Portal de Periódicos da CAPES

Ransomware Reloaded: Re-examining Its Trend, Research and Mitigation in the Era of Data Exfiltration

2024; Association for Computing Machinery; Linguagem: Inglês

10.1145/3691340

1557-7341

Timothy R. McIntosh, Teo Sušnjak, Tong Liu, Dan Xu, Paul Watters, Dongwei Liu, Y. Hao, Alex Ng, Malka N. Halgamuge,

Information and Cyber Security

Ransomware has grown to be a dominant cybersecurity threat, by exfiltrating, encrypting or destroying valuable user data, and causing numerous disruptions to victims. The severity of the ransomware endemic has generated research interest from both the academia and the industry. However, many studies held stereotypical assumptions about ransomware, used unverified, outdated and limited self-collected ransomware samples, and did not consider government strategies, industry guidelines or cyber intelligence. We observed that ransomware no longer exists simply as an executable file or limits to encrypting files (data loss); data exfiltration (data breach) is the new norm, espionage is an emerging theme, and the industry is shifting focus from technical advancements to cyber governance and resilience. We created a ransomware innovation adoption curve, critically evaluated 212 academic studies published during 2020 and 2023, and cross-verified them against various government strategies, industry reports and cyber intelligence on ransomware. We concluded that many studies were becoming irrelevant to the contemporary ransomware reality, and called for the redirection of ransomware research to align with the continuous ransomware evolution in the industry. We proposed to address data exfiltration as priority over data encryption, to consider ransomware in a business-practical manner, and recommended research collaboration with the industry.