survey

A Survey on Ransomware: Evolution, Taxonomy, and Defense Solutions

Authors:
Harun Oz

Cyber-Physical Systems Security Lab, Department of Electrical & Computer Engineering, Florida International University, Miami, Florida, USA

Cyber-Physical Systems Security Lab, Department of Electrical & Computer Engineering, Florida International University, Miami, Florida, USA

0000-0002-2650-2055
View Profile

,
Ahmet Aris

Cyber-Physical Systems Security Lab, Department of Electrical & Computer Engineering, Florida International University, Miami, Florida, USA

Cyber-Physical Systems Security Lab, Department of Electrical & Computer Engineering, Florida International University, Miami, Florida, USA

0000-0003-4114-5321
View Profile

,
Albert Levi

Faculty of Engineering and Natural Sciences, Sabanci University, Orhanli Tuzla, Istanbul, Turkey

Faculty of Engineering and Natural Sciences, Sabanci University, Orhanli Tuzla, Istanbul, Turkey
View Profile

,
A. Selcuk Uluagac

Cyber-Physical Systems Security Lab, Department of Electrical & ComputerEngineering, Florida International University, Miami, Florida, USA

Cyber-Physical Systems Security Lab, Department of Electrical & ComputerEngineering, Florida International University, Miami, Florida, USA
View Profile

Authors Info & Claims

ACM Computing Surveys Volume 54 Issue 11sArticle No.: 238pp 1–37https://doi.org/10.1145/3514229

Published:09 September 2022Publication History

Get Citation Alerts

New Citation Alert added!

This alert has been successfully added and will be sent to:

You will be notified whenever a record that you have chosen has been cited.

To manage your alert preferences, click on the button below.
Manage my Alerts

New Citation Alert!

Please log in to your account
Publisher Site

Get Access

ACM Computing Surveys

Abstract

In recent years, ransomware has been one of the most notorious malware targeting end-users, governments, and business organizations. It has become a very profitable business for cybercriminals with revenues of millions of dollars, and a very serious threat to organizations with financial losses of billions of dollars. Numerous studies were proposed to address the ransomware threat, including surveys that cover certain aspects of ransomware research. However, no study exists in the literature that gives the complete picture on ransomware and ransomware defense research with respect to the diversity of targeted platforms. Since ransomware is already prevalent in PCs/workstations/desktops/laptops, and is becoming more prevalent in mobile devices, and has already hit IoT/CPS recently, and will likely grow further in the IoT/CPS domain very soon, understanding ransomware and analyzing defense mechanisms with respect to target platforms is becoming more imperative. In order to fill this gap and motivate further research, in this paper, we present a comprehensive survey on ransomware and ransomware defense research with respect to PCs/workstations, mobile devices, and IoT/CPS platforms. Specifically, covering 137 studies over the period of 1990-2020, we give a detailed overview of ransomware evolution, comprehensively analyze the key building blocks of ransomware, present a taxonomy of notable ransomware families, and provide an extensive overview of ransomware defense research (i.e., analysis, detection, and recovery) with respect to platforms of PCs/workstations, mobile devices, and IoT/CPS. Moreover, we derive an extensive list of open issues for future ransomware research. We believe this survey will motivate further research by giving a complete picture on state-of-the-art ransomware research.

Supplemental Material

Available for Download

zip

oz.zip (190.7 KB)

Supplemental movie, appendix, image and software files for, A Survey on Ransomware: Evolution, Taxonomy, and Defense Solutions

REFERENCES

[1] Abbasi M., Al-Sahaf H., and Welch I.. 2020. Particle swarm optimization: A wrapper-based feature selection method for ransomware detection and classification. In Applications of Evolutionary Computation. Springer Int.Google ScholarDigital Library
[2] Abraham J. A. and George S. M.. 2019. A survey on preventing crypto ransomware using machine learning. In 2019 2nd International Conference on Intelligent Computing, Instrumentation and Control Technologies (ICICICT), Vol. 1.Google ScholarCross Ref
[3] Abrams Lawrance. 2020. Netwalker Ransomware Hits Argentinian Government, Demands $4 Million. https://www.bleepingcomputer.com/news/security/netwalker-ransomware-hits-argentinian-government-demands- 4-million/. [Online; accessed 13-October-2020].Google Scholar
[4] Abrams L.. 2020. SunCrypt Ransomware Shuts Down North Carolina School District. https://www.bleepingcomputer.com/news/security/suncrypt-ransomware-shuts-down-north-carolina-school-district/. [Online; accessed 13-October-2020].Google Scholar
[5] Abukar Y., Koçer B., and Al-rimy B.. 2020. Automated analysis approach for the detection of high survivable ransomware. KSII Transactions on Internet and Information Systems 14 (2020).Google Scholar
[6] Acronis. 2020. Digital CoronaVirus: Yet Another Ransomware Combined with Infostealer. https://www.cbronline.com/news/tesla-cyber-attack. [Online; accessed 13-October-2020].Google Scholar
[7] Agrawal R., Stokes J. W., Selvaraj K., and Marinescu M.. 2019. Attention in recurrent neural networks for ransomware detection. In ICASSP 2019-2019 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).Google ScholarCross Ref
[8] Ahmed Y., Koçer B., Huda S., Al-rimy B. A. S., and Hassan M.. 2020. A system call refinement-based enhanced minimum redundancy maximum relevance method for ransomware early detection. Journal of Network and Computer Applications (2020).Google ScholarCross Ref
[9] Ahn J., Park D., Lee C., Min D., Lee J., Park S., Chen Q., and Youngjae K.. 2019. KEY-SSD: Access-control drive to protect files from ransomware attacks. CoRR abs/1904.05012 ( 04 2019). http://arxiv.org/abs/1904.05012.Google Scholar
[10] Akbanov M., Vassilakis G., and Logothetis M.. 2019. Ransomware detection and mitigation using software-defined networking: The case of WannaCry. Computers & Electrical Engineering 76 (2019).Google ScholarDigital Library
[11] Akbanov Maxat and Vassilakis Vassilios. 2019. WannaCry ransomware: Analysis of infection, persistence, recovery prevention and propagation mechanisms. Journal of Telecommunications and Information Technology 1 ( 04 2019).Google ScholarCross Ref
[12] Akbanov Maxat, Vassilakis Vassilios, and Moscholios Ioannis. 2018. Static and dynamic analysis of WannaCry ransomware.Google Scholar
[13] Al-Hawawreh Muna and Sitnikova Elena. 2019. Industrial Internet of Things based ransomware detection using stacked variational neural network. In Proceedings of the 3rd Int. Conf. on Big Data and Internet of Things. ACM.Google ScholarDigital Library
[14] Al-Hawawreh M. and Sitnikova E.. 2019. Leveraging deep learning models for ransomware detection in the industrial Internet of Things environment. In 2019 Military Communications and Information Systems Conference.Google ScholarCross Ref
[15] Al-rimy B., Maarof M., Prasetyo Y., Mohd Z. Syed, S., and Ariffin A.. 2018. Zero-day aware decision fusion-based model for crypto-ransomware early detection. International Journal of Integrated Engineering 10 ( 11 2018).Google ScholarCross Ref
[16] Al-rimy B., Maarof M., and Shaid S.. 2018. Ransomware threat success factors, taxonomy, and countermeasures: A survey and research directions. Computers & Security 74 ( 01 2018).Google ScholarDigital Library
[17] Al-rimy B. A. S., Maarof M. A., and Shaid S. Z. M. 2019. Crypto-ransomware early detection model using novel incremental bagging with enhanced semi-random subspace selection. Future Generation Computer Systems 101 (2019).Google ScholarDigital Library
[18] Alhawi O. M. K., Baldwin J., and Dehghantanha A.. 2018. Leveraging machine learning techniques for windows ransomware network traffic detection. In Cyber Threat Intelligence. Springer International Publishing.Google Scholar
[19] Alrawashdeh K. and Purdy C.. 2018. Ransomware detection using limited precision deep learning structure in FPGA. In NAECON 2018 - IEEE National Aerospace and Electronics Conference.Google ScholarCross Ref
[20] Alsoghyer S. and Almomani I.. 2019. Ransomware detection system for Android applications. Electronics 8 ( 08 2019).Google ScholarCross Ref
[21] Alsoghyer S. and Almomani I.. 2020. On the effectiveness of application permissions for Android ransomware detection. In 2020 6th Conference on Data Science and Machine Learning Applications (CDMA).Google ScholarCross Ref
[22] Alzahrani A., Alshahrani H., Alshehri A., and Fu H.. 2019. An intelligent behavior-based ransomware detection system for Android platform. In First IEEE Int. Conf. on Trust, Privacy and Security in Intel. Systems and Apps.Google Scholar
[23] Alzahrani A., Alshehri A., Alharthi R., Alshahrani H., and Fu H.. 2017. An overview of ransomware in the windows platform. In 2017 International Conference on Computational Science and Computational Intelligence (CSCI).Google ScholarCross Ref
[24] Alzahrani A., Alshehri A., Alshahrani H., Alharthi R., Fu H., Liu A., and Zhu Y.. 2018. RanDroid: Structural similarity approach for detecting ransomware applications in Android platform. In IEEE Int. Conf. on Electro/Info. Technology.Google Scholar
[25] Alzahrani A., Alshehri A., Alshahrani H., and Fu H.. 2020. Ransomware in Windows and Android Platforms. arxiv:2005.05571 [cs.CY]Google Scholar
[26] Alzahrani N. and Alghazzawi D.. 2019. A review on Android ransomware detection using deep learning techniques. In Proceedings of the 11th International Conference on Management of Digital EcoSystems. ACM.Google ScholarDigital Library
[27] Andronio N., Zanero S., and Maggi F.. 2015. HelDroid: Dissecting and detecting Mobile ransomware. In Research in Attacks, Intrusions, and Defenses. Springer International Publishing.Google Scholar
[28] Argaez Enrique de. 2006. One Billion Internet Users as of December 2005. https://www.internetworldstats.com/pr/edi014.html.Google Scholar
[29] Ashraf A., Aziz A., Zahoora Umme, and Khan Asifullah. 2019. Ransomware analysis using feature engineering and deep neural networks. CoRR abs/1910.00286 (2019). arxiv:1910.00286 http://arxiv.org/abs/1910.00286.Google Scholar
[30] Atapour-Abarghouei A., Bonner S., and McGough A. S.. 2019. Volenti non fit injuria: Ransomware and its victims. In 2019 IEEE International Conference on Big Data (Big Data). 4701–4707.Google ScholarCross Ref
[31] Aurangzeb S., Aleem M., and Islam M. A. Iqbal, and M. A.. 2017. Ransomware: A survey and trends. Journal of Information Assurance and Security 12 ( 06 2017).Google Scholar
[32] Azmoodeh A., Dehghantanha A., Conti M., and Choo K. Raymond. 2017. Detecting crypto-ransomware in IoT networks based on energy consumption footprint. Journal of Ambient Intelligence and Humanized Computing (2017).Google Scholar
[33] Bacani Alvin. 2014. REVETON Ransomware Spreads with Old Tactics, New Infection Method - TrendLabs Security Intelligence Blog. https://blog.trendmicro.com/trendlabs-security-intelligence/reveton-ransomware-spreads-with-old-tactics-new-infection-method/.Google Scholar
[34] Bae S., Lee G., and Im E.. 2020. Ransomware detection using machine learning algorithms. Concurrency and Computation: Practice and Experience 32, 18 (2020).Google ScholarCross Ref
[35] Baek S., Jung Y., Mohaisen A., Lee S., and Nyang D.. 2018. SSD-Insider: Internal defense of solid-state drive against ransomware with perfect data recovery. In 2018 IEEE 38th International Conference on Distributed Computing Systems.Google ScholarCross Ref
[36] Bajpai P., Sood A. K., and Enbody R.. 2018. A key-management-based taxonomy for ransomware. In 2018 APWG Symposium on Electronic Crime Research (eCrime).Google Scholar
[37] Baldwin J. and Dehghantanha A.. 2018. Leveraging support vector machine for opcode density based detection of crypto-ransomware. In Cyber Threat Intelligence. Springer International Publishing, 107–136.Google Scholar
[38] Bates J.. 1990. High level-programs and the AIDS Trojan. Virus Bulletin (1990).Google Scholar
[39] Bates Jim. 1990. Trojan horse: AIDS information introductory diskette version 2.0. Virus Bulletin (1990).Google Scholar
[40] BBC. [n.d.]. Cyber-attack: Europol Says It was Unprecedented in Scale. https://www.bbc.com/news/world-europe-39907965. [Online; accessed 13-October-2020].Google Scholar
[41] Berrueta E., Morato D., Magaña E., and Izal M.. 2019. A survey on detection techniques for cryptographic ransomware. IEEE Access 7 (2019).Google ScholarCross Ref
[42] Bijitha C., Sukumaran R., and Nath H.. 2020. A survey on ransomware detection techniques. In Secure Knowledge Management In Artificial Intelligence Era. Springer Singapore, Singapore.Google ScholarCross Ref
[43] Bisson David. 2015. Website Files Encrypted by Linux.Encoder.1 ransomware? There is Now a Free Fix •Graham Cluley. https://grahamcluley.com/website-files-encrypted-linux-encoder-1-ransomware-free-fix/.Google Scholar
[44] Cabaj K., Gregorczyk M., and Mazurczyk W.. 2016. Software-defined networking-based crypto ransomware detection using HTTP traffic characteristics. CoRR abs/1611.08294 (2016). arxiv:1611.08294 .Google Scholar
[45] Cannell Joshua. 2013. Cryptolocker Ransomware: What You Need to Know. https://blog.malwarebytes.com/101/2013/10/cryptolocker-ransomware-what-you-need-to-know/.Google Scholar
[46] Chandra J., Kumar R., and Vidyapeetham A.. 2017. On the efficacy of Android ransomware detection techniques: A survey. International Journal of Pure and Applied Mathematics 115 (2017).Google Scholar
[47] Chen J., Wang C., Zhao Z., Chen K., Du R., and Ahn G.. 2018. Uncovering the face of Android ransomware: Characterization and real-time detection. IEEE Transactions on Information Forensics and Security 13, 5 (2018).Google ScholarCross Ref
[48] Chen Q., Islam S., Haswell H., and Bridges R.. 2019. Automated ransomware behavior analysis: Pattern extraction and early detection. In Science of Cyber Security. Springer International Publishing.Google Scholar
[49] Chen Z., Kang H., Yin S., and Kim S.. 2017. Automatic ransomware detection and analysis based on dynamic API calls flow graph. In Proceedings of the Int. Conference on Research in Adaptive and Convergent Systems. ACM.Google ScholarDigital Library
[50] Cimitile A., Mercaldo F., Nardone V., Santone A., and Visaggio C.. 2017. Talos: No more ransomware victims with formal methods. International Journal of Information Security 17 (2017).Google Scholar
[51] Cimpanu C.. 2020. Chilean Bank Shuts Down All Branches Following Ransomware Attack. https://www.zdnet.com/article/chilean-bank-shuts-down-all-branches-following-ransomware-attack/. [Online; accessed 13-October-2020].Google Scholar
[52] Cimpanu C.. 2020. Cloud Provider Stopped Ransomware Attack But Had to Pay Ransom Demand Anyway. https://www.zdnet.com/article/cloud-provider-stopped-ransomware-attack-but-had-to-pay-ransom-demand-anyway/. [Online; accessed 13-October-2020].Google Scholar
[53] Cohen A. and Nissim N.. 2018. Trusted detection of ransomware in a private cloud using machine learning methods leveraging meta-features from volatile memory. Expert Systems with Applications 102 (2018).Google ScholarDigital Library
[54] Collier K.. 2020. Major Hospital System Hit with Cyberattack. https://www.nbcnews.com/tech/security/cyberattack-hits-major-u-s-hospital-system-n1241254. [Online; accessed 13-October-2020].Google Scholar
[55] Continella A., Guagnelli A., Zingaro G., Pasquale G., Barenghi A., Zanero S., and Maggi F.. 2016. ShieldFS: A self-healing, ransomware-aware filesystem. In Proceedings of the 32nd Annual Conference on Computer Security Applications (ACSAC’16). ACM, 336–347.Google ScholarDigital Library
[56] Cusack G., Michel O., and Keller E.. 2018. Machine learning-based detection of ransomware using SDN( SDN-NFV Sec’18 ). ACM.Google Scholar
[57] Cuzzocrea A., Martinelli F., and Mercaldo F.. 2018. A novel structural-entropy-based classification technique for supporting Android ransomware detection and analysis. In 2018 IEEE International Conference on Fuzzy Systems.Google ScholarDigital Library
[58] Dargahi T., Dehghantanha A., Bahrami P. N., Conti M., Bianchi G., and Benedetto L.. 2019. A cyber-kill-chain based taxonomy of crypto-ransomware features. Journal of Computer Virology and Hacking Techniques 15, 4 (2019).Google ScholarCross Ref
[59] Yalew S. Demesie, Maguire G. Q., Haridi S., and Correia M.. 2017. Hail to the thief: Protecting data from mobile ransomware with ransomsafedroid. In 2017 IEEE 16th International Symposium on Network Computing and Applications.Google Scholar
[60] Desai U.. 2019. A survey on Android ransomware and its detection methods. International Research Journal of Engineering and Technology.Google Scholar
[61] Dickson B.. 2016. What Makes IoT Ransomware a Different and More Dangerous Threat? https://techcrunch.com/2016/10/02/what-makes-iot-ransomware-a-different-and-more-dangerous-threat/.Google Scholar
[62] Egunjobi S., Parkinson S., and Crampton A.. 2019. Classifying ransomware using machine learning algorithms. In Intelligent Data Engineering and Automated Learning – IDEAL 2019. Springer.Google Scholar
[63] F-Secure. [n.d.]. Trojan:W32/Ransom Description F-Secure Labs. https://www.f-secure.com/v-descs/trojan_w32_ransom.shtml. [Online; accessed 7-February-2022].Google Scholar
[64] Falcone R.. 2020. Thanos Ransomware: Destructive Variant Targeting State-Run Organizations in the Middle East and North Africa. https://unit42.paloaltonetworks.com/thanos-ransomware.Google Scholar
[65] Faris H., Almomani I., Eshtay M., Aljarah I., and Habib M.. 2020. Optimizing extreme learning machines using chains of salps for efficient Android ransomware detection. Applied Sciences 10 ( 05 2020).Google ScholarCross Ref
[66] Fernández-Maimó L., Huertas A., Gomez A. Luis, Clemente Félix J. G., Weimer J., and Lee I.. 2019. Intelligent and dynamic ransomware spread detection and mitigation in integrated clinical environments. Sensors 19 ( 03 2019).Google ScholarCross Ref
[67] Ferrante A., Malek M., Martinelli F., Mercaldo F., and Milosevic J.. 2018. Extinguishing ransomware - a hybrid approach to Android ransomware detection. In Foundations and Practice of Security. Springer International Publishing.Google ScholarCross Ref
[68] Fisher Dennis. 2010. New Seftad Ransomware Attacks Master Boot Record. https://threatpost.com/new-seftad-ransomware-attacks-master-boot-record-113010/74714/. [Online; accessed 13-October-2020].Google Scholar
[69] Fraga B.. 2013. Swansea Police Pay $750 “ransom” After Computer Virus Strikes. https://www.heraldnews.com/x2132756948/Swansea-police-pay-750-ransom-after-computer-virus-strikes. [Online; accessed 13-October-2020].Google Scholar
[70] Franco Javier, Aris Ahmet, Canberk Berk, and Uluagac A. Selcuk. 2021. A survey of honeypots and honeynets for Internet of Things, industrial Internet of Things, and cyber-physical systems. IEEE Communications Surveys Tutorials 23, 4 (2021), 2351–2383.Google ScholarCross Ref
[71] Freed B.. 2020. Ransomware Attacks Appeared to Decline as Pandemic Arrived. https://statescoop.com/ransomware-attacks-declined-coronavirus-pandemic/.Google Scholar
[72] Freedman L.. 2020. Ransomware Attacks Predicted to Occur Every 11 Seconds in 2021 with a Cost of $20 Billion. https://www.dataprivacyandsecurityinsider.com/2020/02/ransomware-attacks-predicted-to-occur-every-11-seconds-in-2021-with-a-cost-of-20-billion/. [Online; accessed 13-October-2020].Google Scholar
[73] Garg D., Thakral A., Nalwa T., and Choudhury T.. 2018. A past examination and future expectation: Ransomware. 2018 International Conference on Advances in Computing and Communication Engineering (2018).Google Scholar
[74] Genç Z., Lenzini G., and Sgandurra D.. 2019. On deception-based protection against cryptographic ransomware. In Detection of Intrusions and Malware, and Vulnerability Assessment. Springer Int. Publ.Google Scholar
[75] Genç Z., Lenzini G., and Ryan P.. 2018. No random, no ransom: A key to stop cryptographic ransomware. In Detection of Intrusions and Malware, and Vulnerability Assessment. Springer International Publishing, 234–255.Google Scholar
[76] Gharib A. and Ghorbani A.. 2017. DNA-Droid: A real-time Android ransomware detection framework. In Network and System Security. Springer International Publishing.Google ScholarCross Ref
[77] Gonzalez D. and Hayajneh T.. 2017. Detection and prevention of crypto-ransomware. In 2017 IEEE 8th Annual Ubiquitous Computing, Electronics and Mobile Communication Conference (UEMCON).Google ScholarCross Ref
[78] Gostev A.. 2005. Krotten Source Traced. https://securelist.com/krotten-source-traced-for-the-moment/30086/.Google Scholar
[79] Goyal P., Kakkar A., Vinod G., and Joseph G.. 2020. Crypto-ransomware detection using behavioural analysis. In Reliability, Safety and Hazard Assessment for Risk-Based Technologies. Springer Singapore.Google Scholar
[80] Silva Juan A. H., Barona L., Valdivieso L., and Alvarez M.. 2019. A survey on situational awareness of ransomware attacks–detection and prevention parameters. Remote Sensing 11 ( 05 2019).Google Scholar
[81] Hamilton Isobel Asher. 2020. Elon Musk: Tesla was Target of a Failed Ransomware Attack - Business Insider. https://www.businessinsider.com/elon-musk-confirms-tesla-was-target-of-failed-ransomware-attack-2020-8.Google Scholar
[82] Hasan M. M. and Rahman M. M.. 2017. RansHunt: A support vector machines based ransomware analysis framework with integrated feature set. In 2017 20th International Conference of Computer and Information Technology (ICCIT).Google ScholarCross Ref
[83] Higgins K. J.. 2019. Ransomware “Crisis” in US Schools: More Than 1,000 Hit So Far in 2019. https://www.darkreading.com/threat-intelligence/ransomware-crisis-in-us-schools-more-than-1000-hit-so-far-in-2019/d/d-id/1336634.Google Scholar
[84] Homayoun S., Dehghantanha A., Ahmadzadeh M., Hashemi S., and Khayami R.. 2020. Know abnormal, find evil: Frequent pattern mining for ransomware threat hunting and intelligence. IEEE Transactions on Emerging Topics in Computing 8, 2 (2020).Google ScholarCross Ref
[85] Huang D. Y., Aliapoulios M. M., Li V. G., Invernizzi L., Bursztein E., McRoberts K., Levin J., Levchenko K., Snoeren A. C., and McCoy D.. 2018. Tracking ransomware end-to-end. In 2018 IEEE Symposium on Security and Privacy.Google Scholar
[86] Huang J., Xu J., Xing X., Liu P., and Qureshi M. K.. 2017. FlashGuard: Leveraging intrinsic flash properties to defend against encryption ransomware. In 2017 ACM SIGSAC Conference on Computer and Communications Security.Google ScholarDigital Library
[87] Hull G., John H., and Arief B.. 2019. Ransomware deployment methods and analysis: Views from a predictive model and human responses. Crime Science 8 (2019).Google ScholarCross Ref
[88] Humayun M., Jhanjhi A. Alsayat N., and Ponnusamy V.. 2020. Internet of things and ransomware: Evolution, mitigation and prevention. Egyptian Informatics Journal (2020).Google Scholar
[89] Hwang J., Kim J., Lee S., and Kim K.. 2020. Two-stage ransomware detection using dynamic analysis and machine learning techniques. Wireless Personal Communications 112 (2020).Google ScholarDigital Library
[90] Ibarra J., Butt U. Javed, Do A., Jahankhani H., and Jamal A.. 2019. Ransomware impact to SCADA systems and its scope to critical infrastructure. In 2019 IEEE 12th International Conference on Global Security, Safety and Sustainability.Google ScholarCross Ref
[91] Iffländer L., Dmitrienko A., Hagen C., Jobst M., and Kounev S.. 2019. Hands off my database: Ransomware detection in databases through dynamic analysis of query sequences. arxiv:1907.06775 . [cs.CR]Google Scholar
[92] Intel. [n.d.]. Detect Ransomware and Other Advanced Technologies with Intel Threat Detection Technology. https://www.intel.com/content/www/us/en/architecture-and-technology/threat-detection-technology-brief.html. [Online; accessed 7-February-2022].Google Scholar
[93] O’Ryan. J.2020. ConnectWise Partners Hit By Ransomware Via Automate Flaw. https://www.crn.com/news/channel-programs/connectwise-partners-hit-by-ransomware-via-automate-flaw. [Online; accessed 13-October-2020].Google Scholar
[94] Jercich K.. 2020. Ransomware Attack Leaves 5 Years of Patient Records Inaccessible at Colo. Hospital. https://www.healthcareitnews.com/news/ransomware-attack-leaves-5-years-patient-records-inaccessible-co-hospital.Google Scholar
[95] Jethva B., Traoré I., Ghaleb A., Ganame K., and Ahmed S.. 2019. Multilayer ransomware detection using grouped registry key operations, file entropy and file signature monitoring. Journal of Computer Security (2019).Google Scholar
[96] Sudhakar K. and Kumar S.. 2020. An emerging threat Fileless malware: A survey and research challenges. Cybersecurity 3 (2020).Google ScholarCross Ref
[97] Kao D., Hsiao S., and Tso R.. 2019. Analyzing WannaCry ransomware considering the weapons and exploits. In 2019 21st International Conference on Advanced Communication Technology (ICACT).Google ScholarCross Ref
[98] Karimi A. and Moattar M. H.. 2017. Android ransomware detection using reduced opcode sequence and image similarity. In 2017 7th International Conference on Computer and Knowledge Engineering (ICCKE).Google ScholarCross Ref
[99] Ng C. Keong, Rajasegarar S., Pan L., Jiang F., and Zhang L. Yu. 2020. VoterChoice: A ransomware detection honeypot with multiple voting framework. Concurrency and Computation: Practice and Experience 32, 14 (2020).Google Scholar
[100] Keshavarzi M. and Ghaffary H.. 2020. I2CE3: A dedicated and separated attack chain for ransomware offenses as the most infamous cyber extortion. Computer Science Review 36 (2020).Google ScholarCross Ref
[101] Kharaz A., Arshad S., Mulliner C., Robertson W., and Kirda E.. 2016. UNVEIL: A large-scale, automated approach to detecting ransomware. In 25th USENIX Security Symposium (USENIX Security 16).Google Scholar
[102] Kharraz A. and Kirda E.. 2017. Redemption: Real-time protection against ransomware at end-hosts. In Research in Attacks, Intrusions, and Defenses. Springer International Publishing, 98–119.Google Scholar
[103] Kharraz A., Robertson W., Balzarotti D., Bilge L., and Kirda E.. 2015. Cutting the Gordian Knot: A look under the hood of ransomware attacks. Detection of Intrusions and Malware, and Vulnerability Assessment LNCS (2015).Google ScholarDigital Library
[104] Kirda E.. 2016. Most Ransomware isn’t as Complex as You Might Think. https://privacy-pc.com/articles/most-ransomware-isnt-as-complex-as-you-might-think.htm. [Online; accessed 13-October-2020].Google Scholar
[105] Kiru M. and Aman J.. 2019. The age of ransomware: Understanding ransomware and its countermeasures. In Artificial Intelligence and Security Challenges in Emerging Networks.Google Scholar
[106] KnowBe4. [n.d.]. Archiveus Trojan. https://www.knowbe4.com/archiveus-trojan. [Online; accessed 13-October-2020].Google Scholar
[107] KnowBe4. 2019. CryptoWall Ransomware | KnowBe4. https://www.knowbe4.com/cryptowall. [Online; accessed 13-October-2020].Google Scholar
[108] Kok S.-H., Abdullah Azween, Jhanjhi N., and Supramaniam Mahadevan. 2019. Ransomware, threat and detection techniques: A review. IJCSNS International Journal of Computer Science and Network Security 19.Google Scholar
[109] Kolodenker E., Koch W., Stringhini G., and Egele M.. 2017. PayBreak: Defense against cryptographic ransomware. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security.Google ScholarDigital Library
[110] Kurt Ahmet, Erdin Enes, Cebe Mumin, Akkaya Kemal, and Uluagac A. Selcuk. 2020. LNBot: A covert hybrid botnet on Bitcoin lightning network for fun and profit. In European Symposium on Research in Computer Security. Springer.Google Scholar
[111] Lachtar N., Ibdah D., and Bacha A.. 2019. The case for native instructions in the detection of mobile ransomware. IEEE Letters of the Computer Society 2, 2 (2019).Google ScholarCross Ref
[112] Laffan K.. 2015. A Brief History of Ransomware. https://www.varonis.com/blog/a-brief-history-of-ransomware/.Google Scholar
[113] Lee K., Lee S., and Yim K.. 2019. Effective ransomware detection using entropy estimation of files for cloud services. In Pervasive Systems, Algorithms and Networks. Springer International Publishing.Google Scholar
[114] Lee S., Kim H., and Kim K.. 2019. Ransomware protection using the moving target defense perspective. Computers & Electrical Engineering 78 (2019).Google ScholarDigital Library
[115] Lemos R.. 2020. Attackers Prefer Ransomware to Stealing Data. https://www.darkreading.com/threat-intelligence/attackers-prefer-ransomware-to-stealing-data/d/d-id/1337627.Google Scholar
[116] Lu T., Du Y., Wu J., and Bao Y.. 2020. Ransomware detection based on an improved double-layer negative selection algorithm. In Testbeds and Research Infrastructures for the Development of Networks and Communications. Springer.Google ScholarCross Ref
[117] Magazine Cybercrime. 2020. Cybercrime Bytes: Time Bomb Attacks, Security’s Fuzz Buzz, Ransomware For Dummies. https://cybersecurityventures.com/cybercrime-bytes-time-bomb-attacks-securitys-fuzz-buzz-ransomware-for-dummies/. [Online; accessed 13-October-2020].Google Scholar
[118] Magazine Security. 2020. First Ransomware-related Death Reported in Germany. https://www.securitymagazine.com/articles/93409-first-ransomware-related-death-reported-in-germany. [Online; accessed 13-October-2020].Google Scholar
[119] Maigida A., Abdulhamid S., Olalere M., Alhassan K., Chiroma H., and Dada E.. 2019. Systematic literature review and metadata analysis of ransomware attacks and detection mechanisms. J. of Reliable Intelligent Environments (2019).Google ScholarCross Ref
[120] Maigida A., Abdulhamid S., Olalere M., and Idris I.. 2019. An intelligent crypto-locker ransomware detection technique using Support Vector Machine classification and Grey Wolf Optimization algorithms. i-manager’s Journal on Software Engineering 13 ( 03 2019).Google Scholar
[121] Maiorca D., Mercaldo F., Giacinto G., Visaggio C., and Martinelli F.. 2017. R-PackDroid: API package-based characterization and detection of mobile ransomware. In SAC’17.Google Scholar
[122] Maniath S., Ashok A., Poornachandran P., Sujadevi V. G., U. P. Sankar A., and Jan S.. 2017. Deep learning LSTM based ransomware detection. In 2017 Recent Developments in Control, Automation Power Engineering (RDCAPE).Google Scholar
[123] Maniath S., Poornachandran P., and Sujadevi V. G.. 2019. Survey on prevention, mitigation and containment of ransomware attacks. In Security in Computing and Communications. Springer Singapore, Singapore.Google ScholarCross Ref
[124] Martinelli F., Mercaldo F., Michailidou C., and Saracino A.. 2018. Phylogenetic analysis for ransomware detection and classification into families. In Proceedings of the 15th International Joint Conference on e-Business and Telecommunications, ICETE 2018 - Volume 2: SECRYPT, Porto, Portugal, July 26-28, 2018. SciTePress, 732–737.Google Scholar
[125] Matos D., Pardal M., Carle G., and Correia M.. 2018. RockFS: Cloud-backed file system resilience to client-side attacks. Middleware’18: Proceedings of the 19th International Middleware Conference.Google ScholarDigital Library
[126] Medhat M., Gaber S., and Abdelbaki N.. 2018. A new static-based framework for ransomware detection. In IEEE 16th Intl Conf on Dependable, Autonomic and Secure Computing.Google Scholar
[127] Mehnaz S., Mudgerikar A., and Bertino E.. 2018. RWGuard: A real-time detection system against cryptographic ransomware. In Research in Attacks, Intrusions, and Defenses. Springer International Publishing.Google Scholar
[128] Mekdad Yassine, Aris Ahmet, Babun Leonardo, Fergougui Abdeslam El, Conti Mauro, Lazzeretti Riccardo, and Uluagac A. Selcuk. 2021. A Survey on Security and Privacy Issues of UAVs. arxiv:2109.14442 [cs.CR]Google Scholar
[129] Mercaldo F., Nardone V., Santone A., and Visaggio C.. 2016. Ransomware steals your phone. Formal methods rescue it. In Formal Techniques for Distributed Objects, Components, and Systems. Springer International Publishing, Cham.Google Scholar
[130] Micro Trend. [n.d.]. Command and Control Server. https://www.trendmicro.com/vinfo/us/security/definition/command-and-control-server. [Online; accessed 13-October-2020].Google Scholar
[131] Min D., Park D., Ahn J., Walker R., Lee J., Park S., and Kim Y.. 2018. Amoeba: An autonomous backup and recovery SSD for ransomware attack defense. IEEE Computer Architecture Letters 17, 2 (2018).Google ScholarDigital Library
[132] Modi J., Traore I., Ghaleb A., Ganame K., and Ahmed S.. 2020. Detecting ransomware in encrypted web traffic. In Foundations and Practice of Security. Springer International Publishing.Google ScholarDigital Library
[133] Morato D., Berrueta E., Magaña E., and Izal M.. 2018. Ransomware early detection by the analysis of file sharing traffic. Journal of Network and Computer Applications 124 (2018).Google ScholarCross Ref
[134] Naseer A., Mir R., Mir A., and Aleem M.. 2020. Windows-based ransomware: A survey. Journal of Information Assurance and Security 15 (2020).Google Scholar
[135] Newaz Akm Iqtidar, Sikder Amit Kumar, Rahman Mohammad Ashiqur, and Uluagac A. Selcuk. 2021. A survey on security and privacy issues in modern healthcare systems: Attacks and defenses. ACM Trans. Comput. Healthcare 2, 3 (2021).Google ScholarDigital Library
[136] News BBC. 2017. iPhone users fooled by fake ransomware. ( Mar 2017). https://www.bbc.com/news/technology-39432350.Google Scholar
[137] News BBC. 2020. Northumbria University Hit by Cyber Attack. https://www.bbc.com/news/uk-england-tyne-53989404. [Online; accessed 13-October-2020].Google Scholar
[138] N. Hampton. 2016. Ransomware Brief - Evolution and The Future. Retrieved on 4 June 2022 https://3583bytesready.net/2016/01/27/ransomware_evolution_introduction/.Google Scholar
[139] O’Brien Dick. 2017. Internet Security Threat Report ISTR Ransomware 2017. https://docs.broadcom.com/doc/istr-ransomware-2017-en.Google Scholar
[140] O’Donnell Lindsey. 2019. ThreatList: Top 5 Most Dangerous Attachment Types. https://threatpost.com/threatlist-top-5-most-dangerous-attachment-types/144635/.Google Scholar
[141] Palisse A., Durand A., Bouder H. Le, Guernic C. Le, and Lanet J.. 2017. Data Aware Defense (DaD): Towards a generic and practical ransomware countermeasure. In Secure IT Systems. Springer International Publishing.Google ScholarCross Ref
[142] Palotay Dorka. 2017. Deconstructing Philadelphia. https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/RaaS-Philadelphia.pdf.Google Scholar
[143] Park J., Jung Y., Won J., Kang M., Lee S., and Kim J.. 2019. RansomBlocker: A low-overhead ransomware-proof SSD. In 2019 56th ACM/IEEE Design Automation Conference (DAC).Google ScholarDigital Library
[144] Paysafe. [n.d.]. PaysafeCard. https://www.paysafe.com/paysafecard/. [Online; accessed 13-October-2020].Google Scholar
[145] Petcu A.. 2020. Netwalker Ransomware Explained:. https://heimdalsecurity.com/blog/netwalker-ransomware-explained/.Google Scholar
[146] Poudyal S., Subedi K. P., and Dasgupta D.. 2018. A framework for analyzing ransomware using machine learning. In 2018 IEEE Symposium Series on Computational Intelligence (SSCI).Google Scholar
[147] Lipovský L. Štefanko R. and Braniša G.. 2016. The Rise of Android Ransomware. http://www.neotericnetworks.com/wp-content/uploads/2016/11/Rise-of-Android-Ransomware.pdf.Google Scholar
[148] Rehman H., Yafi E., Nazir M., and Mustafa K.. 2019. Security assurance against cybercrime ransomware. In Intelligent Computing & Optimization. Springer International Publishing.Google ScholarCross Ref
[149] Rondon Luis Puche, Babun Leonardo, Aris Ahmet, Akkaya Kemal, and Uluagac A. Selcuk. 2022. Survey on enterprise Internet-of-Things systems (E-IoT): A security perspective. Ad Hoc Networks 125 (2022), 102728.Google ScholarDigital Library
[150] roothaxor. [n.d.]. roothaxor/Ransom). https://github.com/roothaxor/Ransom. [Online; accessed 25-January-2020].Google Scholar
[151] Roy K. Chandra and Chen Q.. 2020. DeepRan: Attention-based BiLSTM and CRF for ransomware early detection and classification. Information Systems Frontiers (2020).Google Scholar
[152] Saleh M.. 2019. A proactive approach for detecting ransomware based on hidden Markov model (HMM). International Journal of Intelligent Computing Research 10 (2019).Google ScholarCross Ref
[153] Salehi S., Shahriari H., Ahmadian M. M., and Tazik L.. 2018. A novel approach for detecting DGA-based ransomwares. In 2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC).Google ScholarCross Ref
[154] Sangmoon J. and Yoojae W.. 2018. Ransomware detection method based on context-aware entropy analysis. Soft Computing 22 (2018).Google Scholar
[155] Savage K., Coogan P., and Lau H.. 2015. The Evolution of Ransomware. https://its.fsu.edu/sites/g/files/imported/storage/images/information-security-and-privacy-office/the-evolution-of-ransomware.pdf.Google Scholar
[156] Scaife N., Carter H., Traynor P., and Butler K. R. B.. 2016. CryptoLock (and drop it): Stopping ransomware attacks on user data. In 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS).Google ScholarCross Ref
[157] Scalas M., Maiorca D., Mercaldo F., Visaggio C., Martinelli F., and Giacinto G.. 2019. On the effectiveness of system API-related information for Android ransomware detection. Computers & Security (2019).Google ScholarDigital Library
[158] Schneier B.. 2016. Stop trying to fix the user. IEEE Security & Privacy 14, 05 (2016).Google ScholarDigital Library
[159] Security CIS. 2019. Fall 2019 Threat of the Quarter: Ryuk Ransomware. https://www.cisecurity.org/white-papers/fall-2019-threat-of-the-quarter-ryuk-ransomware/. [Online; accessed 13-October-2020].Google Scholar
[160] Security Krebson. 2020. Ransomware Gangs Don’t Need PR Help – Krebs on Security. https://krebsonsecurity.com/2020/07/ransomware-gangs-dont-need-pr-help/.Google Scholar
[161] Security Microsoft. 2020. Human Operated Ransomware Attacks A Preventable Disaster. https://www.microsoft.com/security/blog/2020/03/05/human-operated-ransomware-attacks-a-preventable-disaster/. [Online; accessed 13-October-2020].Google Scholar
[162] Segun I., Ujioghosa B. I., Ojewande S. O., Sweetwilliams F. O., John S. N., and Atayero A. A.. 2017. Ransomware: Current trend, challenges, and research directions. In Proceedings of The World Congress on Eng. and Comp. Science.Google Scholar
[163] Segura Jérôme. 2020. WOOF locker: Unmasking the Browser Locker Behind a Stealthy Tech Support Scam Operation. https://blog.malwarebytes.com/threat-analysis/2020/01/woof-locker-stealthy-browser-locker-tech-support-scam/.Google Scholar
[164] Sevtsov A.. 2017. Ransomware Delivery Mechanisms. https://www.lastline.com/labsblog/ransomware-delivery-mechanisms/.Google Scholar
[165] Sgandurra D., Muñoz-González L., Mohsen R., and Lupu E.. 2016. Automated dynamic analysis of ransomware: Benefits, limitations and use for detection. CoRR abs/1609.03020 (2016). http://arxiv.org/abs/1609.03020.Google Scholar
[166] Sharmeen S., Ahmed Y., Huda S., Koçer B., and Hassan M.. 2020. Avoiding future digital extortion through robust protection against ransomware threats using deep learning based adaptive approaches. IEEE Access (2020).Google ScholarCross Ref
[167] Shaukat S. K. and Ribeiro V. J.. 2018. RansomWall: A layered defense system against cryptographic ransomware attacks using machine learning. In 2018 10th International Conference on Communication Systems Networks (COMSNETS).Google ScholarCross Ref
[168] Sheen S. and Yadav A.. 2018. Ransomware detection by mining API call usage. In 2018 International Conference on Advances in Computing, Communications and Informatics (ICACCI).Google ScholarCross Ref
[169] Shinde R., Veeken P. Van der, Schooten S. Van, and Berg J. van den. 2016. Ransomware: Studying transfer and mitigation. In 2016 International Conference on Computing, Analytics and Security Trends (CAST).Google ScholarCross Ref
[170] Sikorski M. and Honig A.. 2012. Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software (1st ed.). No Starch Press, USA.Google Scholar
[171] Smith S.. 2016. The Evolution of Mobile Ransomware. https://blog.avast.com/the-evolution-of-mobile-ransomware.Google Scholar
[172] Snow J.. 2016. Ransomware on Mobile Devices: Knock-knock-block. https://www.kaspersky.com/blog/mobile-ransomware-2016/12491/.Google Scholar
[173] Song S., Kim B., and Lee S.. 2016. The effective ransomware prevention technique using process monitoring on Android platform. Mobile Information Systems 2016 (2016).Google ScholarCross Ref
[174] Sophos. 2015. The Current State of Ransomware: CTB-Locker. https://news.sophos.com/en-us/2015/12/31/the-current-state-of-ransomware-ctb-locker/.Google Scholar
[175] Sophos. 2020. Ransomware: How an Attack Works. https://support.sophos.com/support/s/article/KB-000036277.Google Scholar
[176] Staff Reuters. 2017. Ransomware: Facts, Threats, and Countermeasures. https://www.cisecurity.org/blog/ransomware-facts-threats-and-countermeasures/. [Online; accessed 13-October-2020].Google Scholar
[177] Staff Reuters. 2020. Carnival Hit by Ransomware Attack. https://www.reuters.com/article/us-carnival-cyber/carnival-hit-by-ransomware-attack-guest-and-employee-data-accessed-idUSKCN25D2GR. [Online; accessed 13-October-2020].Google Scholar
[178] Staff Reuters. 2020. Reflective Loading Runs Netwalker Fileless Ransomware. https://www.trendmicro.com/netwalker-fileless-ransomware-injected-via-reflective-loading.html. [Online; accessed 13-October-2020].Google Scholar
[179] Statista. 2013. Desktop OS Market Share 2013-2018 | Statista. https://www.statista.com/statistics/218089/global-market-share-of-windows-7/.Google Scholar
[180] Stubbs R.. 2019. An Overview of Symmetric Encryption and the Key Lifecycle. https://www.cryptomathic.com/news-events/blog/an-overview-of-symmetric-encryption-and-the-key-lifecycle. [Online; accessed 13-October-2020].Google Scholar
[181] Suciu O., Coull S., and Johns J.. 2018. Exploring adversarial examples in malware detection. CoRR abs/1810.08280 (2018). arxiv:1810.08280 http://arxiv.org/abs/1810.08280.Google Scholar
[182] Takeuchi Y., Sakai K., and Fukumoto S.. 2018. Detecting ransomware using support vector machines. In Proceedings of the 47th International Conference on Parallel Processing Companion. ACM.Google ScholarDigital Library
[183] Tang F., Ma B., Li Jinku, Zhang F., Su J., and Ma J.. 2020. RansomSpector: An introspection-based approach to detect crypto ransomware. Computers & Security 97 (2020).Google ScholarDigital Library
[184] Taylor M., Smith K., and Thornton M.. 2017. Sensor-based ransomware detection. In Future Technologies Conference.Google Scholar
[185] Team Symantec Threat Hunter. 2020. WastedLocker: Symantec Identifies Wave of Attacks Against U.S. Organizations. https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/wastedlocker-ransomware-us. [Online; accessed 13-October-2020].Google Scholar
[186] Tekiner Ege, Acar Abbas, Uluagac A. Selcuk, Kirda Engin, and Selcuk Ali Aydin. 2021. SoK: Cryptojacking malware. In 2021 IEEE European Symposium on Security and Privacy (EuroS&P). 120–139.Google ScholarCross Ref
[187] TrendMicro. 2019. Emerging Threat on Ransom Locky. https://success.trendmicro.com/solution/1113859-emerging-threat-on-ransom-locky.Google Scholar
[188] Veracode. 2014. Rootkit. https://www.veracode.com/security/rootki. [Online; accessed 13-October-2020].Google Scholar
[189] Wang P., Jia S., Chen B., Xia L., and Liu P.. 2019. MimosaFTL: Adding secure and practical ransomware defense strategy to flash translation layer.Google Scholar
[190] Wani A. and Sathiya R.. 2020. Ransomware protection in IoT using software defined networking. International Journal of Electrical and Computer Engineering (IJECE) 10 (2020).Google ScholarCross Ref
[191] Web Doctor. 2015. Encryption Ransomware Threatens Linux Users. https://news.drweb.com/show/?i=9686&c=5&lng=en&p=0. [Online; accessed 13-October-2020].Google Scholar
[192] Wei F., Li Y., Roy S., Ou X., and Zhou W.. 2017. Deep ground truth analysis of current Android malware. In Detection of Intrusions and Malware, and Vulnerability Assessment. Springer Inter. Publ.Google Scholar
[193] Weiss N., Schrötter M., and Hackenberg R.. 2019. On threat analysis and risk estimation of automotive ransomware. In ACM Computer Science in Cars Symposium (Kaiserslautern, Germany) ( CSCS’19 ). ACM, Article 6 .Google Scholar
[194] WIRED. 2018. Atlanta Spent $ 2.6M to Recover From a $52,000 Ransomware Scare. https://www.wired.com/story/atlanta-spent-26m-recover-from-ransomware-scare/.Google Scholar
[195] Xiao C.. 2016. New OS X Ransomware KeRanger Infected Transmission BitTorrent Client Installer. https://unit42.paloaltonetworks.com/new-os-x-ransomware-keranger-infected-transmission-bittorrent-client-installer/. [Online; accessed 13-October-2020].Google Scholar
[196] Young A. and Yung Moti. 1996. Cryptovirology: Extortion-based security threats and countermeasures. In Proceedings 1996 IEEE Symposium on Security and Privacy.Google ScholarCross Ref
[197] Young A. L. and Yung M.. 2017. On ransomware and envisioning the enemy of tomorrow. Computer 50, 11 (2017).Google ScholarCross Ref
[198] ytisf. 2018. TheZoo. https://github.com/ytisf/theZoo. [Online; accessed 13-October-2020].Google Scholar
[199] Yun J., Hur J., Shin Y., and Koo D.. 2017. CLDSafe: An efficient file backup system in cloud storage against ransomware. IEICE Transactions on Information and Systems E100.D ( 09 2017).Google ScholarCross Ref
[200] Zhang B., Xiao W., Xiao Xi, Sangaiah A., Zhang W., and Zhang J.. 2020. Ransomware classification using patch-based CNN and self-attention network on embedded N-grams of opcodes. Future Generation Computer Systems 110 (2020).Google ScholarCross Ref
[201] Zhang H., Xiao X., Mercaldo F., Ni S., Martinelli F., and Sangaiah Arun Kumar. 2019. Classification of ransomware families with machine learning based on N-gram of opcodes. Future Generation Computer Systems 90 (2019).Google ScholarCross Ref
[202] Zheng C., Dellarocca N., Andronio N., Zanero S., and Maggi F.. 2017. GreatEatlon: Fast, static detection of mobile ransomware. In Security and Privacy in Communication Networks. Springer Int. Publ.Google ScholarCross Ref
[203] Zhou J., Hirose M., Kakizaki Y., and Inomata A.. 2020. Evaluation to classify ransomware variants based on correlations between APIs. In 6th International Conference on Information Systems Security and Privacy.Google ScholarCross Ref
[204] Zimba A. and Chishimba M.. 2019. Understanding the evolution of ransomware: Paradigm shifts in attack structures. I. J. Computer Network and Information Security 1 ( 01 2019).Google Scholar
[205] Zuhair H., Selamat A., and Krejcar O.. 2020. A multi-tier streaming analytics model of 0-day ransomware detection using machine learning. Applied Sciences 10 (2020).Google ScholarCross Ref

Index Terms

A Survey on Ransomware: Evolution, Taxonomy, and Defense Solutions
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
    1. Malware and its mitigation

Recommendations

Trusted detection of ransomware in a private cloud using machine learning methods leveraging meta-features from volatile memory

A solution for trusted detection of unknown ransomware in VMs is proposed.Valuable data is extracted from the VM's memory dump using the Volatility framework.General descriptive features are proposed and successfully leveraged by ML algorithms.The ...

Read More
Ransomware threat success factors, taxonomy, and countermeasures

The paper surveys state-of-the-art studies on ransomware analysis, detection, and prediction.The work describes the enabling technologies and factors that contribute to successful ransomware attacks.The paper proposes a general taxonomy for the ...

Read More
Survey and taxonomy of botnet research through life-cycle

Of all current threats to cybersecurity, botnets are at the top of the list. In consequence, interest in this problem is increasing rapidly among the research community and the number of publications on the question has grown exponentially in recent ...

Read More

Comments

comments powered by Disqus.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Computing Surveys Volume 54, Issue 11s

January 2022

785 pages

ISSN:0360-0300

EISSN:1557-7341

DOI:10.1145/3551650

Editor:

Albert Zomaya
University of Sydney, Australia

Issue’s Table of Contents
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher

Association for Computing Machinery

New York, NY, United States
Publication History
- Published: 9 September 2022
- Online AM: 18 February 2022
- Accepted: 1 January 2022
- Revised: 1 December 2021
- Received: 1 February 2021
Published in csur Volume 54, Issue 11s

Permissions

Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Ransomware

detection

evolution

taxonomy

defense

malware
Qualifiers
- survey
- Refereed
Conference
Funding Sources
Other Metrics

View Article Metrics

Article Metrics
- 28
  Total Citations
  View Citations
- 6,779
  Total Downloads
- Downloads (Last 12 months)3,092
- Downloads (Last 6 weeks)497
Other Metrics

View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Full Text

View this article in Full Text.

View Full Text

HTML Format

View this article in HTML Format .

View HTML Format

A Survey on Ransomware: Evolution, Taxonomy, and Defense Solutions

ACM Computing Surveys

Abstract

Supplemental Material

Available for Download

REFERENCES

Cited By

Index Terms

Recommendations

Trusted detection of ransomware in a private cloud using machine learning methods leveraging meta-features from volatile memory

Ransomware threat success factors, taxonomy, and countermeasures

Survey and taxonomy of botnet research through life-cycle