Preventing and Mitigating Ransomware

A Systematic Literature Review
  • Zandile ManjeziEmail author
  • Reinhardt A. Botha
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 973)


There has been significant growth in ransomware attacks over the past few years. Many organizations have been affected by a variety of ransomware attacks, leading to a large amount of data becoming inaccessible. In a typical ransomware attack malicious software encrypts electronic data while extorting money from an unexpecting victim. In order to decrypt and restore data, the attacker requests user to pay the ransom amount, typically through crypto-currency such as Bitcoin. There are various ways how ransomware infiltrate a computer, including phishing emails, drive-by downloads or vulnerable websites containing executable files of the malware. Being a new emerging type of attack, limited consolidated information is known by users. Therefore, this paper sets out to perform a systematic literature review to determine what has been published during the previous 3 years in leading academic journals regarding the prevention and mitigation of ransomware. Two hundred and sixty one (261) journal articles dealt with ransomware from four perspectives: prevention and mitigation methods, detection methods, case studies and attack methods. Out of the 261 journal articles, 35 journal articles that resort under the prevention and mitigation category were further analyzed. The papers were coded and a consolidated list of 13 guidelines was constructed. Interestingly, and somewhat concerning, these prevention and mitigation guidelines cover basic cyber-security practices to prevent and mitigate against any kind of cyber-attack, not specifically ransomware. This raises questions regarding the research agenda, but the repetition of established guidelines also raises questions on the effectiveness of security education, training and awareness interventions.


Ransomware Systematic literature review Ransomware prevention Cyber-security Guidelines 



This work is based upon research partially supported by the National Research Foundation, and partially through a CSIR-DST Inter-Programme Bursary. Any opinion, findings and conclusions or recommendations expressed in this material are those of the author(s) and not of the respective funders.


  1. 1.
    Al-Rimy, B.A.S., Maarof, M.A., Mohd Shaid, S.Z.: Ransomware threat success factors, taxonomy, and countermeasures: a survey and research directions. Comput. Secur. 74, 144–166 (2018). Scholar
  2. 2.
    Ali, A.: Ransomware: a research and a personal case study of dealing with this nasty Malware. J. Issues Inform. Sci. Inf. Technol. 14, 87–99 (2017). Scholar
  3. 3.
    Allen, J.: Surviving ransomware. Am. J. Fam. Law 31(2), 65–68 (2017)Google Scholar
  4. 4.
    van Alstin, C.M.: Ransomware: it’s as scary as it sounds. Health Manag. Technol. 37(4), 26–27 (2016)Google Scholar
  5. 5.
    Brewer, R.: Ransomware attacks: detection, prevention and cure. Netw. Secur. 2016(9), 5–9 (2016). Scholar
  6. 6.
    Brody, M.L.: Protecting yourself from ransomware and should you become a victim, here’s how to recover. Podiatry Manag. 36(6), 39–40 (2017)Google Scholar
  7. 7.
    Cabaj, K., Mazurczyk, W.: Using software-defined networking for ransomware mitigation: the case of CryptoWall. IEEE Netw. 30(6), 14–20 (2016). Scholar
  8. 8.
    Chen, J., et al.: Uncovering the face of Android ransomware: characterization and real-time detection. IEEE Trans. Inf. Forensics Secur. 13(5), 1289–1300 (2018). Scholar
  9. 9.
    Cimitile, A., Mercaldo, F., Nardone, V., Santone, A., Visaggio, C.A.: Talos: no more ransomware victims with formal methods. Int. J. Inf. Secur. (2017). Scholar
  10. 10.
    Erridge, T.: Ransomware: threat and response. Netw. Secur. 2016(10), 17–19 (2016). Scholar
  11. 11.
    Goldsborough, R.: Protecting yourself from ransomware. Teacher Librarian 43(4), 70–71 (2016)Google Scholar
  12. 12.
    Goldsborough, R.: The increasing threat of ransomware. Teacher Librarian 45(1), 61 (2017)Google Scholar
  13. 13.
    Gómez-Hernández, J.A., Álvarez-González, L., García-Teodoro, P.: R-Locker: thwarting ransomware action through a honeyfile-based approach. Comput. Secur. 73, 389–398 (2018). Scholar
  14. 14.
    Gordon, S.: Ransomware menace grows as new threats emerge. Netw. Secur. 2016(8), 1–2 (2016). Scholar
  15. 15.
    Green, A.: Ransomware and the GDPR. Netw. Secur. 2017(3), 18–19 (2017). Scholar
  16. 16.
    Jones, J., Shashidhar, N.: Ransomware analysis and defense WannaCry and the Win32 environment. Int. J. Inf. Secur. Sci. 6(4), 57–69 (2017)Google Scholar
  17. 17.
    Lee, J.K., Moon, S.Y., Park, J.H.: CloudRPS: a cloud analysisbased enhancedransomware prevention system. J. Supercomput. 2017(73), 3065–3084 (2017). Scholar
  18. 18.
    Lee, S.y.: Guarding against ransomware. Internal Auditor 74(4), 13 (2017)Google Scholar
  19. 19.
    Luo, X., Liao, Q.: Awareness education as the key to ransomware prevention. 16(4), 195–202 (2007). Scholar
  20. 20.
    Mansfield-Devine, S.: Hospitals become major target for ransomware. Netw. Secur. 2016(4), 1–2 (2016). Scholar
  21. 21.
    Monika, Zavarsky, P., Lindskog, D.: Experimental analysis of ransomware on windows and android platforms: evolution and characterization. In: Shakshuki, E. (ed.) The 2nd International Workshop on Future Information Security, Privacy & Forensics for Complex Systems, pp. 465–472. Procedia Computer Science, Edmonton (2016). Scholar
  22. 22.
    Pope, J.: Ransomware: minimizing the risks. Innov. Clin. Neurosci. 13(11–12), 37–40 (2016)Google Scholar
  23. 23.
    Richardson, R., North, M.: Ransomware: evolution, mitigation and prevention. Int. Manag. Rev. 13(1), 10–21 (2017)Google Scholar
  24. 24.
    Scaife, N., Traynor, P., Butler, K.: Making sense of the ransomware mess (and planning a sensible path forward). IEEE Potentials 36(6), 28–31 (2017). Scholar
  25. 25.
    Sheffield, J.: Pirates of the PHI: identifying and responding to a ransomware attack according to HIPAA best practices. Benefits Law J. 30(4), 36–54 (2017)Google Scholar
  26. 26.
    Solander, A.C., Forman, A.S., Glasser, N.M.: Ransomware-give me back my files! Empl. Relat. Law J. 42(2), 53–55 (2016)Google Scholar
  27. 27.
    von Solms, R., von Solms, S.H.: Information security governance: a model based on the direct-control cycle. Comput. Secur. 25(6), 408–412 (2006). Scholar
  28. 28.
    Srinivasan, C.R.: Hobby hackers to billion-dollar industry: the evolution of ransomware. Comput. Fraud Secur. 2017(11), 7–9 (2017). Scholar
  29. 29.
    Webster, J., Watson, R.T.: Analyzing the past to prepare for the future: writing a literature review. MIS Q. 26(2), xiii–xxiii (2002).
  30. 30.
    Yaqoob, I., Ahmed, E., ur Rehman, M.H., Ahmed, A.I.A., Al-Garadi, M.A., Imran, M., Guizani, M.: The rise of ransomware and emerging security challenges in the Internet of Things. Comput. Netw. 129(Part 2), 444–458 (2017). Scholar
  31. 31.
    Yun, J., Hur, J., Shin, Y., Koo, D.: CLDSafe: an efficient file backup system in cloud storage against ransomware. IEICE Trans. Inf. Syst. 100(9), 2228–2231 (2017). Scholar
  32. 32.
    Zimba, A., Wang, Z., Chen, H.: Multi-stage crypto ransomware attacks: a new emerging cyber threat to critical infrastructure and industrial control systems. ICT Express 4(1), 14–18 (2018). Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Center for Research in Information and Cyber SecurityNelson Mandela UniversityPort ElizabethSouth Africa

Personalised recommendations