survey

Ransomware Mitigation in the Modern Era: A Comprehensive Review, Research Challenges, and Future Directions

Authors:

Timothy McIntosh,

A. S. M. Kayes,

Yi-Ping Phoebe Chen,

Paul WattersAuthors Info & Claims

ACM Computing Surveys (CSUR), Volume 54, Issue 9

Article No.: 197, Pages 1 - 36

https://doi.org/10.1145/3479393

Published: 08 October 2021 Publication History

Abstract

Although ransomware has been around since the early days of personal computers, its sophistication and aggression have increased substantially over the years. Ransomware, as a type of malware to extort ransom payments from victims, has evolved to deliver payloads in different attack vectors and on multiple platforms, and creating repeated disruptions and financial loss to many victims. Many studies have performed ransomware analysis and/or presented detection, defense, or prevention techniques for ransomware. However, because the ransomware landscape has evolved aggressively, many of those studies have become less relevant or even outdated. Previous surveys on anti-ransomware studies have compared the methods and results of the studies they surveyed, but none of those surveys has attempted to critique on the internal or external validity of those studies. In this survey, we first examined the up-to-date concept of ransomware, and listed the inadequacies in current ransomware research. We then proposed a set of unified metrics to evaluate published studies on ransomware mitigation, and applied the metrics to 118 such studies to comprehensively compare and contrast their pros and cons, with the attempt to evaluate their relative strengths and weaknesses. Finally, we forecast the future trends of ransomware evolution, and propose future research directions.

Supplementary Material

mcintosh (mcintosh.zip)

Supplemental movie, appendix, image and software files for, Ransomware Mitigation in the Modern Era: A Comprehensive Review, Research Challenges, and Future Directions

Download
93.01 KB

References

[1]

Mohammad Mehdi Ahmadian and Hamid Reza Shahriari. 2016. 2entFOX: A framework for high survivable ransomwares detection. In 2016 13th International Iranian Society of Cryptology Conference on Information Security and Cryptology (ISCISC’16). IEEE, 79–84.

[2]

Mohammad Mehdi Ahmadian, Hamid Reza Shahriari, and Seyed Mohammad Ghaffarian. 2015. Connection-monitor and connection-breaker: A novel approach for prevention and detection of high survivable ransomwares. In 2015 12th International Iranian Society of Cryptology Conference on Information Security and Cryptology (ISCISC’15). IEEE, 79–84.

[3]

Yahye Abukar Ahmed, Barış Koçer, and Bander Ali Saleh Al-rimy. 2020. Automated analysis approach for the detection of high survivable ransomware. KSII Transactions on Internet and Information Systems (TIIS) 14, 5 (2020), 2236–2257.

[4]

Yahye Abukar Ahmed, Barış Koçer, Shamsul Huda, Bander Ali Saleh Al-rimy, and Mohammad Mehedi Hassan. 2020. A system call refinement-based enhanced Minimum Redundancy Maximum Relevance method for ransomware early detection. Journal of Network and Computer Applications (2020), 102753.

[5]

Jinwoo Ahn, Donggyu Park, Chang-Gyu Lee, Donghyun Min, Junghee Lee, Sungyong Park, Qian Chen, and Youngjae Kim. 2019. KEY-SSD: Access-control drive to protect files from ransomware attacks. https://arxiv.org/abs/1904.05012.

[6]

Muna Al-Hawawreh, Frank den Hartog, and Elena Sitnikova. 2019. Targeted ransomware: A new cyber threat to edge system of brownfield industrial Internet of Things. IEEE Internet of Things Journal 6, 4 (2019), 7137–7151.

[7]

Bander Ali Saleh Al-rimy, Mohd Aiziani Maarof, Mamoun Alazab, Fawaz Alsolami, Syed Zainudeen Mohd Shaid, Fuad A. Ghaleb, Tawfik Al-Hadhrami, and Abdullah Marish Ali. 2020. A pseudo feedback-based annotated TF-IDF technique for dynamic crypto-ransomware pre-encryption boundary delineation and features extraction. IEEE Access 8 (2020), 140586–140598.

[8]

Bander Ali Saleh Al-rimy, Mohd Aizaini Maarof, Mamoun Alazab, Syed Zainudeen Mohd Shaid, Fuad A. Ghaleb, Abdulmohsen Almalawi, Abdullah Marish Ali, and Tawfik Al-Hadhrami. 2020. Redundancy coefficient gradual up-weighting-based mutual information feature selection technique for crypto-ransomware early detection. Future Generation Computer Systems (2020).

[9]

Bander Ali Saleh Al-rimy, Mohd Aizaini Maarof, Yuli Adam Prasetyo, Syed Zainudeen Mohd Shaid, and Asmawi Fadillah Mohd Ariffin. 2018. Zero-day aware decision fusion-based model for crypto-ransomware early detection. International Journal of Integrated Engineering 10, 6 (2018).

[10]

Bander Ali Saleh Al-rimy, Mohd Aizaini Maarof, and Syed Zainudeen Mohd Shaid. 2019. Crypto-ransomware early detection model using novel incremental bagging with enhanced semi-random subspace selection. Future Generation Computer Systems 101 (2019), 476–491.

Digital Library

[11]

Manaar Alam, Sarani Bhattacharya, Swastika Dutta, Sayan Sinha, Debdeep Mukhopadhyay, and Anupam Chattopadhyay. 2019. RATAFIA: Ransomware analysis using time and frequency informed autoencoders. In 2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST’19). IEEE Computer Society, 218–227.

[12]

Ahmad O. Almashhadani, Mustafa Kaiiali, Sakir Sezer, and Philip O’Kane. 2019. A multi-classifier network-based crypto ransomware detection system: A case study of Locky ransomware. IEEE Access 7 (2019), 47053–47067.

[13]

Samah Alsoghyer and Iman Almomani. 2019. Ransomware detection system for android applications. Electronics 8, 8 (2019), 868.

[14]

Samah Alsoghyer and Iman Almomani. 2020. On the effectiveness of application permissions for android ransomware detection. In 2020 6th Conference on Data Science and Machine Learning Applications (CDMA’20). IEEE, 94–99.

[15]

Abdulrahman Alzahrani, Hani Alshahrani, Ali Alshehri, and Huirong Fu. 2019. An intelligent behavior-based ransomware detection system for android platform. In 2019 1st IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA’19). IEEE, 28–35.

[16]

Abdulrahman Alzahrani, Ali Alshehri, Hani Alshahrani, Raed Alharthi, Huirong Fu, Anyi Liu, and Ye Zhu. 2018. RanDroid: Structural similarity approach for detecting ransomware applications in android platform. In 2018 IEEE International Conference on Electro/Information Technology (EIT’18). IEEE, 0892–0897.

[17]

Or Ami, Yuval Elovici, and Danny Hendler. 2018. Ransomware prevention using application authentication-based file access control. In Proceedings of the 33rd Annual ACM Symposium on Applied Computing. 1610–1619.

Digital Library

[18]

Nicoló Andronio, Stefano Zanero, and Federico Maggi. 2015. Heldroid: Dissecting and detecting mobile ransomware. In International Symposium on Recent Advances in Intrusion Detection. Springer, 382–404.

Digital Library

[19]

Amir Atapour-Abarghouei, Stephen Bonner, and Andrew Stephen McGough. 2019. A King’s ransom for encryption: Ransomware classification using augmented one-shot learning and bayesian approximation. In 2019 IEEE International Conference on Big Data (Big Data’19). IEEE, 1601–1606.

[20]

Md. Ahsan Ayub, Andrea Continella, and Ambareen Siraj. 2020. An I/O request packet (IRP) driven effective ransomware detection scheme using artificial neural network. In 2020 IEEE 21st International Conference on Information Reuse and Integration for Data Science (IRI’20). IEEE Computer Society, 319–324.

[21]

Seong Il Bae, Gyu Bin Lee, and Eul Gyu Im. 2019. Ransomware detection using machine learning algorithms. Concurrency and Computation: Practice and Experience (2019), e5422.

[22]

SungHa Baek, Youngdon Jung, Aziz Mohaisen, Sungjin Lee, and DaeHun Nyang. 2018. SSD-insider: Internal defense of solid-state drive against ransomware with perfect data recovery. In 2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS’18). IEEE, 875–884.

[23]

Pranshu Bajpai and Richard Enbody. 2020. Attacking key management in ransomware. IT Professional 22, 2 (2020), 21–27.

[24]

Pranshu Bajpai and Richard Enbody. 2020. An empirical study of key generation in cryptographic ransomware. In 2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security’20). IEEE, 1–8.

[25]

Pranshu Bajpai, Aditya K. Sood, and Richard Enbody. 2018. A key-management-based taxonomy for ransomware. In 2018 APWG Symposium on Electronic Crime Research (eCrime’18). IEEE, 1–12.

[26]

Abubakar Bello and Alana Maurushat. 2020. Technical and behavioural training and awareness solutions for mitigating ransomware attacks. In Computer Science On-line Conference. Springer, 164–176.

[27]

Eduardo Berrueta, Daniel Morato, Eduardo Magaña, and Mikel Izal. 2019. A survey on detection techniques for cryptographic ransomware. IEEE Access 7 (2019), 144925–144944.

[28]

Riccardo Bortolameotti, Thijs van Ede, Marco Caselli, Maarten H. Everts, Pieter Hartel, Rick Hofstede, Willem Jonker, and Andreas Peter. 2017. DECANTeR: DEteCtion of anomalous outbound HTTP TRaffic by passive application fingerprinting. In Proceedings of the 33rd Annual Computer Security Applications Conference. ACM, 373–386.

Digital Library

[29]

Marcus Botacin, Fabricio Ceschin, Ruimin Sun, Daniela Oliveira, and André Grégio. 2021. Challenges and pitfalls in malware research. Computers & Security 106 (2021), 102287.

Digital Library

[30]

Ross Brewer. 2016. Ransomware attacks: Detection, prevention and cure. Network Security 2016, 9 (2016), 5–9.

Digital Library

[31]

Calvin Brierley, Jamie Pont, Budi Arief, David J. Barnes, and Julio Hernandez-Castro. 2020. PaperW8: An IoT bricking ransomware proof of concept. In Proceedings of the 15th International Conference on Availability, Reliability and Security. 1–10.

Digital Library

[32]

Krzysztof Cabaj, Marcin Gregorczyk, and Wojciech Mazurczyk. 2018. Software-defined networking-based crypto ransomware detection using HTTP traffic characteristics. Computers & Electrical Engineering 66 (2018), 353–368.

Digital Library

[33]

Edward Cartwright, Julio Hernandez Castro, and Anna Cartwright. 2019. To pay or not: Game theoretic models of ransomware. Journal of Cybersecurity 5, 1 (2019), tyz009.

[34]

Jason Castiglione and Dusko Pavlovic. 2019. Dynamic distributed secure storage against ransomware. IEEE Transactions on Computational Social Systems (2019).

[35]

Jing Chen, Chiheng Wang, Ziming Zhao, Kai Chen, Ruiying Du, and Gail-Joon Ahn. 2017. Uncovering the face of android ransomware: Characterization and real-time detection. IEEE Transactions on Information Forensics and Security 13, 5 (2017), 1286–1300.

[36]

Qian Chen and Robert A. Bridges. 2017. Automated behavioral analysis of malware: A case study of wannacry ransomware. In 2017 16th IEEE International Conference on Machine Learning and Applications (ICMLA’17). IEEE, 454–460.

[37]

Qian Chen, Sheikh Rabiul Islam, Henry Haswell, and Robert A. Bridges. 2019. Automated ransomware behavior analysis: Pattern extraction and early detection. In International Conference on Science of Cyber Security. Springer, 199–214.

[38]

Christopher J. W. Chew and Vimal Kumar. 2019. Behaviour based ransomware detection. Proceedings of 34th International Conference on Computers and Their Applications 58 (2019), 127–136.

[39]

Aniello Cimitile, Francesco Mercaldo, Vittoria Nardone, Antonella Santone, and Corrado Aaron Visaggio. 2018. Talos: No more ransomware victims with formal methods. International Journal of Information Security 17, 6 (2018), 719–738.

Digital Library

[40]

Aviad Cohen and Nir Nissim. 2018. Trusted detection of ransomware in a private cloud using machine learning methods leveraging meta-features from volatile memory. Expert Systems with Applications 102 (2018), 158–178.

Digital Library

[41]

Lena Y. Connolly and David S. Wall. 2019. The rise of crypto-ransomware in a changing cybercrime landscape: Taxonomising countermeasures. Computers & Security 87 (2019), 101568.

Digital Library

[42]

Mauro Conti, Ankit Gangwal, and Sushmita Ruj. 2018. On the economic significance of ransomware campaigns: A Bitcoin transactions perspective. Computers & Security 79 (2018), 162–189.

Digital Library

[43]

Andrea Continella, Alessandro Guagnelli, Giovanni Zingaro, Giulio De Pasquale, Alessandro Barenghi, Stefano Zanero, and Federico Maggi. 2016. ShieldFS: A self-healing, ransomware-aware filesystem. In Proceedings of the 32nd Annual Conference on Computer Security Applications. ACM, 336–347.

Digital Library

[44]

Greg Cusack, Oliver Michel, and Eric Keller. 2018. Machine learning-based detection of ransomware using SDN. In Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization. 1–6.

Digital Library

[45]

Alfredo Cuzzocrea, Fabio Martinelli, and Francesco Mercaldo. 2018. A novel structural-entropy-based classification technique for supporting android ransomware detection and analysis. In 2018 IEEE International Conference on Fuzzy Systems (FUZZ-IEEE’18). IEEE, 1–7.

[46]

Tooska Dargahi, Ali Dehghantanha, Pooneh Nikkhah Bahrami, Mauro Conti, Giuseppe Bianchi, and Loris Benedetto. 2019. A cyber-kill-chain based taxonomy of crypto-ransomware features. Journal of Computer Virology and Hacking Techniques 15, 4 (2019), 277–305.

[47]

Simon R. Davies, Richard Macfarlane, and William J. Buchanan. 2020. Evaluation of live forensic techniques in ransomware attack mitigation. Forensic Science International: Digital Investigation 33 (2020), 300979.

[48]

Hossam Faris, Maria Habib, Iman Almomani, Mohammed Eshtay, and Ibrahim Aljarah. 2020. Optimizing extreme learning machines using chains of salps for efficient android ransomware detection. Applied Sciences 10, 11 (2020), 3706.

[49]

Adrienne Porter Felt, Elizabeth Ha, Serge Egelman, Ariel Haney, Erika Chin, and David Wagner. 2012. Android permissions: User attention, comprehension, and behavior. In Proceedings of the 8th Symposium on Usable Privacy and Security. 1–14.

Digital Library

[50]

Yun Feng, Chaoge Liu, and Baoxu Liu. 2017. Poster: A new approach to detecting ransomware with deception. In 38th IEEE Symposium on Security and Privacy.

[51]

Lorenzo Fernandez Maimo, Alberto Huertas Celdran, Angel L. Perales Gomez, Felix J. Garcia Clemente, James Weimer, and Insup Lee. 2019. Intelligent and dynamic ransomware spread detection and mitigation in integrated clinical environments. Sensors 19, 5 (2019), 1114.

[52]

Alberto Ferrante, Miroslaw Malek, Fabio Martinelli, Francesco Mercaldo, and Jelena Milosevic. 2017. Extinguishing ransomware—A hybrid approach to android ransomware detection. In International Symposium on Foundations and Practice of Security. Springer, 242–258.

[53]

Pablo L. Gallegos-Segovia, Jack F. Bravo-Torres, Víctor M. Larios-Rosillo, Paúl E. Vintimilla-Tapia, Iván F. Yuquilima-Albarado, and Juan D. Jara-Saltos. 2017. Social engineering as an attack vector for ransomware. In 2017 CHILEAN Conference on Electrical, Electronics Engineering, Information and Communication Technologies (CHILECON’17). IEEE, 1–6.

[54]

Ziya Alper Genç, Gabriele Lenzini, and Peter Y. A. Ryan. 2018. Next generation cryptographic ransomware. In Nordic Conference on Secure IT Systems. Springer, 385–401.

[55]

Ziya Alper Genç, Gabriele Lenzini, and Peter Y. A. Ryan. 2018. No random, no ransom: A key to stop cryptographic ransomware. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 234–255.

[56]

Ziya Alper Genç, Gabriele Lenzini, and Peter Y. A. Ryan. 2019. NoCry: No more secure encryption keys for cryptographic ransomware. In International Workshop on Emerging Technologies for Authorization and Authentication. Springer, 69–85.

[57]

Amirhossein Gharib and Ali Ghorbani. 2017. DNA-droid: A real-time android ransomware detection framework. In International Conference on Network and System Security. Springer, 184–198.

[58]

J. A. Gómez-Hernández, L. Álvarez-González, and Pedro García-Teodoro. 2018. R-Locker: Thwarting ransomware action through a honeyfile-based approach. Computers & Security 73 (2018), 389–398.

[59]

Nikolai Hampton, Zubair Baig, and Sherali Zeadally. 2018. Ransomware behavioural analysis on windows platforms. Journal of Information Security and Applications 40 (2018), 44–51.

[60]

Md. Mahbub Hasan and Md. Mahbubur Rahman. 2017. RansHunt: A support vector machines based ransomware analysis framework with integrated feature set. In 2017 20th International Conference of Computer and Information Technology (ICCIT’17). IEEE, 1–7.

[61]

Matthias Held and Marcel Waldvogel. 2018. Fighting ransomware with guided undo. NISK Journal 11 (2018).

[62]

Gregory Hill and Xavier Bellekens. 2018. CryptoKnight: Generating and modelling compiled cryptographic primitives. Information 9, 9 (2018), 231.

[63]

Manabu Hirano and Ryotaro Kobayashi. 2019. Machine learning based ransomware detection using storage access patterns obtained from live-forensic hypervisor. In 2019 Sixth International Conference on Internet of Things: Systems, Management and Security (IOTSMS’19). IEEE, 1–6.

[64]

Sajad Homayoun, Ali Dehghantanha, Marzieh Ahmadzadeh, Sattar Hashemi, and Raouf Khayami. 2017. Know abnormal, find evil: Frequent pattern mining for ransomware threat hunting and intelligence. IEEE Transactions on Emerging Topics in Computing (2017).

[65]

Sajad Homayoun, Ali Dehghantanha, Marzieh Ahmadzadeh, Sattar Hashemi, Raouf Khayami, Kim-Kwang Raymond Choo, and David Ellis Newton. 2019. DRTHIS: Deep ransomware threat hunting and intelligence system at the fog layer. Future Generation Computer Systems 90 (2019), 94–104.

[66]

Toshiki Honda, Kohei Mukaiyama, Takeharu Shirai, Tetsushi Ohki, and Masakatsu Nishigaki. 2018. Ransomware detection considering user’s document editing. In 2018 IEEE 32nd International Conference on Advanced Information Networking and Applications (AINA’18). IEEE, 907–914.

[67]

Danny Yuxing Huang, Damon McCoy, Maxwell Matthaios Aliapoulios, Vector Guo Li, Luca Invernizzi, Elie Bursztein, Kylie McRoberts, Jonathan Levin, Kirill Levchenko, and Alex C. Snoeren. 2018. Tracking ransomware end-to-end. In Tracking Ransomware End-to-End. IEEE, 0.

[68]

Jian Huang, Jun Xu, Xinyu Xing, Peng Liu, and Moinuddin K. Qureshi. 2017. FlashGuard: Leveraging intrinsic flash properties to defend against encryption ransomware. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. 2231–2244.

[69]

Gavin Hull, Henna John, and Budi Arief. 2019. Ransomware deployment methods and analysis: Views from a predictive model and human responses. Crime Science 8, 1 (2019), 2.

[70]

Jaime Ibarra, Usman Javed Butt, Anh Do, Hamid Jahankhani, and Arshad Jamal. 2019. Ransomware impact to SCADA systems and its scope to critical infrastructure. In 2019 IEEE 12th International Conference on Global Security, Safety and Sustainability (ICGS3’19). IEEE, 1–12.

[71]

Yong Jin, Masahiko Tomoishi, Satoshi Matsuura, and Yoshiaki Kitaguchi. 2018. A secure container-based backup mechanism to survive destructive ransomware attacks. In 2018 International Conference on Computing, Networking and Communications (ICNC’18). IEEE, 1–6.

[72]

Sangmoon Jung and Yoojae Won. 2018. Ransomware detection method based on context-aware entropy analysis. Soft Computing 22, 20 (2018), 6731–6740.

Digital Library

[73]

Meet Kanwal and Sanjeev Thakur. 2017. An app based on static analysis for android ransomware. In 2017 International Conference on Computing, Communication and Automation (ICCCA’17). IEEE, 813–818.

[74]

Alireza Karimi and Mohammad Hosein Moattar. 2017. Android ransomware detection using reduced opcode sequence and image similarity. In 2017 7th International Conference on Computer and Knowledge Engineering (ICCKE’17). IEEE, 229–234.

[75]

Chee Keong Ng, Sutharshan Rajasegarar, Lei Pan, Frank Jiang, and Leo Yu Zhang. 2020. VoterChoice: A ransomware detection honeypot with multiple voting framework. Concurrency and Computation: Practice and Experience 32, 14 (2020), e5726.

[76]

Mohamed Amine Kerrich, Adnane Addaim, and Loubna Damej. 2019. Proposed solution for HID fileless ransomware using machine learning. In International Conference on Advanced Communication Systems and Information Security. Springer, 180–192.

[77]

Masoudeh Keshavarzi and Hamid Reza Ghaffary. 2020. I2CE3: A dedicated and separated attack chain for ransomware offenses as the most infamous cyber extortion. Computer Science Review 36 (2020), 100233.

[78]

Eleni Ketzaki, Petros Toupas, Konstantinos M. Giannoutakis, Anastasios Drosou, and Dimitrios Tzovaras. 2020. A behaviour based ransomware detection using neural network models. In 2020 10th International Conference on Advanced Computer Information Technologies (ACIT’20). IEEE, 747–750.

[79]

Firoz Khan, Cornelius Ncube, Lakshmana Kumar Ramasamy, Seifedine Kadry, and Yunyoung Nam. 2020. A digital DNA sequencing engine for ransomware detection using machine learning. IEEE Access 8 (2020), 119710–119719.

[80]

Amin Kharaz, Sajjad Arshad, Collin Mulliner, William Robertson, and Engin Kirda. 2016. UNVEIL: A large-scale, automated approach to detecting ransomware. In 25th USENIX Security Symposium (USENIX Security’16). 757–772.

[81]

Amin Kharraz and Engin Kirda. 2017. Redemption: Real-time protection against ransomware at end-hosts. In International Symposium on Research in Attacks, Intrusions, and Defenses. Springer, 98–119.

[82]

Amin Kharraz, William Robertson, Davide Balzarotti, Leyla Bilge, and Engin Kirda. 2015. Cutting the gordian knot: A look under the hood of ransomware attacks. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 3–24.

Digital Library

[83]

Dae-Youb Kim, Geun-Yeong Choi, and Ji-Hoon Lee. 2018. White list-based ransomware real-time detection and prevention for user device protection. In 2018 IEEE International Conference on Consumer Electronics (ICCE’18). IEEE, 1–5.

[84]

Dae-Youb Kim and Ji-hoon Lee. 2020. Blacklist vs. Whitelist-Based Ransomware Solutions. IEEE Consumer Electronics Magazine 9, 3 (2020), 22–28.

[85]

S. H. Kok, Azween Abdullah, N. Z. Jhanjhi, and Mahadevan Supramaniam. 2019. Prevention of crypto-ransomware using a pre-encryption detection algorithm. Computers 8, 4 (2019), 79.

[86]

S. H. Kok, A. Azween, and N. Z. Jhanjhi. 2020. Evaluation metric for crypto-ransomware detection using machine learning. Journal of Information Security and Applications 55 (2020), 102646.

[87]

Eugene Kolodenker, William Koch, Gianluca Stringhini, and Manuel Egele. 2017. PayBreak: Defense against cryptographic ransomware. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security. ACM, 599–611.

Digital Library

[88]

Simon Kramer and Julian C. Bradfield. 2010. A general definition of malware. Journal in Computer Virology 6, 2 (2010), 105–114.

[89]

Nir Kshetri and Jeffrey Voas. 2017. Do crypto-currencies fuel ransomware?IT professional 19, 5 (2017), 11–15.

[90]

Jeong Kyu Lee, Seo Yeon Moon, and Jong Hyuk Park. 2017. CloudRPS: A cloud analysis based enhanced ransomware prevention system. The Journal of Supercomputing 73, 7 (2017), 3065–3084.

Digital Library

[91]

Kyungroul Lee, Sun-Young Lee, and Kangbin Yim. 2019. Machine learning based file entropy analysis for ransomware detection in backup systems. IEEE Access 7 (2019), 110205–110215.

[92]

Kyungroul Lee, Kangbin Yim, and Jung Taek Seo. 2018. Ransomware prevention technique using key backup. Concurrency and Computation: Practice and Experience 30, 3 (2018), e4337.

[93]

Suhyeon Lee, Huy Kang Kim, and Kyounggon Kim. 2019. Ransomware protection using the moving target defense perspective. Computers & Electrical Engineering 78 (2019), 288–299.

[94]

Tianliang Lu, Yanhui Du, Jing Wu, and Yuxuan Bao. 2019. Ransomware Detection Based on an Improved Double-Layer Negative Selection Algorithm. In International Conference on Testbeds and Research Infrastructures. Springer, 46–61.

[95]

Tianliang Lu, Lu Zhang, Shunye Wang, and Qi Gong. 2017. Ransomware detection based on V-detector negative selection algorithm. In 2017 International Conference on Security, Pattern Analysis, and Cybernetics (SPAC’17). IEEE, 531–536.

[96]

Ewa Luger, Stuart Moran, and Tom Rodden. 2013. Consent for all: Revealing the hidden complexity of terms and conditions. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. 2687–2696.

Digital Library

[97]

Xin Luo and Qinyu Liao. 2007. Awareness education as the key to ransomware prevention. Information Systems Security 16, 4 (2007), 195–202.

Digital Library

[98]

Davide Maiorca, Francesco Mercaldo, Giorgio Giacinto, Corrado Aaron Visaggio, and Fabio Martinelli. 2017. R-PackDroid: API package-based characterization and detection of mobile ransomware. In Proceedings of the Symposium on Applied Computing. 1718–1723.

Digital Library

[99]

Sumith Maniath, Aravind Ashok, Prabaharan Poornachandran, V. G. Sujadevi, A. U. Prem Sankar, and Srinath Jan. 2017. Deep learning LSTM based ransomware detection. In 2017 Recent Developments in Control, Automation & Power Engineering (RDCAPE’17). IEEE, 442–446.

[100]

Steve Mansfield-Devine. 2017. Fileless attacks: Compromising targets without malware. Network Security 2017, 4 (2017), 7–11.

Digital Library

[101]

Michael J. May and Etamar Laron. 2019. Combating ransomware using content analysis and complex file events. In 2019 10th IFIP International Conference on New Technologies, Mobility and Security (NTMS’19). IEEE, 1–5.

[102]

Faustin Mbol, Jean-Marc Robert, and Alireza Sadighian. 2016. An efficient approach to detect torrentlocker ransomware in computer systems. In International Conference on Cryptology and Network Security. Springer, 532–541.

Digital Library

[103]

Timothy McIntosh, Julian Jang-Jaccard, Paul Watters, and Teo Susnjak. 2019. The inadequacy of entropy-based ransomware detection. In International Conference on Neural Information Processing. Springer, 181–189.

[104]

Timothy McIntosh, Julian Jang-Jaccard, Paul Watters, and Teo Susnjak. 2019. Masquerade attacks against security software exclusion lists. (2019), 5–12.

[105]

Timothy McIntosh, Paul Watters, A. S. M. Kayes, Alex Ng, and Yi-Ping Phoebe Chen. 2020. Enforcing situation-aware access control to build malware-resilient file systems. Future Generation Computer Systems 115 (2020), 568–582.

Digital Library

[106]

Timothy R. McIntosh, Julian Jang-Jaccard, and Paul A. Watters. 2018. Large scale behavioral analysis of ransomware attacks. In International Conference on Neural Information Processing. Springer, 217–229.

[107]

May Medhat, Samir Gaber, and Nashwa Abdelbaki. 2018. A new static-based framework for ransomware detection. In 2018 IEEE 16th International Conference on Dependable, Autonomic and Secure Computing, 16th International Conference on Pervasive Intelligence and Computing, 4th International Conference on Big Data Intelligence and Computing and Cyber Science and Technology Congress (DASC/PiCom/DataCom/CyberSciTech’18). IEEE, 710–715.

[108]

Shagufta Mehnaz, Anand Mudgerikar, and Elisa Bertino. 2018. RWGuard: A real-time detection system against cryptographic ransomware. In International Symposium on Research in Attacks, Intrusions, and Defenses. Springer, 114–136.

[109]

Per Håkon Meland, Yara Fareed Fahmy Bayoumy, and Guttorm Sindre. 2020. The Ransomware-as-a-Service economy within the darknet. Computers & Security (2020), 101762.

[110]

Francesco Mercaldo, Vittoria Nardone, Antonella Santone, and Corrado Aaron Visaggio. 2016. Ransomware steals your phone. formal methods rescue it. In International Conference on Formal Techniques for Distributed Objects, Components, and Systems. Springer, 212–221.

Digital Library

[111]

Donghyun Min, Donggyu Park, Jinwoo Ahn, Ryan Walker, Junghee Lee, Sungyong Park, and Youngjae Kim. 2018. Amoeba: An autonomous backup and recovery SSD for ransomware attack defense. IEEE Computer Architecture Letters 17, 2 (2018), 245–248.

Digital Library

[112]

Jaimin Modi, Issa Traore, Asem Ghaleb, Karim Ganame, and Sherif Ahmed. 2019. Detecting ransomware in encrypted web traffic. In International Symposium on Foundations and Practice of Security. Springer, 345–353.

[113]

Chris Moore. 2016. Detecting ransomware with honeypot techniques. In 2016 Cybersecurity and Cyberforensics Conference (CCC’16). IEEE, 77–81.

[114]

Daniel Morato, Eduardo Berrueta, Eduardo Magaña, and Mikel Izal. 2018. Ransomware early detection by the analysis of file sharing traffic. Journal of Network and Computer Applications 124 (2018), 14–32.

[115]

Andreas Moser, Christopher Kruegel, and Engin Kirda. 2007. Limits of static analysis for malware detection. In 23rd Annual Computer Security Applications Conference (ACSAC’07). IEEE, 421–430.

[116]

Ori Or-Meir, Nir Nissim, Yuval Elovici, and Lior Rokach. 2019. Dynamic malware analysis in the modern era—A state of the art survey. ACM Computing Surveys (CSUR) 52, 5 (2019), 1–48.

Digital Library

[117]

Joon-young Paik, Joong-Hyun Choi, Rize Jin, Jianming Wang, and Eun-Sun Cho. 2019. Buffer management for identifying crypto-ransomware attack in environment with no semantic information. In 2019 IEEE International Conference on Parallel & Distributed Processing with Applications, Big Data & Cloud Computing, Sustainable Computing & Communications, Social Computing & Networking (ISPA/BDCloud/SocialCom/SustainCom’19). IEEE, 443–450.

[118]

Aurélien Palisse, Antoine Durand, Hélène Le Bouder, Colas Le Guernic, and Jean-Louis Lanet. 2017. Data aware defense (DaD): Towards a generic and practical ransomware countermeasure. In Nordic Conference on Secure IT Systems. Springer, 192–208.

[119]

Aurélien Palisse, Hélène Le Bouder, Jean-Louis Lanet, Colas Le Guernic, and Axel Legay. 2016. Ransomware and the legacy crypto API. In International Conference on Risks and Security of Internet and Systems. Springer, 11–28.

[120]

Jamie Pont, Budi Arief, and Julio Hernandez-Castro. 2020. Why current statistical approaches to ransomware detection fail. In International Conference on Information Security. Springer, 199–216.

[121]

Jamie Pont, Osama Abu Oun, Calvin Brierley, Budi Arief, and Julio Hernandez-Castro. 2019. A roadmap for improving the impact of anti-ransomware research. In Nordic Conference on Secure IT Systems. Springer, 137–154.

[122]

Mila Dalla Preda, Mihai Christodorescu, Somesh Jha, and Saumya Debray. 2007. A semantics-based approach to malware detection. ACM SIGPLAN Notices 42, 1 (2007), 377–388.

Digital Library

[123]

James H. Price and Judy Murnan. 2004. Research limitations and the necessity of reporting them. American Journal of Health Education 35, 2 (2004), 66.

[124]

Florian Quinkert, Thorsten Holz, K. S. M. Hossain, Emilio Ferrara, and Kristina Lerman. 2018. RAPTOR: Ransomware attack PredicTOR. arXiv:1803.01598.

[125]

Gowtham Ramesh and Anjali Menen. 2020. Automated dynamic approach for detecting ransomware using finite-state machine. Decision Support Systems 138 (2020), 113400.

[126]

Rahul Rastogi, Gaurav Agarwal, and R. K. Shukla. Interactive security of ransomware with heuristic random bit generator. In ICCCE 2020. Springer, 965–973.

[127]

Bheemidi Vikram Reddy, Gutha Jaya Krishna, Vadlamani Ravi, and Dipankar Dasgupta. 2020. Machine learning and feature selection based ransomware detection using hexacodes. In Evolution in Computational Intelligence. Springer, 583–597.

[128]

Talia Ringer, Dan Grossman, and Franziska Roesner. 2016. Audacious: User-driven access control with unmodified operating systems. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. 204–216.

Digital Library

[129]

Krishna Chandra Roy and Qian Chen. 2020. DeepRan: Attention-based BiLSTM and CRF for ransomware early detection and classifcation. Information Systems Frontiers (2020), 1–17.

[130]

Nolen Scaife, Henry Carter, Patrick Traynor, and Kevin R. B. Butler. 2016. Cryptolock (and drop it): Stopping ransomware attacks on user data. In 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS’16). IEEE, 303–312.

[131]

Michele Scalas, Davide Maiorca, Francesco Mercaldo, Corrado Aaron Visaggio, Fabio Martinelli, and Giorgio Giacinto. 2019. On the effectiveness of system API-related information for Android ransomware detection. Computers & Security 86 (2019), 168–182.

Digital Library

[132]

Daniele Sgandurra, Luis Muñoz-González, Rabih Mohsen, and Emil C. Lupu. 2016. Automated dynamic analysis of ransomware: Benefits, limitations and use for detection. arXiv:1609.03020.

[133]

Shaila Sharmeen, Yahye Abukar Ahmed, Shamsul Huda, Bari Ş. Koçer, and Mohammad Mehedi Hassan. 2020. Avoiding future digital extortion through robust protection against ransomware threats using deep learning based adaptive approaches. IEEE Access 8 (2020), 24522–24534.

[134]

Saiyed Kashif Shaukat and Vinay J. Ribeiro. 2018. RansomWall: A layered defense system against cryptographic ransomware attacks using machine learning. In 2018 10th International Conference on Communication Systems & Networks (COMSNETS’18). IEEE, 356–363.

[135]

Jeffrey Shirley and David Evans. 2008. The user is not the enemy: Fighting malware by tracking user intentions. In Proceedings of the 2008 New Security Paradigms Workshop. 33–45.

Digital Library

[136]

Ali Shuja Siddiqui, Chia-Che Lee, and Fareena Saqib. 2017. Hardware based protection against malwares by PUF based access control mechanism. In 2017 IEEE 60th International Midwest Symposium on Circuits and Systems (MWSCAS’17). IEEE, 1312–1315.

[137]

Sanggeun Song, Bongjoon Kim, and Sangjun Lee. 2016. The effective ransomware prevention technique using process monitoring on android platform. Mobile Information Systems 2016 (2016).

[138]

Dan Su, Jiqiang Liu, Xiaoyang Wang, and Wei Wang. 2018. Detecting android locker-ransomware on Chinese social networks. IEEE Access 7 (2018), 20381–20393.

[139]

Kul Prasad Subedi, Daya Ram Budhathoki, Bo Chen, and Dipankar Dasgupta. 2017. RDS3: Ransomware defense strategy by using stealthily spare space. In 2017 IEEE Symposium Series on Computational Intelligence (SSCI’17). IEEE, 1–8.

[140]

Kul Prasad Subedi, Daya Ram Budhathoki, and Dipankar Dasgupta. 2018. Forensic analysis of ransomware families using static and dynamic analysis. In 2018 IEEE Security and Privacy Workshops (SPW’18). IEEE, 180–185.

[141]

Yuki Takeuchi, Kazuya Sakai, and Satoshi Fukumoto. 2018. Detecting ransomware using support vector machines. In Proceedings of the 47th International Conference on Parallel Processing Companion. 1–6.

Digital Library

[142]

Fei Tang, Boyang Ma, Jinku Li, Fengwei Zhang, Jipeng Su, and Jianfeng Ma. 2020. RansomSpector: An introspection-based approach to detect crypto ransomware. Computers & Security (2020), 101997.

[143]

Jason Thomas. 2018. Individual cyber security: Empowering employees to resist spear phishing to prevent identity theft and ransomware attacks. International Journal of Business Management 12, 3 (2018), 1–23.

[144]

Aragorn Tseng, Y. Chen, Y. Kao, and T. Lin. 2016. Deep learning for ransomware detection. IEICE Technical Report 116, 282 (2016), 87–92.

[145]

Hasan Turaev, Pavol Zavarsky, and Bobby Swar. 2018. Prevention of ransomware execution in enterprise environment on windows OS: Assessment of application whitelisting solutions. In 2018 1st International Conference on Data Intelligence and Security (ICDIS’18). IEEE, 110–118.

[146]

Mayank Verma, Ponnurangam Kumarguru, Shuva Brata Deb, and Anuradha Gupta. 2018. Analysing indicator of compromises for ransomware: Leveraging IOCs with machine learning techniques. In 2018 IEEE International Conference on Intelligence and Security Informatics (ISI’18). IEEE, 154–159.

[147]

Peiying Wang, Shijie Jia, Bo Chen, Luning Xia, and Peng Liu. 2019. MimosaFTL: Adding secure and practical ransomware defense strategy to flash translation layer. In Proceedings of the 9th ACM Conference on Data and Application Security and Privacy. 327–338.

Digital Library

[148]

ZiHan Wang, ChaoGe Liu, Jing Qiu, ZhiHong Tian, Xiang Cui, and Shen Su. 2018. Automatically traceback RDP-based targeted ransomware attacks. Wireless Communications and Mobile Computing 2018 (2018).

[149]

Azka Wani and S. Revathi. 2020. Ransomware protection in loT using software defined networking.International Journal of Electrical & Computer Engineering (2088-8708) 10 (2020).

[150]

Mattias Weckstén, Jan Frick, Andreas Sjöström, and Eric Järpe. 2016. A novel method for recovery from Crypto Ransomware infections. In 2016 2nd IEEE International Conference on Computer and Communications (ICCC’16). IEEE, 1354–1358.

[151]

Tianda Yang, Yu Yang, Kai Qian, Dan Chia-Tien Lo, Ying Qian, and Lixin Tao. 2015. Automated detection and analysis for android ransomware. In 2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium on Cyberspace Safety and Security, and 2015 IEEE 12th International Conference on Embedded Software and Systems. IEEE, 1338–1343.

[152]

Adam Young and Moti Yung. 1996. Cryptovirology: Extortion-based security threats and countermeasures. In Proceedings 1996 IEEE Symposium on Security and Privacy. IEEE, 129–140.

[153]

Bin Zhang, Wentao Xiao, Xi Xiao, Arun Kumar Sangaiah, Weizhe Zhang, and Jiajia Zhang. 2020. Ransomware classification using patch-based CNN and self-attention network on embedded N-grams of opcodes. Future Generation Computer Systems 110 (2020), 708–720.

[154]

Bin Zhang, Wentao Xiao, Xi Xiao, Arun Kumar Sangaiah, Weizhe Zhang, and Jiajia Zhang. 2020. Ransomware classification using patch-based CNN and self-attention network on embedded N-grams of opcodes. Future Generation Computer Systems 110 (2020), 708–720.

[155]

Hanqi Zhang, Xi Xiao, Francesco Mercaldo, Shiguang Ni, Fabio Martinelli, and Arun Kumar Sangaiah. 2019. Classification of ransomware families with machine learning based on N-gram of opcodes. Future Generation Computer Systems 90 (2019), 211–221.

[156]

Aaron Zimba, Zhaoshun Wang, and Hongsong Chen. 2018. Multi-stage crypto ransomware attacks: A new emerging cyber threat to critical infrastructure and industrial control systems. ICT Express 4, 1 (2018), 14–18.

[157]

Hiba Zuhair and Ali Selamat. 2019. RANDS: A machine learning-based anti-ransomware tool for windows platforms. Frontiers in Artificial Intelligence and Applications 318 (2019).

[158]

Hiba Zuhair, Ali Selamat, and Ondrej Krejcar. 2020. A multi-tier streaming analytics model of 0-day ransomware detection using machine learning. Applied Sciences 10, 9 (2020), 3210.

Cited By

Jahromi MYaghoubi EYaghoubi EMaghami MChamorro H(2025)An Innovative Real-Time Recursive Framework for Techno-Economical Self-Healing in Large Power Microgrids Against Cyber–Physical Attacks Using Large Change Sensitivity AnalysisEnergies10.3390/en1801019018:1(190)Online publication date: 4-Jan-2025
https://doi.org/10.3390/en18010190
Nowrozy RAhmed KWang H(2025)GPT, ontology, and CAABAC: A tripartite personalized access control model anchored by compliance, context and attributePLOS ONE10.1371/journal.pone.031055320:1(e0310553)Online publication date: 6-Jan-2025
https://doi.org/10.1371/journal.pone.0310553
Peng SXiong LTang X(2025)A privacy protection medical record retrieval scheme for WBANTenth Symposium on Novel Optoelectronic Detection Technology and Applications10.1117/12.3057050(194)Online publication date: 17-Feb-2025
https://doi.org/10.1117/12.3057050
Show More Cited By

Index Terms

Ransomware Mitigation in the Modern Era: A Comprehensive Review, Research Challenges, and Future Directions
1. Security and privacy
  1. Systems security
    1. Operating systems security

Recommendations

Ransomware Reloaded: Re-examining Its Trend, Research and Mitigation in the Era of Data Exfiltration
Ransomware has grown to be a dominant cybersecurity threat by exfiltrating, encrypting, or destroying valuable user data and causing numerous disruptions to victims. The severity of the ransomware endemic has generated research interest from both the ...
Ransomware's Early Mitigation Mechanisms
ARES '18: Proceedings of the 13th International Conference on Availability, Reliability and Security

Ransomware remains a modern trend. Attackers are still using cryptovirology forcing victims to pay. Notable attacks have been spreading since 2012, starting with Reveton's ransomware attack to the more recent 2017 WannaCry, Petya and Bad Rabbit ...
The Rise of Ransomware
ICSEB '17: Proceedings of the 2017 International Conference on Software and e-Business

Ransomware continues to be one of the most crucial cyber threats and is actively threatening IT users around the world. In recent years, it has become a phenomenon and traumatic threat to individuals, governments and organizations. Ransomwares not only ...

Comments

Information & Contributors

Information

Published In

cover image ACM Computing Surveys

ACM Computing Surveys Volume 54, Issue 9

December 2022

800 pages

ISSN:0360-0300

EISSN:1557-7341

DOI:10.1145/3485140

Editor:
Albert Zomaya
University of Sydney, Australia

Issue’s Table of Contents

Copyright © 2021 Association for Computing Machinery.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 October 2021

Accepted: 26 July 2021

Revised: 16 June 2021

Received: 24 February 2021

Published in CSUR Volume 54, Issue 9

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Survey
Refereed

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

55
Total Citations
View Citations
3,188
Total Downloads

Downloads (Last 12 months)775
Downloads (Last 6 weeks)60

Reflects downloads up to 01 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Jahromi MYaghoubi EYaghoubi EMaghami MChamorro H(2025)An Innovative Real-Time Recursive Framework for Techno-Economical Self-Healing in Large Power Microgrids Against Cyber–Physical Attacks Using Large Change Sensitivity AnalysisEnergies10.3390/en1801019018:1(190)Online publication date: 4-Jan-2025
https://doi.org/10.3390/en18010190
Nowrozy RAhmed KWang H(2025)GPT, ontology, and CAABAC: A tripartite personalized access control model anchored by compliance, context and attributePLOS ONE10.1371/journal.pone.031055320:1(e0310553)Online publication date: 6-Jan-2025
https://doi.org/10.1371/journal.pone.0310553
Peng SXiong LTang X(2025)A privacy protection medical record retrieval scheme for WBANTenth Symposium on Novel Optoelectronic Detection Technology and Applications10.1117/12.3057050(194)Online publication date: 17-Feb-2025
https://doi.org/10.1117/12.3057050
Kayes ARahayu WDillon TSalehi Shahraki AAlavizadeh H(2025)Safeguarding Individuals and Organizations From Privacy Breaches: A Comprehensive Review of Problem Domains, Solution Strategies, and Prospective Research DirectionsIEEE Internet of Things Journal10.1109/JIOT.2024.348131612:2(1247-1265)Online publication date: 15-Jan-2025
https://doi.org/10.1109/JIOT.2024.3481316
Cen MJiang FDoss R(2025)RansoGuard: A RNN-based framework leveraging pre-attack sensitive APIs for early ransomware detectionComputers & Security10.1016/j.cose.2024.104293150(104293)Online publication date: Mar-2025
https://doi.org/10.1016/j.cose.2024.104293
Hirano MKobayashi R(2025)RanSMAPComputers and Security10.1016/j.cose.2024.104202150:COnline publication date: 1-Mar-2025
https://dl.acm.org/doi/10.1016/j.cose.2024.104202
Peng SXiong LTang X(2025)EPPMRRS: An Efficient and Privacy-Preserving Medical Record Retrieval Scheme in WBANComputers and Electrical Engineering10.1016/j.compeleceng.2024.109997123(109997)Online publication date: Apr-2025
https://doi.org/10.1016/j.compeleceng.2024.109997
Khanna AKhanna A(2025)Case Studies in EnergySecuring an Enterprise10.1007/979-8-8688-1029-9_20(403-427)Online publication date: 1-Jan-2025
https://doi.org/10.1007/979-8-8688-1029-9_20
Khanna AKhanna A(2025)Case Studies in the E-commerce IndustrySecuring an Enterprise10.1007/979-8-8688-1029-9_15(307-327)Online publication date: 1-Jan-2025
https://doi.org/10.1007/979-8-8688-1029-9_15
Startzel CBrown DOwens Walker THill J(2025)Identifying Ransomware Functions Through Microarchitectural Side-Channel AnalysisScience of Cyber Security10.1007/978-981-96-2417-1_2(19-36)Online publication date: 4-Mar-2025
https://doi.org/10.1007/978-981-96-2417-1_2
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Figures

Tables

Media

View Issue’s Table of Contents