Abstract
In recent years, ransomware has been one of the most notorious malware targeting end-users, governments, and business organizations. It has become a very profitable business for cybercriminals with revenues of millions of dollars, and a very serious threat to organizations with financial losses of billions of dollars. Numerous studies were proposed to address the ransomware threat, including surveys that cover certain aspects of ransomware research. However, no study exists in the literature that gives the complete picture on ransomware and ransomware defense research with respect to the diversity of targeted platforms. Since ransomware is already prevalent in PCs/workstations/desktops/laptops, and is becoming more prevalent in mobile devices, and has already hit IoT/CPS recently, and will likely grow further in the IoT/CPS domain very soon, understanding ransomware and analyzing defense mechanisms with respect to target platforms is becoming more imperative. In order to fill this gap and motivate further research, in this paper, we present a comprehensive survey on ransomware and ransomware defense research with respect to PCs/workstations, mobile devices, and IoT/CPS platforms. Specifically, covering 137 studies over the period of 1990-2020, we give a detailed overview of ransomware evolution, comprehensively analyze the key building blocks of ransomware, present a taxonomy of notable ransomware families, and provide an extensive overview of ransomware defense research (i.e., analysis, detection, and recovery) with respect to platforms of PCs/workstations, mobile devices, and IoT/CPS. Moreover, we derive an extensive list of open issues for future ransomware research. We believe this survey will motivate further research by giving a complete picture on state-of-the-art ransomware research.
Supplemental Material
Available for Download
Supplemental movie, appendix, image and software files for, A Survey on Ransomware: Evolution, Taxonomy, and Defense Solutions
- [1] . 2020. Particle swarm optimization: A wrapper-based feature selection method for ransomware detection and classification. In Applications of Evolutionary Computation. Springer Int.Google ScholarDigital Library
- [2] . 2019. A survey on preventing crypto ransomware using machine learning. In 2019 2nd International Conference on Intelligent Computing, Instrumentation and Control Technologies (ICICICT), Vol. 1.Google ScholarCross Ref
- [3] . 2020. Netwalker Ransomware Hits Argentinian Government, Demands $4 Million. https://www.bleepingcomputer.com/news/security/netwalker-ransomware-hits-argentinian-government-demands- 4-million/. [Online; accessed 13-October-2020].Google Scholar
- [4] . 2020. SunCrypt Ransomware Shuts Down North Carolina School District. https://www.bleepingcomputer.com/news/security/suncrypt-ransomware-shuts-down-north-carolina-school-district/. [Online; accessed 13-October-2020].Google Scholar
- [5] . 2020. Automated analysis approach for the detection of high survivable ransomware. KSII Transactions on Internet and Information Systems 14 (2020).Google Scholar
- [6] . 2020. Digital CoronaVirus: Yet Another Ransomware Combined with Infostealer. https://www.cbronline.com/news/tesla-cyber-attack. [Online; accessed 13-October-2020].Google Scholar
- [7] . 2019. Attention in recurrent neural networks for ransomware detection. In ICASSP 2019-2019 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).Google ScholarCross Ref
- [8] . 2020. A system call refinement-based enhanced minimum redundancy maximum relevance method for ransomware early detection. Journal of Network and Computer Applications (2020).Google ScholarCross Ref
- [9] . 2019. KEY-SSD: Access-control drive to protect files from ransomware attacks. CoRR abs/1904.05012 (
04 2019). http://arxiv.org/abs/1904.05012.Google Scholar - [10] . 2019. Ransomware detection and mitigation using software-defined networking: The case of WannaCry. Computers & Electrical Engineering 76 (2019).Google ScholarDigital Library
- [11] . 2019. WannaCry ransomware: Analysis of infection, persistence, recovery prevention and propagation mechanisms. Journal of Telecommunications and Information Technology 1 (
04 2019).Google ScholarCross Ref - [12] . 2018. Static and dynamic analysis of WannaCry ransomware.Google Scholar
- [13] . 2019. Industrial Internet of Things based ransomware detection using stacked variational neural network. In Proceedings of the 3rd Int. Conf. on Big Data and Internet of Things. ACM.Google ScholarDigital Library
- [14] . 2019. Leveraging deep learning models for ransomware detection in the industrial Internet of Things environment. In 2019 Military Communications and Information Systems Conference.Google ScholarCross Ref
- [15] . 2018. Zero-day aware decision fusion-based model for crypto-ransomware early detection. International Journal of Integrated Engineering 10 (
11 2018).Google ScholarCross Ref - [16] . 2018. Ransomware threat success factors, taxonomy, and countermeasures: A survey and research directions. Computers & Security 74 (
01 2018).Google ScholarDigital Library - [17] . 2019. Crypto-ransomware early detection model using novel incremental bagging with enhanced semi-random subspace selection. Future Generation Computer Systems 101 (2019).Google ScholarDigital Library
- [18] . 2018. Leveraging machine learning techniques for windows ransomware network traffic detection. In Cyber Threat Intelligence. Springer International Publishing.Google Scholar
- [19] . 2018. Ransomware detection using limited precision deep learning structure in FPGA. In NAECON 2018 - IEEE National Aerospace and Electronics Conference.Google ScholarCross Ref
- [20] . 2019. Ransomware detection system for Android applications. Electronics 8 (
08 2019).Google ScholarCross Ref - [21] . 2020. On the effectiveness of application permissions for Android ransomware detection. In 2020 6th Conference on Data Science and Machine Learning Applications (CDMA).Google ScholarCross Ref
- [22] . 2019. An intelligent behavior-based ransomware detection system for Android platform. In First IEEE Int. Conf. on Trust, Privacy and Security in Intel. Systems and Apps.Google Scholar
- [23] . 2017. An overview of ransomware in the windows platform. In 2017 International Conference on Computational Science and Computational Intelligence (CSCI).Google ScholarCross Ref
- [24] . 2018. RanDroid: Structural similarity approach for detecting ransomware applications in Android platform. In IEEE Int. Conf. on Electro/Info. Technology.Google Scholar
- [25] . 2020. Ransomware in Windows and Android Platforms.
arxiv:2005.05571 [cs.CY]Google Scholar - [26] . 2019. A review on Android ransomware detection using deep learning techniques. In Proceedings of the 11th International Conference on Management of Digital EcoSystems. ACM.Google ScholarDigital Library
- [27] . 2015. HelDroid: Dissecting and detecting Mobile ransomware. In Research in Attacks, Intrusions, and Defenses. Springer International Publishing.Google Scholar
- [28] . 2006. One Billion Internet Users as of December 2005. https://www.internetworldstats.com/pr/edi014.html.Google Scholar
- [29] . 2019. Ransomware analysis using feature engineering and deep neural networks. CoRR abs/1910.00286 (2019).
arxiv:1910.00286 http://arxiv.org/abs/1910.00286.Google Scholar - [30] . 2019. Volenti non fit injuria: Ransomware and its victims. In 2019 IEEE International Conference on Big Data (Big Data). 4701–4707.Google ScholarCross Ref
- [31] . 2017. Ransomware: A survey and trends. Journal of Information Assurance and Security 12 (
06 2017).Google Scholar - [32] . 2017. Detecting crypto-ransomware in IoT networks based on energy consumption footprint. Journal of Ambient Intelligence and Humanized Computing (2017).Google Scholar
- [33] . 2014. REVETON Ransomware Spreads with Old Tactics, New Infection Method - TrendLabs Security Intelligence Blog. https://blog.trendmicro.com/trendlabs-security-intelligence/reveton-ransomware-spreads-with-old-tactics-new-infection-method/.Google Scholar
- [34] . 2020. Ransomware detection using machine learning algorithms. Concurrency and Computation: Practice and Experience 32, 18 (2020).Google ScholarCross Ref
- [35] . 2018. SSD-Insider: Internal defense of solid-state drive against ransomware with perfect data recovery. In 2018 IEEE 38th International Conference on Distributed Computing Systems.Google ScholarCross Ref
- [36] . 2018. A key-management-based taxonomy for ransomware. In 2018 APWG Symposium on Electronic Crime Research (eCrime).Google Scholar
- [37] . 2018. Leveraging support vector machine for opcode density based detection of crypto-ransomware. In Cyber Threat Intelligence. Springer International Publishing, 107–136.Google Scholar
- [38] . 1990. High level-programs and the AIDS Trojan. Virus Bulletin (1990).Google Scholar
- [39] . 1990. Trojan horse: AIDS information introductory diskette version 2.0. Virus Bulletin (1990).Google Scholar
- [40] . [n.d.]. Cyber-attack: Europol Says It was Unprecedented in Scale. https://www.bbc.com/news/world-europe-39907965. [Online; accessed 13-October-2020].Google Scholar
- [41] . 2019. A survey on detection techniques for cryptographic ransomware. IEEE Access 7 (2019).Google ScholarCross Ref
- [42] . 2020. A survey on ransomware detection techniques. In Secure Knowledge Management In Artificial Intelligence Era. Springer Singapore, Singapore.Google ScholarCross Ref
- [43] . 2015. Website Files Encrypted by Linux.Encoder.1 ransomware? There is Now a Free Fix •Graham Cluley. https://grahamcluley.com/website-files-encrypted-linux-encoder-1-ransomware-free-fix/.Google Scholar
- [44] . 2016. Software-defined networking-based crypto ransomware detection using HTTP traffic characteristics. CoRR abs/1611.08294 (2016).
arxiv:1611.08294 .Google Scholar - [45] . 2013. Cryptolocker Ransomware: What You Need to Know. https://blog.malwarebytes.com/101/2013/10/cryptolocker-ransomware-what-you-need-to-know/.Google Scholar
- [46] . 2017. On the efficacy of Android ransomware detection techniques: A survey. International Journal of Pure and Applied Mathematics 115 (2017).Google Scholar
- [47] . 2018. Uncovering the face of Android ransomware: Characterization and real-time detection. IEEE Transactions on Information Forensics and Security 13, 5 (2018).Google ScholarCross Ref
- [48] . 2019. Automated ransomware behavior analysis: Pattern extraction and early detection. In Science of Cyber Security. Springer International Publishing.Google Scholar
- [49] . 2017. Automatic ransomware detection and analysis based on dynamic API calls flow graph. In Proceedings of the Int. Conference on Research in Adaptive and Convergent Systems. ACM.Google ScholarDigital Library
- [50] . 2017. Talos: No more ransomware victims with formal methods. International Journal of Information Security 17 (2017).Google Scholar
- [51] . 2020. Chilean Bank Shuts Down All Branches Following Ransomware Attack. https://www.zdnet.com/article/chilean-bank-shuts-down-all-branches-following-ransomware-attack/. [Online; accessed 13-October-2020].Google Scholar
- [52] . 2020. Cloud Provider Stopped Ransomware Attack But Had to Pay Ransom Demand Anyway. https://www.zdnet.com/article/cloud-provider-stopped-ransomware-attack-but-had-to-pay-ransom-demand-anyway/. [Online; accessed 13-October-2020].Google Scholar
- [53] . 2018. Trusted detection of ransomware in a private cloud using machine learning methods leveraging meta-features from volatile memory. Expert Systems with Applications 102 (2018).Google ScholarDigital Library
- [54] . 2020. Major Hospital System Hit with Cyberattack. https://www.nbcnews.com/tech/security/cyberattack-hits-major-u-s-hospital-system-n1241254. [Online; accessed 13-October-2020].Google Scholar
- [55] . 2016. ShieldFS: A self-healing, ransomware-aware filesystem. In Proceedings of the 32nd Annual Conference on Computer Security Applications (ACSAC’16). ACM, 336–347.Google ScholarDigital Library
- [56] . 2018. Machine learning-based detection of ransomware using SDN(
SDN-NFV Sec’18 ). ACM.Google Scholar - [57] . 2018. A novel structural-entropy-based classification technique for supporting Android ransomware detection and analysis. In 2018 IEEE International Conference on Fuzzy Systems.Google ScholarDigital Library
- [58] . 2019. A cyber-kill-chain based taxonomy of crypto-ransomware features. Journal of Computer Virology and Hacking Techniques 15, 4 (2019).Google ScholarCross Ref
- [59] . 2017. Hail to the thief: Protecting data from mobile ransomware with ransomsafedroid. In 2017 IEEE 16th International Symposium on Network Computing and Applications.Google Scholar
- [60] . 2019. A survey on Android ransomware and its detection methods. International Research Journal of Engineering and Technology.Google Scholar
- [61] . 2016. What Makes IoT Ransomware a Different and More Dangerous Threat? https://techcrunch.com/2016/10/02/what-makes-iot-ransomware-a-different-and-more-dangerous-threat/.Google Scholar
- [62] . 2019. Classifying ransomware using machine learning algorithms. In Intelligent Data Engineering and Automated Learning – IDEAL 2019. Springer.Google Scholar
- [63] . [n.d.]. Trojan:W32/Ransom Description F-Secure Labs. https://www.f-secure.com/v-descs/trojan_w32_ransom.shtml. [Online; accessed 7-February-2022].Google Scholar
- [64] . 2020. Thanos Ransomware: Destructive Variant Targeting State-Run Organizations in the Middle East and North Africa. https://unit42.paloaltonetworks.com/thanos-ransomware.Google Scholar
- [65] . 2020. Optimizing extreme learning machines using chains of salps for efficient Android ransomware detection. Applied Sciences 10 (
05 2020).Google ScholarCross Ref - [66] . 2019. Intelligent and dynamic ransomware spread detection and mitigation in integrated clinical environments. Sensors 19 (
03 2019).Google ScholarCross Ref - [67] . 2018. Extinguishing ransomware - a hybrid approach to Android ransomware detection. In Foundations and Practice of Security. Springer International Publishing.Google ScholarCross Ref
- [68] . 2010. New Seftad Ransomware Attacks Master Boot Record. https://threatpost.com/new-seftad-ransomware-attacks-master-boot-record-113010/74714/. [Online; accessed 13-October-2020].Google Scholar
- [69] . 2013. Swansea Police Pay $750 “ransom” After Computer Virus Strikes. https://www.heraldnews.com/x2132756948/Swansea-police-pay-750-ransom-after-computer-virus-strikes. [Online; accessed 13-October-2020].Google Scholar
- [70] . 2021. A survey of honeypots and honeynets for Internet of Things, industrial Internet of Things, and cyber-physical systems. IEEE Communications Surveys Tutorials 23, 4 (2021), 2351–2383.Google ScholarCross Ref
- [71] . 2020. Ransomware Attacks Appeared to Decline as Pandemic Arrived. https://statescoop.com/ransomware-attacks-declined-coronavirus-pandemic/.Google Scholar
- [72] . 2020. Ransomware Attacks Predicted to Occur Every 11 Seconds in 2021 with a Cost of $20 Billion. https://www.dataprivacyandsecurityinsider.com/2020/02/ransomware-attacks-predicted-to-occur-every-11-seconds-in-2021-with-a-cost-of-20-billion/. [Online; accessed 13-October-2020].Google Scholar
- [73] . 2018. A past examination and future expectation: Ransomware. 2018 International Conference on Advances in Computing and Communication Engineering (2018).Google Scholar
- [74] . 2019. On deception-based protection against cryptographic ransomware. In Detection of Intrusions and Malware, and Vulnerability Assessment. Springer Int. Publ.Google Scholar
- [75] . 2018. No random, no ransom: A key to stop cryptographic ransomware. In Detection of Intrusions and Malware, and Vulnerability Assessment. Springer International Publishing, 234–255.Google Scholar
- [76] . 2017. DNA-Droid: A real-time Android ransomware detection framework. In Network and System Security. Springer International Publishing.Google ScholarCross Ref
- [77] . 2017. Detection and prevention of crypto-ransomware. In 2017 IEEE 8th Annual Ubiquitous Computing, Electronics and Mobile Communication Conference (UEMCON).Google ScholarCross Ref
- [78] . 2005. Krotten Source Traced. https://securelist.com/krotten-source-traced-for-the-moment/30086/.Google Scholar
- [79] . 2020. Crypto-ransomware detection using behavioural analysis. In Reliability, Safety and Hazard Assessment for Risk-Based Technologies. Springer Singapore.Google Scholar
- [80] . 2019. A survey on situational awareness of ransomware attacks–detection and prevention parameters. Remote Sensing 11 (
05 2019).Google Scholar - [81] . 2020. Elon Musk: Tesla was Target of a Failed Ransomware Attack - Business Insider. https://www.businessinsider.com/elon-musk-confirms-tesla-was-target-of-failed-ransomware-attack-2020-8.Google Scholar
- [82] . 2017. RansHunt: A support vector machines based ransomware analysis framework with integrated feature set. In 2017 20th International Conference of Computer and Information Technology (ICCIT).Google ScholarCross Ref
- [83] . 2019. Ransomware “Crisis” in US Schools: More Than 1,000 Hit So Far in 2019. https://www.darkreading.com/threat-intelligence/ransomware-crisis-in-us-schools-more-than-1000-hit-so-far-in-2019/d/d-id/1336634.Google Scholar
- [84] . 2020. Know abnormal, find evil: Frequent pattern mining for ransomware threat hunting and intelligence. IEEE Transactions on Emerging Topics in Computing 8, 2 (2020).Google ScholarCross Ref
- [85] . 2018. Tracking ransomware end-to-end. In 2018 IEEE Symposium on Security and Privacy.Google Scholar
- [86] . 2017. FlashGuard: Leveraging intrinsic flash properties to defend against encryption ransomware. In 2017 ACM SIGSAC Conference on Computer and Communications Security.Google ScholarDigital Library
- [87] . 2019. Ransomware deployment methods and analysis: Views from a predictive model and human responses. Crime Science 8 (2019).Google ScholarCross Ref
- [88] . 2020. Internet of things and ransomware: Evolution, mitigation and prevention. Egyptian Informatics Journal (2020).Google Scholar
- [89] . 2020. Two-stage ransomware detection using dynamic analysis and machine learning techniques. Wireless Personal Communications 112 (2020).Google ScholarDigital Library
- [90] . 2019. Ransomware impact to SCADA systems and its scope to critical infrastructure. In 2019 IEEE 12th International Conference on Global Security, Safety and Sustainability.Google ScholarCross Ref
- [91] . 2019. Hands off my database: Ransomware detection in databases through dynamic analysis of query sequences.
arxiv:1907.06775 . [cs.CR]Google Scholar - [92] . [n.d.]. Detect Ransomware and Other Advanced Technologies with Intel Threat Detection Technology. https://www.intel.com/content/www/us/en/architecture-and-technology/threat-detection-technology-brief.html. [Online; accessed 7-February-2022].Google Scholar
- [93] 2020. ConnectWise Partners Hit By Ransomware Via Automate Flaw. https://www.crn.com/news/channel-programs/connectwise-partners-hit-by-ransomware-via-automate-flaw. [Online; accessed 13-October-2020].Google Scholar
- [94] . 2020. Ransomware Attack Leaves 5 Years of Patient Records Inaccessible at Colo. Hospital. https://www.healthcareitnews.com/news/ransomware-attack-leaves-5-years-patient-records-inaccessible-co-hospital.Google Scholar
- [95] . 2019. Multilayer ransomware detection using grouped registry key operations, file entropy and file signature monitoring. Journal of Computer Security (2019).Google Scholar
- [96] . 2020. An emerging threat Fileless malware: A survey and research challenges. Cybersecurity 3 (2020).Google ScholarCross Ref
- [97] . 2019. Analyzing WannaCry ransomware considering the weapons and exploits. In 2019 21st International Conference on Advanced Communication Technology (ICACT).Google ScholarCross Ref
- [98] . 2017. Android ransomware detection using reduced opcode sequence and image similarity. In 2017 7th International Conference on Computer and Knowledge Engineering (ICCKE).Google ScholarCross Ref
- [99] . 2020. VoterChoice: A ransomware detection honeypot with multiple voting framework. Concurrency and Computation: Practice and Experience 32, 14 (2020).Google Scholar
- [100] . 2020. I2CE3: A dedicated and separated attack chain for ransomware offenses as the most infamous cyber extortion. Computer Science Review 36 (2020).Google ScholarCross Ref
- [101] . 2016. UNVEIL: A large-scale, automated approach to detecting ransomware. In 25th USENIX Security Symposium (USENIX Security 16).Google Scholar
- [102] . 2017. Redemption: Real-time protection against ransomware at end-hosts. In Research in Attacks, Intrusions, and Defenses. Springer International Publishing, 98–119.Google Scholar
- [103] . 2015. Cutting the Gordian Knot: A look under the hood of ransomware attacks. Detection of Intrusions and Malware, and Vulnerability Assessment LNCS (2015).Google ScholarDigital Library
- [104] . 2016. Most Ransomware isn’t as Complex as You Might Think. https://privacy-pc.com/articles/most-ransomware-isnt-as-complex-as-you-might-think.htm. [Online; accessed 13-October-2020].Google Scholar
- [105] . 2019. The age of ransomware: Understanding ransomware and its countermeasures. In Artificial Intelligence and Security Challenges in Emerging Networks.Google Scholar
- [106] . [n.d.]. Archiveus Trojan. https://www.knowbe4.com/archiveus-trojan. [Online; accessed 13-October-2020].Google Scholar
- [107] . 2019. CryptoWall Ransomware | KnowBe4. https://www.knowbe4.com/cryptowall. [Online; accessed 13-October-2020].Google Scholar
- [108] . 2019. Ransomware, threat and detection techniques: A review. IJCSNS International Journal of Computer Science and Network Security 19.Google Scholar
- [109] . 2017. PayBreak: Defense against cryptographic ransomware. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security.Google ScholarDigital Library
- [110] . 2020. LNBot: A covert hybrid botnet on Bitcoin lightning network for fun and profit. In European Symposium on Research in Computer Security. Springer.Google Scholar
- [111] . 2019. The case for native instructions in the detection of mobile ransomware. IEEE Letters of the Computer Society 2, 2 (2019).Google ScholarCross Ref
- [112] . 2015. A Brief History of Ransomware. https://www.varonis.com/blog/a-brief-history-of-ransomware/.Google Scholar
- [113] . 2019. Effective ransomware detection using entropy estimation of files for cloud services. In Pervasive Systems, Algorithms and Networks. Springer International Publishing.Google Scholar
- [114] . 2019. Ransomware protection using the moving target defense perspective. Computers & Electrical Engineering 78 (2019).Google ScholarDigital Library
- [115] . 2020. Attackers Prefer Ransomware to Stealing Data. https://www.darkreading.com/threat-intelligence/attackers-prefer-ransomware-to-stealing-data/d/d-id/1337627.Google Scholar
- [116] . 2020. Ransomware detection based on an improved double-layer negative selection algorithm. In Testbeds and Research Infrastructures for the Development of Networks and Communications. Springer.Google ScholarCross Ref
- [117] . 2020. Cybercrime Bytes: Time Bomb Attacks, Security’s Fuzz Buzz, Ransomware For Dummies. https://cybersecurityventures.com/cybercrime-bytes-time-bomb-attacks-securitys-fuzz-buzz-ransomware-for-dummies/. [Online; accessed 13-October-2020].Google Scholar
- [118] . 2020. First Ransomware-related Death Reported in Germany. https://www.securitymagazine.com/articles/93409-first-ransomware-related-death-reported-in-germany. [Online; accessed 13-October-2020].Google Scholar
- [119] . 2019. Systematic literature review and metadata analysis of ransomware attacks and detection mechanisms. J. of Reliable Intelligent Environments (2019).Google ScholarCross Ref
- [120] . 2019. An intelligent crypto-locker ransomware detection technique using Support Vector Machine classification and Grey Wolf Optimization algorithms. i-manager’s Journal on Software Engineering 13 (
03 2019).Google Scholar - [121] . 2017. R-PackDroid: API package-based characterization and detection of mobile ransomware. In SAC’17.Google Scholar
- [122] . 2017. Deep learning LSTM based ransomware detection. In 2017 Recent Developments in Control, Automation Power Engineering (RDCAPE).Google Scholar
- [123] . 2019. Survey on prevention, mitigation and containment of ransomware attacks. In Security in Computing and Communications. Springer Singapore, Singapore.Google ScholarCross Ref
- [124] . 2018. Phylogenetic analysis for ransomware detection and classification into families. In Proceedings of the 15th International Joint Conference on e-Business and Telecommunications, ICETE 2018 - Volume 2: SECRYPT, Porto, Portugal, July 26-28, 2018. SciTePress, 732–737.Google Scholar
- [125] . 2018. RockFS: Cloud-backed file system resilience to client-side attacks. Middleware’18: Proceedings of the 19th International Middleware Conference.Google ScholarDigital Library
- [126] . 2018. A new static-based framework for ransomware detection. In IEEE 16th Intl Conf on Dependable, Autonomic and Secure Computing.Google Scholar
- [127] . 2018. RWGuard: A real-time detection system against cryptographic ransomware. In Research in Attacks, Intrusions, and Defenses. Springer International Publishing.Google Scholar
- [128] . 2021. A Survey on Security and Privacy Issues of UAVs.
arxiv:2109.14442 [cs.CR]Google Scholar - [129] . 2016. Ransomware steals your phone. Formal methods rescue it. In Formal Techniques for Distributed Objects, Components, and Systems. Springer International Publishing, Cham.Google Scholar
- [130] . [n.d.]. Command and Control Server. https://www.trendmicro.com/vinfo/us/security/definition/command-and-control-server. [Online; accessed 13-October-2020].Google Scholar
- [131] . 2018. Amoeba: An autonomous backup and recovery SSD for ransomware attack defense. IEEE Computer Architecture Letters 17, 2 (2018).Google ScholarDigital Library
- [132] . 2020. Detecting ransomware in encrypted web traffic. In Foundations and Practice of Security. Springer International Publishing.Google ScholarDigital Library
- [133] . 2018. Ransomware early detection by the analysis of file sharing traffic. Journal of Network and Computer Applications 124 (2018).Google ScholarCross Ref
- [134] . 2020. Windows-based ransomware: A survey. Journal of Information Assurance and Security 15 (2020).Google Scholar
- [135] . 2021. A survey on security and privacy issues in modern healthcare systems: Attacks and defenses. ACM Trans. Comput. Healthcare 2, 3 (2021).Google ScholarDigital Library
- [136] . 2017. iPhone users fooled by fake ransomware. (
Mar 2017). https://www.bbc.com/news/technology-39432350.Google Scholar - [137] . 2020. Northumbria University Hit by Cyber Attack. https://www.bbc.com/news/uk-england-tyne-53989404. [Online; accessed 13-October-2020].Google Scholar
- [138] N. Hampton. 2016. Ransomware Brief - Evolution and The Future. Retrieved on 4 June 2022 https://3583bytesready.net/2016/01/27/ransomware_evolution_introduction/.Google Scholar
- [139] . 2017. Internet Security Threat Report ISTR Ransomware 2017. https://docs.broadcom.com/doc/istr-ransomware-2017-en.Google Scholar
- [140] . 2019. ThreatList: Top 5 Most Dangerous Attachment Types. https://threatpost.com/threatlist-top-5-most-dangerous-attachment-types/144635/.Google Scholar
- [141] . 2017. Data Aware Defense (DaD): Towards a generic and practical ransomware countermeasure. In Secure IT Systems. Springer International Publishing.Google ScholarCross Ref
- [142] . 2017. Deconstructing Philadelphia. https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/RaaS-Philadelphia.pdf.Google Scholar
- [143] . 2019. RansomBlocker: A low-overhead ransomware-proof SSD. In 2019 56th ACM/IEEE Design Automation Conference (DAC).Google ScholarDigital Library
- [144] . [n.d.]. PaysafeCard. https://www.paysafe.com/paysafecard/. [Online; accessed 13-October-2020].Google Scholar
- [145] . 2020. Netwalker Ransomware Explained:. https://heimdalsecurity.com/blog/netwalker-ransomware-explained/.Google Scholar
- [146] . 2018. A framework for analyzing ransomware using machine learning. In 2018 IEEE Symposium Series on Computational Intelligence (SSCI).Google Scholar
- [147] . 2016. The Rise of Android Ransomware. http://www.neotericnetworks.com/wp-content/uploads/2016/11/Rise-of-Android-Ransomware.pdf.Google Scholar
- [148] . 2019. Security assurance against cybercrime ransomware. In Intelligent Computing & Optimization. Springer International Publishing.Google ScholarCross Ref
- [149] . 2022. Survey on enterprise Internet-of-Things systems (E-IoT): A security perspective. Ad Hoc Networks 125 (2022), 102728.Google ScholarDigital Library
- [150] . [n.d.]. roothaxor/Ransom). https://github.com/roothaxor/Ransom. [Online; accessed 25-January-2020].Google Scholar
- [151] . 2020. DeepRan: Attention-based BiLSTM and CRF for ransomware early detection and classification. Information Systems Frontiers (2020).Google Scholar
- [152] . 2019. A proactive approach for detecting ransomware based on hidden Markov model (HMM). International Journal of Intelligent Computing Research 10 (2019).Google ScholarCross Ref
- [153] . 2018. A novel approach for detecting DGA-based ransomwares. In 2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC).Google ScholarCross Ref
- [154] . 2018. Ransomware detection method based on context-aware entropy analysis. Soft Computing 22 (2018).Google Scholar
- [155] . 2015. The Evolution of Ransomware. https://its.fsu.edu/sites/g/files/imported/storage/images/information-security-and-privacy-office/the-evolution-of-ransomware.pdf.Google Scholar
- [156] . 2016. CryptoLock (and drop it): Stopping ransomware attacks on user data. In 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS).Google ScholarCross Ref
- [157] . 2019. On the effectiveness of system API-related information for Android ransomware detection. Computers & Security (2019).Google ScholarDigital Library
- [158] . 2016. Stop trying to fix the user. IEEE Security & Privacy 14, 05 (2016).Google ScholarDigital Library
- [159] . 2019. Fall 2019 Threat of the Quarter: Ryuk Ransomware. https://www.cisecurity.org/white-papers/fall-2019-threat-of-the-quarter-ryuk-ransomware/. [Online; accessed 13-October-2020].Google Scholar
- [160] . 2020. Ransomware Gangs Don’t Need PR Help – Krebs on Security. https://krebsonsecurity.com/2020/07/ransomware-gangs-dont-need-pr-help/.Google Scholar
- [161] . 2020. Human Operated Ransomware Attacks A Preventable Disaster. https://www.microsoft.com/security/blog/2020/03/05/human-operated-ransomware-attacks-a-preventable-disaster/. [Online; accessed 13-October-2020].Google Scholar
- [162] . 2017. Ransomware: Current trend, challenges, and research directions. In Proceedings of The World Congress on Eng. and Comp. Science.Google Scholar
- [163] . 2020. WOOF locker: Unmasking the Browser Locker Behind a Stealthy Tech Support Scam Operation. https://blog.malwarebytes.com/threat-analysis/2020/01/woof-locker-stealthy-browser-locker-tech-support-scam/.Google Scholar
- [164] . 2017. Ransomware Delivery Mechanisms. https://www.lastline.com/labsblog/ransomware-delivery-mechanisms/.Google Scholar
- [165] . 2016. Automated dynamic analysis of ransomware: Benefits, limitations and use for detection. CoRR abs/1609.03020 (2016). http://arxiv.org/abs/1609.03020.Google Scholar
- [166] . 2020. Avoiding future digital extortion through robust protection against ransomware threats using deep learning based adaptive approaches. IEEE Access (2020).Google ScholarCross Ref
- [167] . 2018. RansomWall: A layered defense system against cryptographic ransomware attacks using machine learning. In 2018 10th International Conference on Communication Systems Networks (COMSNETS).Google ScholarCross Ref
- [168] . 2018. Ransomware detection by mining API call usage. In 2018 International Conference on Advances in Computing, Communications and Informatics (ICACCI).Google ScholarCross Ref
- [169] . 2016. Ransomware: Studying transfer and mitigation. In 2016 International Conference on Computing, Analytics and Security Trends (CAST).Google ScholarCross Ref
- [170] . 2012. Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software (1st ed.). No Starch Press, USA.Google Scholar
- [171] . 2016. The Evolution of Mobile Ransomware. https://blog.avast.com/the-evolution-of-mobile-ransomware.Google Scholar
- [172] . 2016. Ransomware on Mobile Devices: Knock-knock-block. https://www.kaspersky.com/blog/mobile-ransomware-2016/12491/.Google Scholar
- [173] . 2016. The effective ransomware prevention technique using process monitoring on Android platform. Mobile Information Systems 2016 (2016).Google ScholarCross Ref
- [174] . 2015. The Current State of Ransomware: CTB-Locker. https://news.sophos.com/en-us/2015/12/31/the-current-state-of-ransomware-ctb-locker/.Google Scholar
- [175] . 2020. Ransomware: How an Attack Works. https://support.sophos.com/support/s/article/KB-000036277.Google Scholar
- [176] . 2017. Ransomware: Facts, Threats, and Countermeasures. https://www.cisecurity.org/blog/ransomware-facts-threats-and-countermeasures/. [Online; accessed 13-October-2020].Google Scholar
- [177] . 2020. Carnival Hit by Ransomware Attack. https://www.reuters.com/article/us-carnival-cyber/carnival-hit-by-ransomware-attack-guest-and-employee-data-accessed-idUSKCN25D2GR. [Online; accessed 13-October-2020].Google Scholar
- [178] . 2020. Reflective Loading Runs Netwalker Fileless Ransomware. https://www.trendmicro.com/netwalker-fileless-ransomware-injected-via-reflective-loading.html. [Online; accessed 13-October-2020].Google Scholar
- [179] . 2013. Desktop OS Market Share 2013-2018 | Statista. https://www.statista.com/statistics/218089/global-market-share-of-windows-7/.Google Scholar
- [180] . 2019. An Overview of Symmetric Encryption and the Key Lifecycle. https://www.cryptomathic.com/news-events/blog/an-overview-of-symmetric-encryption-and-the-key-lifecycle. [Online; accessed 13-October-2020].Google Scholar
- [181] . 2018. Exploring adversarial examples in malware detection. CoRR abs/1810.08280 (2018).
arxiv:1810.08280 http://arxiv.org/abs/1810.08280.Google Scholar - [182] . 2018. Detecting ransomware using support vector machines. In Proceedings of the 47th International Conference on Parallel Processing Companion. ACM.Google ScholarDigital Library
- [183] . 2020. RansomSpector: An introspection-based approach to detect crypto ransomware. Computers & Security 97 (2020).Google ScholarDigital Library
- [184] . 2017. Sensor-based ransomware detection. In Future Technologies Conference.Google Scholar
- [185] . 2020. WastedLocker: Symantec Identifies Wave of Attacks Against U.S. Organizations. https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/wastedlocker-ransomware-us. [Online; accessed 13-October-2020].Google Scholar
- [186] . 2021. SoK: Cryptojacking malware. In 2021 IEEE European Symposium on Security and Privacy (EuroS&P). 120–139.Google ScholarCross Ref
- [187] . 2019. Emerging Threat on Ransom Locky. https://success.trendmicro.com/solution/1113859-emerging-threat-on-ransom-locky.Google Scholar
- [188] . 2014. Rootkit. https://www.veracode.com/security/rootki. [Online; accessed 13-October-2020].Google Scholar
- [189] . 2019. MimosaFTL: Adding secure and practical ransomware defense strategy to flash translation layer.Google Scholar
- [190] . 2020. Ransomware protection in IoT using software defined networking. International Journal of Electrical and Computer Engineering (IJECE) 10 (2020).Google ScholarCross Ref
- [191] . 2015. Encryption Ransomware Threatens Linux Users. https://news.drweb.com/show/?i=9686&c=5&lng=en&p=0. [Online; accessed 13-October-2020].Google Scholar
- [192] . 2017. Deep ground truth analysis of current Android malware. In Detection of Intrusions and Malware, and Vulnerability Assessment. Springer Inter. Publ.Google Scholar
- [193] . 2019. On threat analysis and risk estimation of automotive ransomware. In ACM Computer Science in Cars Symposium (Kaiserslautern, Germany) (
CSCS’19 ). ACM, Article6 .Google Scholar - [194] . 2018. Atlanta Spent \( 2.6M to Recover From a \)52,000 Ransomware Scare. https://www.wired.com/story/atlanta-spent-26m-recover-from-ransomware-scare/.Google Scholar
- [195] . 2016. New OS X Ransomware KeRanger Infected Transmission BitTorrent Client Installer. https://unit42.paloaltonetworks.com/new-os-x-ransomware-keranger-infected-transmission-bittorrent-client-installer/. [Online; accessed 13-October-2020].Google Scholar
- [196] . 1996. Cryptovirology: Extortion-based security threats and countermeasures. In Proceedings 1996 IEEE Symposium on Security and Privacy.Google ScholarCross Ref
- [197] . 2017. On ransomware and envisioning the enemy of tomorrow. Computer 50, 11 (2017).Google ScholarCross Ref
- [198] . 2018. TheZoo. https://github.com/ytisf/theZoo. [Online; accessed 13-October-2020].Google Scholar
- [199] . 2017. CLDSafe: An efficient file backup system in cloud storage against ransomware. IEICE Transactions on Information and Systems E100.D (
09 2017).Google ScholarCross Ref - [200] . 2020. Ransomware classification using patch-based CNN and self-attention network on embedded N-grams of opcodes. Future Generation Computer Systems 110 (2020).Google ScholarCross Ref
- [201] . 2019. Classification of ransomware families with machine learning based on N-gram of opcodes. Future Generation Computer Systems 90 (2019).Google ScholarCross Ref
- [202] . 2017. GreatEatlon: Fast, static detection of mobile ransomware. In Security and Privacy in Communication Networks. Springer Int. Publ.Google ScholarCross Ref
- [203] . 2020. Evaluation to classify ransomware variants based on correlations between APIs. In 6th International Conference on Information Systems Security and Privacy.Google ScholarCross Ref
- [204] . 2019. Understanding the evolution of ransomware: Paradigm shifts in attack structures. I. J. Computer Network and Information Security 1 (
01 2019).Google Scholar - [205] . 2020. A multi-tier streaming analytics model of 0-day ransomware detection using machine learning. Applied Sciences 10 (2020).Google ScholarCross Ref
Index Terms
-
A Survey on Ransomware: Evolution, Taxonomy, and Defense Solutions
-
Recommendations
-
Trusted detection of ransomware in a private cloud using machine learning methods leveraging meta-features from volatile memory
A solution for trusted detection of unknown ransomware in VMs is proposed.Valuable data is extracted from the VM's memory dump using the Volatility framework.General descriptive features are proposed and successfully leveraged by ML algorithms.The ...
-
Ransomware threat success factors, taxonomy, and countermeasures
The paper surveys state-of-the-art studies on ransomware analysis, detection, and prediction.The work describes the enabling technologies and factors that contribute to successful ransomware attacks.The paper proposes a general taxonomy for the ...
-
Survey and taxonomy of botnet research through life-cycle
Of all current threats to cybersecurity, botnets are at the top of the list. In consequence, interest in this problem is increasing rapidly among the research community and the number of publications on the question has grown exponentially in recent ...
Comments