Survey on prevention, mitigation and containment of ransomware attacks

Abstract

Ransomware is a type of malicious software that holds access to computer resources for a ransom amount. This is accomplished through encrypting the personal files or denying access to the user interface. The access is reinstated only once ransom amount is paid to the attacker. There is a significant increase in ransomware attacks involving crypto ransomware, which encrypt the personal files present on a host or network attached storage and demand ransom in cryptocurrency. Improvements are being made by ransomware in the encryption algorithms, key exchange mechanisms and modes of lateral movement as time progresses. This change has to be reflected in the detections mechanisms to effectively defend against the attacks. Ransomware has become one of the highest damaging types of cyber-attack in the present time and organizations across the world have lost billions of dollars in damages caused due to disruption in business operations. Attackers have earned millions of dollars in ransom money from their victims. Effective detection of ransomware and preventing data loss through encryption is a leading field of research. This paper summarizes the latest research, security products and practices in the prevention, mitigation, and containment of ransomware attacks.