TY - JOUR
T1 - Ransomware threat success factors, taxonomy, and countermeasures
T2 - A survey and research directions
AU - Al-rimy, Bander Ali Saleh
AU - Maarof, Mohd Aizaini
AU - Shaid, Syed Zainudeen Mohd
N1 - Publisher Copyright:
© 2018 Elsevier Ltd
PY - 2018/5/1
Y1 - 2018/5/1
N2 - Ransomware is a malware category that exploits security mechanisms such as cryptography in order to hijack user files and related resources and demands money in exchange for the locked data. Therefore, ransomware has become a lucrative business that has gained increasing popularity among attackers. Unlike traditional malware, even after removal, ransomware's effect is irreversible and difficult to mitigate without the help of its creator. In addition to the downtime costs and the money that individuals and business entities could pay as a ransom, those victims could incur other damage such as loss of data, reputation, and life. To date, several studies have been conducted to address this unique, challenging threat and have tried to provide detection and prevention solutions. However, there is a lack of survey articles that explore the research endeavors in ransomware and highlight the challenges and issues faced by existing solutions. This survey fills the gap and provides a holistic state-of-the-art review of the research on ransomware and its detection and prevention techniques. The survey puts forward a novel ransomware taxonomy, from several perspectives. It then elaborates on the factors that lead to a successful ransomware attacks before discussing in detail the research into counteracting ransomware, including analysis, prevention, detection and prediction solutions. The survey concludes with a brief discussion on the open issues and potential research directions in the near future.
AB - Ransomware is a malware category that exploits security mechanisms such as cryptography in order to hijack user files and related resources and demands money in exchange for the locked data. Therefore, ransomware has become a lucrative business that has gained increasing popularity among attackers. Unlike traditional malware, even after removal, ransomware's effect is irreversible and difficult to mitigate without the help of its creator. In addition to the downtime costs and the money that individuals and business entities could pay as a ransom, those victims could incur other damage such as loss of data, reputation, and life. To date, several studies have been conducted to address this unique, challenging threat and have tried to provide detection and prevention solutions. However, there is a lack of survey articles that explore the research endeavors in ransomware and highlight the challenges and issues faced by existing solutions. This survey fills the gap and provides a holistic state-of-the-art review of the research on ransomware and its detection and prevention techniques. The survey puts forward a novel ransomware taxonomy, from several perspectives. It then elaborates on the factors that lead to a successful ransomware attacks before discussing in detail the research into counteracting ransomware, including analysis, prevention, detection and prediction solutions. The survey concludes with a brief discussion on the open issues and potential research directions in the near future.
KW - Bitcoin
KW - Crypto-ransomware
KW - Cryptography
KW - Cryptovirology
KW - Cybersecurity
KW - Locker-ransomware
KW - Malware
KW - Ransomware
KW - Scareware
KW - WannaCry
UR - http://www.scopus.com/inward/record.url?scp=85041383923&partnerID=8YFLogxK
U2 - 10.1016/j.cose.2018.01.001
DO - 10.1016/j.cose.2018.01.001
M3 - Article
AN - SCOPUS:85041383923
SN - 0167-4048
VL - 74
SP - 144
EP - 166
JO - Computers and Security
JF - Computers and Security
ER -