Ransomware detection, avoidance, and mitigation scheme: A review and future directions

Abstract

Ransomware attacks have emerged as a major cyber-security threat wherein user data is encrypted upon system infection. Latest Ransomware strands using advanced obfuscation techniques along with offline C2 Server capabilities are hitting Individual users and big corporations alike. This problem has caused business disruption and, of course, financial loss. Since there is no such consolidated framework that can classify, detect and mitigate Ransomware attacks in one go, we are motivated to present Detection Avoidance Mitigation (DAM), a theoretical framework to review and classify techniques, tools, and strategies to detect, avoid and mitigate Ransomware. We have thoroughly investigated different scenarios and compared already existing state of the art review research against ours. The case study of the infamous Djvu Ransomware is incorporated to illustrate the modus-operandi of the latest Ransomware strands, including some suggestions to contain its spread.