Portal de Periódicos da CAPES

Ransomware early detection: A survey

2023; Elsevier BV; Volume: 239; Linguagem: Inglês

10.1016/j.comnet.2023.110138

1872-7069

Mingcan Cen, Frank Jiang, Xingsheng Qin, Qinghong Jiang, Robin Doss,

Spam and Phishing Detection

In recent years, ransomware attacks have exploded globally, and it has become one of the most significant cyber threats to digital infrastructure. Such attacks have been targeting ranging from individuals to critical infrastructure or large organizations such as large commercial companies, energy facilities, medical centers and government departments. Ransomware attackers use sophisticated encryption techniques to hijack victims' files in exchange for a large ransom to release encrypted data. Sophisticated encryption techniques make it almost impossible for victims to recover data without the secret key in the event of such an attack. To protect systems from ransomware threats, malicious activities had better be detected earlier, preferably before they engage in the harmful behavior. Numerous studies have focused on ransomware threats and attempted to provide detection and prevention solutions for ransomware attacks, but none of the surveys explored the early detection of ransomware and highlighted challenges and issues with existing solutions. This survey fills this gap and provides a state-of-the-art overview of research on the ransomware early detections. Moreover, we investigate the latest ransomware surveys and give an overview of the categories of ransomware from different perspectives, the evolution and attack process of ransomware, and provide datasets used for ransomware detection. Finally, the possible future research directions are discussed.