Survey on Prevention, Mitigation and Containment of Ransomware Attacks

  • Sumith ManiathEmail author
  • Prabaharan Poornachandran
  • V. G. Sujadevi
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 969)


Ransomware is a type of malicious software that holds access to computer resources for a ransom amount. This is accomplished through encrypting the personal files or denying access to the user interface. The access is reinstated only once ransom amount is paid to the attacker. There is a significant increase in ransomware attacks involving crypto ransomware, which encrypt the personal files present on a host or network attached storage and demand ransom in cryptocurrency. Improvements are being made by ransomware in the encryption algorithms, key exchange mechanisms and modes of lateral movement as time progresses. This change has to be reflected in the detections mechanisms to effectively defend against the attacks. Ransomware has become one of the highest damaging types of cyber-attack in the present time and organizations across the world have lost billions of dollars in damages caused due to disruption in business operations. Attackers have earned millions of dollars in ransom money from their victims. Effective detection of ransomware and preventing data loss through encryption is a leading field of research. This paper summarizes the latest research, security products and practices in the prevention, mitigation, and containment of ransomware attacks.


Ransomware Cryptography Detection Exploits Infection vector Whitelisting Threat intelligence Vulnerability Anti-ransomware 


  1. 1.
  2. 2.
    Funny money: exploring the connection between bitcoin and ransomware.
  3. 3.
    Young, A., Yung, M.: Cryptovirology: extortion-based security threats and countermeasures. In: Proceedings of 1996 IEEE Symposium on Security and Privacy. IEEE (1996)Google Scholar
  4. 4.
  5. 5.
    Yaqoob, I., et al.: The rise of ransomware and emerging security challenges in the Internet of Things. Comput. Netw. 129, 444–458 (2017)CrossRefGoogle Scholar
  6. 6.
    Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., Kirda, E.: Cutting the Gordian knot: a look under the hood of ransomware attacks. In: Almgren, M., Gulisano, V., Maggi, F. (eds.) DIMVA 2015. LNCS, vol. 9148, pp. 3–24. Springer, Cham (2015). Scholar
  7. 7.
    Hampton, N., Baig, Z.A.: Ransomware: emergence of the cyber-extortion menace (2015)Google Scholar
  8. 8.
    Patyal, M., et al.: Multi-layered defense architecture against ransomware. Int. J. Bus. Cyber Secur. 1(2) (2017)Google Scholar
  9. 9.
    Pascariu, C., Barbu, I.-D.: Ransomware–an emerging threat. Int. J. Inf. Secur. Cybercrime 4(2), 27–32 (2015)Google Scholar
  10. 10.
    Chong, R.: Locky ransomware distributed via DOCM attachments in latest email campaigns. In: FireEye, 17 August 2016. Accessed Sept 2016Google Scholar
  11. 11.
    Aurangzeb, S., et al.: Ransomware: a survey and trends. J. Inf. Assur. Secur. 6(2) (2017)Google Scholar
  12. 12.
    Mohurle, S., Patil, M.: A brief study of wannacry threat: Ransomware attack 2017. Int. J. Adv. Res. Comput. Sci. 8(5) (2017)Google Scholar
  13. 13.
  14. 14.
    Adamov, A., Carlsson, A.: The state of ransomware. Trends and mitigation techniques. In: 2017 IEEE East-West Design & Test Symposium (EWDTS). IEEE (2017)Google Scholar
  15. 15.
    Thomas, G., Burmeister, O., Low, G.: Issues of implied trust in ethical hacking (2018)Google Scholar
  16. 16.
    Delphy, B.: Mimikatz (2016)Google Scholar
  17. 17.
    Mansfield-Devine, S.: Ransomware: taking businesses hostage. Netw. Secur. 2016(10), 8–17 (2016)CrossRefGoogle Scholar
  18. 18.
    Ahn, G.-J., et al.: Ransomware 7 and cryptocurrency. Cybercrime Interdiscip. Lens 26, 105 (2016)Google Scholar
  19. 19.
    Sittig, D.F., Singh, H.: A socio-technical approach to preventing, mitigating, and recovering from ransomware attacks. Appl. Clin. Inform. 7(2), 624 (2016)CrossRefGoogle Scholar
  20. 20.
    Parmar, B.: Employee negligence: the most overlooked vulnerability. Comput. Fraud. Secur. 2013(3), 18–20 (2013)CrossRefGoogle Scholar
  21. 21.
    Luo, X., Liao, Q.: Awareness education as the key to ransomware prevention. Inf. Syst. Secur. 16(4), 195–202 (2007)CrossRefGoogle Scholar
  22. 22.
    Goodman, J., Cormack, G.V., Heckerman, D.: Spam and the ongoing battle for the inbox. Commun. ACM 50(2), 24–33 (2007)CrossRefGoogle Scholar
  23. 23.
  24. 24.
  25. 25.
    Cabaj, K., Mazurczyk, W.: Using software-defined networking for ransomware mitigation: the case of cryptowall. IEEE Netw. 30(6), 14–20 (2016)CrossRefGoogle Scholar
  26. 26.
  27. 27.
  28. 28.
    Enterprise patching… is patchy, survey finds.
  29. 29.
    David, J.: Unpatched vulnerabilities-the big issues. Netw. Secur. 2003(12), 10–14 (2003)CrossRefGoogle Scholar
  30. 30.
    Nieuwenhuizen, D.: A Behavioral-Based Approach to Ransomware Detection. MWR Labs Whitepaper, Whitepaper (2017)Google Scholar
  31. 31.
    Haber, M.J., Hibbert, B.: Privilege escalation. In: Privileged Attack Vectors, pp. 53–68. Apress, Berkeley (2018)Google Scholar
  32. 32.
    Viswanath, H., Mehtre, B.M.: System and method for zero-day privilege escalation malware detection. U.S. Patent Application No. 15/093,690 (2018)Google Scholar
  33. 33.
    Gajek, J.: Macro malware: dissecting a malicious word document. Netw. Secur. 2017(5), 8–13 (2017)CrossRefGoogle Scholar
  34. 34.
    Lokuketagoda, B., et al.: R-Killer: an email based ransomware protection tool. Int. J. Comput. Inf. Eng. 5(2) (2018)Google Scholar
  35. 35.
    Usman, L., Prayudi, Y., Riadi, I.: Ransomware analysis based on the surface, runtime and static code method. J. Theor. Appl. Inf. Technol. 95(11) (2017)Google Scholar
  36. 36.
    Beuhring, A., Salous, K.: Beyond blacklisting: cyberdefense in the era of advanced persistent threats. IEEE Secur. Priv. 12(5), 90–93 (2014)CrossRefGoogle Scholar
  37. 37.
    Durve, R., Bouridane, A.: Windows 10 security hardening using device guard whitelisting and Applocker blacklisting. In: 2017 Seventh International Conference on Emerging Security Technologies (EST). IEEE (2017)Google Scholar
  38. 38.
    O’dowd, A.: Major global cyber-attack hits NHS and delays treatment. BMJ Br. Med. J. 357 (2017)Google Scholar
  39. 39.
    Kurmus, A., Sorniotti, A., Kapitza, R.: Attack surface reduction for commodity OS kernels: trimmed garden plants may attract less bugs. In: Proceedings of the Fourth European Workshop on System Security. ACM (2011)Google Scholar
  40. 40.
    Google Chrome will start blocking flash by default.
  41. 41.
    Scaife, N., et al.: Cryptolock (and drop it): stopping ransomware attacks on user data. In: 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS). IEEE (2016)Google Scholar
  42. 42.
    Ransomware protection RansomFree by cybereason.
  43. 43.
    Continella, A., et al.: ShieldFS: a self-healing, ransomware-aware filesystem. In: Proceedings of the 32nd Annual Conference on Computer Security Applications. ACM (2016)Google Scholar
  44. 44.
    Cryptostalker, prevent ransomware on linux.
  45. 45.
    Kaspersky anti-ransomware tool kaspersky lab.
  46. 46.
  47. 47.
  48. 48.
  49. 49.
    Lee, J.K., Moon, S.Y., Park, J.H.: CloudRPS: a cloud analysis based enhanced ransomware prevention system. J. Supercomput. 73(7), 3065–3084 (2017)CrossRefGoogle Scholar
  50. 50.
    Yun, J., et al.: CLDSafe: an efficient file backup system in cloud storage against ransomware. IEICE Trans. Inf. Syst. 100(9), 2228–2231 (2017)CrossRefGoogle Scholar
  51. 51.
    Zimba, A.: Malware-free intrusion: a novel approach to ransomware infection vectors. Int. J. Comput. Sci. Inf. Secur. 15(2), 317 (2017)Google Scholar
  52. 52.
    Scaife, N., Traynor, P., Butler, K.: Making Sense of the ransomware mess (and planning a sensible path forward). IEEE Potentials 36(6), 28–31 (2017)CrossRefGoogle Scholar
  53. 53.
    Shaikh, R., Sasikumar, M.: Data classification for achieving security in cloud computing. Procedia Comput. Sci. 45, 493–498 (2015)CrossRefGoogle Scholar
  54. 54.
    Mansfield-Devine, S.: Ransomware: the most popular form of attack. Comput. Fraud. Secur. 2017(10), 15–20 (2017)CrossRefGoogle Scholar
  55. 55.
    Addressing ransomware attacks and other malware ForeScout.
  56. 56.
    The no more ransom project.
  57. 57.
    Bridges, L.: The changing face of malware. Netw. Secur. 2008(1), 17–20 (2008)CrossRefGoogle Scholar
  58. 58.
    Malin, C.H., Casey, E., Aquilina, J.M.: Malware Forensics: Investigating and Analyzing Malicious Code. Syngress, Waltham (2008)Google Scholar
  59. 59.
    Mell, P., Kent, K., Nusbaum, J.: Guide to malware incident prevention and handling. US Department of Commerce, Technology Administration, National Institute of Standards and Technology (2005)Google Scholar
  60. 60.
    Cohen, M.I., Bilby, D., Caronni, G.: Distributed forensics and incident response in the enterprise. Digit. Investig. 8, S101–S110 (2011)CrossRefGoogle Scholar
  61. 61.

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  • Sumith Maniath
    • 1
    Email author
  • Prabaharan Poornachandran
    • 1
  • V. G. Sujadevi
    • 1
  1. 1.Amrita Center for Cyber Security Systems and Networks, Amrita School of Engineering, Amritapuri, Amrita Vishwa VidyapeethamAmritapuriIndia

Personalised recommendations