques, but rather recommend proper and regular backup of important files. This review can serve as a benchmark for researchers in proposing a novel ransomware detection methodology and starting point for novice researchers.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

References

  1. Abubakar AI, Chiroma H, Muaz SA, Ila LB (2015) A review of the advances in cyber security benchmark datasets for evaluating data-driven based intrusion detection systems. Proc Comput Sci 62:221–227

    Article  Google Scholar 

  2. Abdulhamid SM, Latiff MSA, Madni SHH, Oluwafemi O (2015) A survey of league championship algorithm: prospects and challenges. arXiv preprint arXiv:1603.09728

  3. Abdullahi M, Ngadi MA (2016) Symbiotic organism search optimization based task scheduling in cloud computing environment. Future Gener Comput Syst 56:640–650

    Article  Google Scholar 

  4. Ahmadian MM, Shahriari HR (2016) 2entFOX: a framework for high survivable ransomwares detection. In: 13th International ISC conference on information security and cryptology, ISCISC 2016, pp 79–84. https://doi.org/10.1109/ISCISC.2016.7736455

  5. Al-rimy BAS, Maarof MA (2018) A 0-day aware crypto-ransomware early behavioral detection framework. Recent Trends Inf Commun Technol. https://doi.org/10.1007/978-3-319-59427-9

    Google Scholar 

  6. Al-rimy BAS, Maarof MA, Shaid SZM (2018) Ransomware threat success factors, taxonomy, and countermeasures: a survey and research directions. Comput Secur 74(2018):144–166

    Article  Google Scholar 

  7. Andronio N, Zanero S, Maggi F (2015) Heldroid: dissecting and detecting mobile ransomware. In: International workshop on recent advances in intrusion detection. Springer, Cham, pp 382–404

  8. Aziz SM (2016) Ransomware in high-risk environments IT-792, independent research project December 2016 Advisor 

  9. Bhardwaj A, Avasthi V, Sastry H, Subrahmanyam GVB (2016) Ransomware digital extortion: a rising new age threat. Indian J Sci Technol 9(14):1–5. https://doi.org/10.17485/ijst/2016/v9i14/82936

    Article  Google Scholar 

  10. Brewer R (2016) Ransomware attacks: detection, prevention and cure. Netw Secur 2016(9):5–9. https://doi.org/10.1016/S1353-4858(16)30086-1

    Article  Google Scholar 

  11. Cabaj K, Gregorczyk M, Mazurczyk W (2015) Software-defined networking-based crypto ransomware detection using HTTP traffic characteristics. https://arxiv.org/ftp/arxiv/papers/1611/1611.08294.pdf. Accessed 27 Apr 2019

  12. Chen J, Wang C, Zhao Z, Chen K, Du R, Ahn GJ (2018) Uncovering the face of android ransomware: characterization and real-time detection. IEEE Trans Inf Forensics Secur 13(5):1286–1300

    Article  Google Scholar 

  13. Choi K-S, Scott TM, Leclair DP, Ks C, Tm S, Dp L (2016) Ransomware against police: diagnosis of risk factors via application of cyber-routine activities theory virtual commons citation ransomware against police: diagnosis of risk factors via application of cyber-routine activities theory. Int J Forensic Sci Pathol 4(7):253–258. https://doi.org/10.19070/2332-287X-1600061

    Google Scholar 

  14. Coccaro R (2017) Evaluation of weaknesses in US cybersecurity and recommendations for improvement (Doctoral dissertation, Utica College)

  15. Cohen A, Nissim N (2018) Trusted detection of ransomware in a private cloud using machine learning methods leveraging meta-features from volatile memory. Expert Syst Appl 102:158–178

    Article  Google Scholar 

  16. Continella A, Guagnelli A, Zingaro G, Pasquale GD, Barenghi A, Zanero S, Maggi F (2016) ShieldFS: a self-healing, ransomware-aware filesystem. https://doi.org/10.1145/2991079.2991110

  17. Deloitte (2016) Ransomware holding your data. Deloitte Threat Intelligence and Analytics. https://www2.deloitte.com/content/dam/Deloitte/us/Documents/risk/us-aers-ransomware.pdf

  18. Demuro PR (2017) Keeping internet pirates at bay: ransomware negotiation in the healthcare industry keeping internet pirates at bay: ransomware negotiation in the healthcare industry. Nova Law Rev 41(3):5

    Google Scholar 

  19. Ferrante A, Malek M, Martinelli F, Mercaldo F, Milosevic J (2017) Extinguishing ransomware—a hybrid approach to android ransomware detection. Springer, Cham

    Google Scholar 

  20. Formby D, Durbha S, Beyah R (2017) Out of control: ransomware for industrial control systems. In: RSA conference, 1–8. http://www.cap.gatech.edu/plcransomware.pdf. Accessed 27 Apr 2019

  21. Gagneja KK (2017) Knowing the ransomware and building defense against it-specific to healthcare institutes. In: Proceedings of the 2017 3rd conference on mobile and secure services, MOBISECSERV 2017. https://doi.org/10.1109/MOBISECSERV.2017.7886569

  22. Gómez-Hernández JA, Álvarez-González L, García-Teodoro P (2018) R-locker: thwarting ransomware action through a honeyfile-based approach. Comput Secur 73:389–398

    Article  Google Scholar 

  23. Gupta G, Tripathi K (2017) Study on ransomware attack and its prevention. Int Educ Res J 3(5):260–262

    Google Scholar 

  24. Hampton N, Baig Z, Zeadally S (2018) Ransomware behavioural analysis on windows platforms. J Inf Secur Appl 40:44–51

    Google Scholar 

  25. Hernandez-Castro J, Cartwright E, Stepanova A (2017) Economic analysis of ransomware. Soc Sci Res Netw 2017(1):1–14. https://doi.org/10.2139/ssrn.2937641

  26. Hong S, Chen J (2016) Poster: sdguard—an android application implementing privacy protection and ransomware detection, 26362. In: Proceedings of the 15th annual international conference on mobile systems, applications, and services. MobiSys '17, Niagara Falls, New York, USA, June 19–23, p 149. https://doi.org/10.1145/3081333.3089293

  27. Idris I, Abdulhamid SM (2014) An improved AIS based e-mail classification technique for spam detection. arXiv preprint arXiv:1402.1242

  28. Imran M, Guizani M, Yaqoob I, Ahmed E, Al-garadi MA, Imran M (2017) The rise of ransomware and emerging security challenges in the internet of things. Comput Netw. https://doi.org/10.1016/j.comnet.2017.09.003

    Google Scholar 

  29. Kharraz A, Arshad S, Mulliner C, Robertson W, Kirda E (2016) UNVEIL: a large-scale, automated approach to detecting ransomware. In: 25th USENIX security symposium (USENIX security 16), pp. 757–772

  30. Kharraz A, Kirda E (2017) Redemption: real-time protection against ransomware at end-hosts. In: Dacier M, Bailey M, Polychronakis M, Antonakakis M (eds) Research in attacks, intrusions, and defenses. RAID 2017. Lecture notes in computer science, vol 10453. Springer, Cham, pp 98–119

  31. Kiraz MS, Genç ZA, Öztürk E (2017) Detecting large integer arithmetic for defense against crypto ransomware. Cryptology, Report 2017/558. http://eprint.iacr.org/2017/558. Accessed 21 Dec 2018

  32. Kitchenham B, Brereton OP, Budgen D, Turner M, Bailey J, Linkman S (2009) Systematic literature reviews in software engineering—a systematic literature review. Inform Softw Technol 51(1):7–15

    Article  Google Scholar 

  33. Kolodenker E, Koch W, Stringhini G, Egele M (2017) PayBreak: defense against cryptographic ransomware. AsiaCCS 15:599–611. https://doi.org/10.1145/3052973.3053035

    Google Scholar 

  34. Kruse CS, Frederick B, Jacobson T, Monticone DK (2017) Cybersecurity in healthcare: a systematic review of modern threats and trends. Technol Health Care 25(1):1–10. https://doi.org/10.3233/THC-161263

    Article  Google Scholar 

  35. Laszka A, Farhang S, Grossklags J (2017) On the economics of ransomware. http://arxiv.org/abs/1707.06247

  36. Latiff MSA, Madni SHH, Abdullahi M (2018) Fault tolerance aware scheduling technique for cloud computing environment using dynamic clustering algorithm. Neural Comput Appl 29(1):279–293

    Article  Google Scholar 

  37. Lee K, Yim K, Seo JT (2018) Ransomware prevention technique using key backup. Concurrency and Computation Practice and Experience 30(3):e4337

    Article  Google Scholar 

  38. Lee J, Lee K (2018) Spillover effect of ransomware: economic analysis of web vulnerability market. Res Brief Inform Commun Technol Evol 3(20):1–11

    Google Scholar 

  39. Mercaldo F, Nardone V, Santone A (2016) Ransomware inside out. In: Proceedings—2016 11th international conference on availability, reliability and security, ARES 2016, 628–637. https://doi.org/10.1109/ARES.2016.35

  40. Mercaldo F, Nardone V, Santone A, Visaggio CA (2016) Ransomware steals your phone. Formal methods rescue it. In: International conference on formal techniques for distributed objects, components, and systems. Springer, Cham, pp 212–221

  41. Monika Zavarsky P, Lindskog D (2016) Experimental analysis of ransomware on windows and android platforms: evolution and characterization. Proc Comput Sci 94:465–472. https://doi.org/10.1016/j.procs.2016.08.072

    Article  Google Scholar 

  42. Moore C (2016) Detecting ransomware with honeypot techniques. In: Proceedings—2016 cybersecurity and cyberforensics conference, CCC 2016, pp 77–81. https://doi.org/10.1109/CCC.2016.14

  43. Nieuwenhuizen D (2017) A behavioural-based approach to ransomware detection. Whitepaper. MWR Labs Whitepaper

  44. Patyal M, Sampalli S, Ye Q, Rahman M (2017). Multi-layered defense architecture against ransomware. Int J Bus Cyber Secur 1(2): 52–64. http://ezproxy.umuc.edu/login?url=http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=121205538&site=eds-live&scope=site

  45. Ray O, Hicks S, Moyle S (2017) Using ILP to analyse ransomware attacks. CEUR Workshop Proceedings 1865:54–59

    Google Scholar 

  46. Richardson R, North M (2017) Ransomware: evolution, mitigation and prevention. Int Manag Rev 13(1):10–22. https://doi.org/10.1108/17506200710779521

    Google Scholar 

  47. Saiyed BC (2016) CryptoLocker. Inform Syst Secur Assoc J 2016(4):14–18

    Google Scholar 

  48. Savage K, Coogan P, Lau H (2015) The evolution of ransomware. Secur Response 15:57. https://doi.org/10.5437/08953608X5403011

    Google Scholar 

  49. Scaife N, Carter H, Traynor P, Butler KRB (2016) CryptoLock (and Drop It): Stopping ransomware attacks on user data. In: Proceedings—international conference on distributed computing systems, 2016–Augus, pp 303–312. https://doi.org/10.1109/ICDCS.2016.46

  50. SEC E (2017) Cybersecurity: ransomware alert. Natl Exam Progr Risk Alert 5(4):15–16

  51. Sgandurra D, Muñoz-González L, Mohsen R, Lupu EC (2016) Automated dynamic analysis of ransomware: benefits, limitations and use for detection. Przeglad Elektrotechniczny 15:1–13. https://doi.org/10.15199/48.2015.11.48

    Google Scholar 

  52. Shaukat SK, Ribeiro VJ (2018) IEEE copyright notice: RansomWall: a layered defense system against cryptographic ransomware attacks using machine learning. This paper is a preprint (IEEE “accepted” status)

  53. Silva JAH, Hernández-Alvarez M (2017) Large scale ransomware detection by cognitive security. In: Ecuador technical chapters meeting (ETCM), 2017 IEEE. IEEE, pp 1–4

  54. Smith J (2017) Ransomware incident response for law enforcement (Doctoral dissertation, Utica College)

  55. Song S, Kim B, Lee S (2016) The effective ransomware prevention technique using process monitoring on android platform. Mobile Inform Syst 2016:15–20. https://doi.org/10.1155/2016/2946735

    Google Scholar 

  56. Team T, Ringers D (2017) The cost of ransomware attacks. InforSec J 22(6):25–26

    Google Scholar 

  57. Upadhyaya R, Jain A (2017) Cyber ethics and cyber crime: a deep dwelved study into legality, ransomware, underground web and bitcoin wallet. In: Proceeding—IEEE international conference on computing, communication and automation, ICCCA 2016, pp 143–148. https://doi.org/10.1109/CCAA.2016.7813706

  58. Wecksten M, Frick J, Sjostrom A, Jarpe E (2017) A novel method for recovery from Crypto Ransomware infections. In: 2016 2nd ieee international conference on computer and communications, ICCC 2016—Proceedings, pp 1354–1358. https://doi.org/10.1109/CompComm.2016.7924925

  59. Wyke J, Ajjan A (2015) The current state of ransomware 1(December):61

    Google Scholar 

  60. Yaqoob I, Ahmed E, Ur Rehman MH, Ahmed AIA, Al-garadi MA, Imran M, Guizani M (2017) The rise of ransomware and emerging security challenges in the Internet of Things. Comput Netw 129:444–458

    Article  Google Scholar 

  61. Yang T, Yang Y, Qian K, Lo DCT, Qian Y, Tao L (2015) Automated detection and analysis for android ransomware. In: Proceedings—2015 IEEE 17th international conference on high performance computing and communications. 2015 IEEE 7th international symposium on cyberspace safety and security and 2015 IEEE 12th international conference on embedded software and systems. H, (1), 1338–1343. https://doi.org/10.1109/HPCC-CSS-ICESS.2015.39

  62. Zimba A, Wang Z, Chen H (2018) Multi-stage crypto ransomware attacks: a new emerging cyber threat to critical infrastructure and industrial control systems. ICT Express 4(1):14–18

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Cyber Security, Federal University of Technology, Minna, Nigeria

    Abdullahi Mohammed Maigida, Shafi’i Muhammad Abdulhamid, Morufu Olalere & John K. Alhassan

  2. Department of Computer Science, Federal College of Education (Technical), Gombe, Nigeria

    Haruna Chiroma

  3. Department of Computer Engineering, University of Maiduguri, Maiduguri, Nigeria

    Emmanuel Gbenga Dada

Authors
  1. Abdullahi Mohammed Maigida
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shafi’i Muhammad Abdulhamid
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Morufu Olalere
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. John K. Alhassan
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Haruna Chiroma
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Emmanuel Gbenga Dada
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shafi’i Muhammad Abdulhamid.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Maigida, A.M., Abdulhamid, S.M., Olalere, M. et al. Systematic literature review and metadata analysis of ransomware attacks and detection mechanisms. J Reliable Intell Environ 5, 67–89 (2019). https://doi.org/10.1007/s40860-019-00080-3

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s40860-019-00080-3

Keywords

Search

Navigation