Ransomware threat success factors, taxonomy, and countermeasures: A survey and research directions

Abstract

Ransomware is a malware category that exploits security mechanisms such as cryptography in order to hijack user files and related resources and demands money in exchange for the locked data. Therefore, ransomware has become a lucrative business that has gained increasing popularity among attackers. Unlike traditional malware, even after removal, ransomware's effect is irreversible and difficult to mitigate without the help of its creator. In addition to the downtime costs and the money that individuals and business entities could pay as a ransom, those victims could incur other damage such as loss of data, reputation, and life. To date, several studies have been conducted to address this unique, challenging threat and have tried to provide detection and prevention solutions. However, there is a lack of survey articles that explore the research endeavors in ransomware and highlight the challenges and issues faced by existing solutions. This survey fills the gap and provides a holistic state-of-the-art review of the research on ransomware and its detection and prevention techniques. The survey puts forward a novel ransomware taxonomy, from several perspectives. It then elaborates on the factors that lead to a successful ransomware attacks before discussing in detail the research into counteracting ransomware, including analysis, prevention, detection and prediction solutions. The survey concludes with a brief discussion on the open issues and potential research directions in the near future.