Advertisement

Preventing and Mitigating Ransomware

A Systematic Literature Review
  • Zandile ManjeziEmail author
  • Reinhardt A. Botha
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 973)

Abstract

There has been significant growth in ransomware attacks over the past few years. Many organizations have been affected by a variety of ransomware attacks, leading to a large amount of data becoming inaccessible. In a typical ransomware attack malicious software encrypts electronic data while extorting money from an unexpecting victim. In order to decrypt and restore data, the attacker requests user to pay the ransom amount, typically through crypto-currency such as Bitcoin. There are various ways how ransomware infiltrate a computer, including phishing emails, drive-by downloads or vulnerable websites containing executable files of the malware. Being a new emerging type of attack, limited consolidated information is known by users. Therefore, this paper sets out to perform a systematic literature review to determine what has been published during the previous 3 years in leading academic journals regarding the prevention and mitigation of ransomware. Two hundred and sixty one (261) journal articles dealt with ransomware from four perspectives: prevention and mitigation methods, detection methods, case studies and attack methods. Out of the 261 journal articles, 35 journal articles that resort under the prevention and mitigation category were further analyzed. The papers were coded and a consolidated list of 13 guidelines was constructed. Interestingly, and somewhat concerning, these prevention and mitigation guidelines cover basic cyber-security practices to prevent and mitigate against any kind of cyber-attack, not specifically ransomware. This raises questions regarding the research agenda, but the repetition of established guidelines also raises questions on the effectiveness of security education, training and awareness interventions.

Keywords

Ransomware Systematic literature review Ransomware prevention Cyber-security Guidelines 

Notes

Acknowledgements

This work is based upon research partially supported by the National Research Foundation, and partially through a CSIR-DST Inter-Programme Bursary. Any opinion, findings and conclusions or recommendations expressed in this material are those of the author(s) and not of the respective funders.

References

  1. 1.
    Al-Rimy, B.A.S., Maarof, M.A., Mohd Shaid, S.Z.: Ransomware threat success factors, taxonomy, and countermeasures: a survey and research directions. Comput. Secur. 74, 144–166 (2018).  https://doi.org/10.1016/j.cose.2018.01.001CrossRefGoogle Scholar
  2. 2.
    Ali, A.: Ransomware: a research and a personal case study of dealing with this nasty Malware. J. Issues Inform. Sci. Inf. Technol. 14, 87–99 (2017). http://www.informingscience.org/Publications/3707CrossRefGoogle Scholar
  3. 3.
    Allen, J.: Surviving ransomware. Am. J. Fam. Law 31(2), 65–68 (2017)Google Scholar
  4. 4.
    van Alstin, C.M.: Ransomware: it’s as scary as it sounds. Health Manag. Technol. 37(4), 26–27 (2016)Google Scholar
  5. 5.
    Brewer, R.: Ransomware attacks: detection, prevention and cure. Netw. Secur. 2016(9), 5–9 (2016).  https://doi.org/10.1016/S1353-4858(16)30086-1CrossRefGoogle Scholar
  6. 6.
    Brody, M.L.: Protecting yourself from ransomware and should you become a victim, here’s how to recover. Podiatry Manag. 36(6), 39–40 (2017)Google Scholar
  7. 7.
    Cabaj, K., Mazurczyk, W.: Using software-defined networking for ransomware mitigation: the case of CryptoWall. IEEE Netw. 30(6), 14–20 (2016).  https://doi.org/10.1109/MNET.2016.1600110NMCrossRefGoogle Scholar
  8. 8.
    Chen, J., et al.: Uncovering the face of Android ransomware: characterization and real-time detection. IEEE Trans. Inf. Forensics Secur. 13(5), 1289–1300 (2018).  https://doi.org/10.1109/TIFS.2017.2787905. http://ieeexplore.ieee.orgCrossRefGoogle Scholar
  9. 9.
    Cimitile, A., Mercaldo, F., Nardone, V., Santone, A., Visaggio, C.A.: Talos: no more ransomware victims with formal methods. Int. J. Inf. Secur. (2017).  https://doi.org/10.1007/s10207-017-0398-5CrossRefGoogle Scholar
  10. 10.
    Erridge, T.: Ransomware: threat and response. Netw. Secur. 2016(10), 17–19 (2016).  https://doi.org/10.1016/S1353-4858(16)30097-6CrossRefGoogle Scholar
  11. 11.
    Goldsborough, R.: Protecting yourself from ransomware. Teacher Librarian 43(4), 70–71 (2016)Google Scholar
  12. 12.
    Goldsborough, R.: The increasing threat of ransomware. Teacher Librarian 45(1), 61 (2017)Google Scholar
  13. 13.
    Gómez-Hernández, J.A., Álvarez-González, L., García-Teodoro, P.: R-Locker: thwarting ransomware action through a honeyfile-based approach. Comput. Secur. 73, 389–398 (2018).  https://doi.org/10.1016/j.cose.2017.11.019CrossRefGoogle Scholar
  14. 14.
    Gordon, S.: Ransomware menace grows as new threats emerge. Netw. Secur. 2016(8), 1–2 (2016).  https://doi.org/10.1016/S1353-4858(16)30072-1CrossRefGoogle Scholar
  15. 15.
    Green, A.: Ransomware and the GDPR. Netw. Secur. 2017(3), 18–19 (2017).  https://doi.org/10.1016/S1353-4858(17)30030-2CrossRefGoogle Scholar
  16. 16.
    Jones, J., Shashidhar, N.: Ransomware analysis and defense WannaCry and the Win32 environment. Int. J. Inf. Secur. Sci. 6(4), 57–69 (2017)Google Scholar
  17. 17.
    Lee, J.K., Moon, S.Y., Park, J.H.: CloudRPS: a cloud analysisbased enhancedransomware prevention system. J. Supercomput. 2017(73), 3065–3084 (2017).  https://doi.org/10.1007/s11227-016-1825-5CrossRefGoogle Scholar
  18. 18.
    Lee, S.y.: Guarding against ransomware. Internal Auditor 74(4), 13 (2017)Google Scholar
  19. 19.
    Luo, X., Liao, Q.: Awareness education as the key to ransomware prevention. 16(4), 195–202 (2007).  https://doi.org/10.1080/10658980701576412CrossRefGoogle Scholar
  20. 20.
    Mansfield-Devine, S.: Hospitals become major target for ransomware. Netw. Secur. 2016(4), 1–2 (2016).  https://doi.org/10.1016/S1353-4858(16)30031-9CrossRefGoogle Scholar
  21. 21.
    Monika, Zavarsky, P., Lindskog, D.: Experimental analysis of ransomware on windows and android platforms: evolution and characterization. In: Shakshuki, E. (ed.) The 2nd International Workshop on Future Information Security, Privacy & Forensics for Complex Systems, pp. 465–472. Procedia Computer Science, Edmonton (2016).  https://doi.org/10.1016/j.procs.2016.08.072CrossRefGoogle Scholar
  22. 22.
    Pope, J.: Ransomware: minimizing the risks. Innov. Clin. Neurosci. 13(11–12), 37–40 (2016)Google Scholar
  23. 23.
    Richardson, R., North, M.: Ransomware: evolution, mitigation and prevention. Int. Manag. Rev. 13(1), 10–21 (2017)Google Scholar
  24. 24.
    Scaife, N., Traynor, P., Butler, K.: Making sense of the ransomware mess (and planning a sensible path forward). IEEE Potentials 36(6), 28–31 (2017).  https://doi.org/10.1109/MPOT.2017.2737201CrossRefGoogle Scholar
  25. 25.
    Sheffield, J.: Pirates of the PHI: identifying and responding to a ransomware attack according to HIPAA best practices. Benefits Law J. 30(4), 36–54 (2017)Google Scholar
  26. 26.
    Solander, A.C., Forman, A.S., Glasser, N.M.: Ransomware-give me back my files! Empl. Relat. Law J. 42(2), 53–55 (2016)Google Scholar
  27. 27.
    von Solms, R., von Solms, S.H.: Information security governance: a model based on the direct-control cycle. Comput. Secur. 25(6), 408–412 (2006).  https://doi.org/10.1016/j.cose.2006.07.005CrossRefGoogle Scholar
  28. 28.
    Srinivasan, C.R.: Hobby hackers to billion-dollar industry: the evolution of ransomware. Comput. Fraud Secur. 2017(11), 7–9 (2017).  https://doi.org/10.1016/S1361-3723(17)30081-7CrossRefGoogle Scholar
  29. 29.
    Webster, J., Watson, R.T.: Analyzing the past to prepare for the future: writing a literature review. MIS Q. 26(2), xiii–xxiii (2002). http://www.misq.org/misreview/announce.html
  30. 30.
    Yaqoob, I., Ahmed, E., ur Rehman, M.H., Ahmed, A.I.A., Al-Garadi, M.A., Imran, M., Guizani, M.: The rise of ransomware and emerging security challenges in the Internet of Things. Comput. Netw. 129(Part 2), 444–458 (2017).  https://doi.org/10.1016/j.comnet.2017.09.003CrossRefGoogle Scholar
  31. 31.
    Yun, J., Hur, J., Shin, Y., Koo, D.: CLDSafe: an efficient file backup system in cloud storage against ransomware. IEICE Trans. Inf. Syst. 100(9), 2228–2231 (2017).  https://doi.org/10.1587/transinf.2017EDL8052CrossRefGoogle Scholar
  32. 32.
    Zimba, A., Wang, Z., Chen, H.: Multi-stage crypto ransomware attacks: a new emerging cyber threat to critical infrastructure and industrial control systems. ICT Express 4(1), 14–18 (2018).  https://doi.org/10.1016/j.icte.2017.12.007CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Center for Research in Information and Cyber SecurityNelson Mandela UniversityPort ElizabethSouth Africa

Personalised recommendations