Preventing and Mitigating Ransomware: A Systematic Literature Review

Abstract

There has been significant growth in ransomware attacks over the past few years. Many organizations have been affected by a variety of ransomware attacks, leading to a large amount of data becoming inaccessible. In a typical ransomware attack malicious software encrypts electronic data while extorting money from an unexpecting victim. In order to decrypt and restore data, the attacker requests user to pay the ransom amount, typically through crypto-currency such as Bitcoin. There are various ways how ransomware infiltrate a computer, including phishing emails, drive-by downloads or vulnerable websites containing executable files of the malware. Being a new emerging type of attack, limited consolidated information is known by users. Therefore, this paper sets out to perform a systematic literature review to determine what has been published during the previous 3 years in leading academic journals regarding the prevention and mitigation of ransomware. Two hundred and sixty one (261) journal articles dealt with ransomware from four perspectives: prevention and mitigation methods, detection methods, case studies and attack methods. Out of the 261 journal articles, 35 journal articles that resort under the prevention and mitigation category were further analyzed. The papers were coded and a consolidated list of 13 guidelines was constructed. Interestingly, and somewhat concerning, these prevention and mitigation guidelines cover basic cyber-security practices to prevent and mitigate against any kind of cyber-attack, not specifically ransomware. This raises questions regarding the research agenda, but the repetition of established guidelines also raises questions on the effectiveness of security education, training and awareness interventions.