A Survey on Situational Awareness of Ransomware Attacks—Detection and Prevention Parameters

Abstract

In recent years, cybercrime activities have grown significantly, compromising device security and jeopardizing the normal activities of enterprises. The profits obtained through intimidation and the limitations for tracking down the illegal transactions have created a lucrative business based on the hijacking of users’ files. In this context, ransomware takes advantage of cryptography to compromise the user information or deny access to the operating system. Then, the attacker extorts the victim to pay a ransom in order to regain access, recover the data, or keep the information private. Nowadays, the adoption of Situational Awareness (SA) and cognitive approaches can facilitate the rapid identification of ransomware threats. SA allows knowing what is happening in compromised devices and network communications through monitoring, aggregation, correlation, and analysis tasks. The current literature provides some parameters that are monitored and analyzed in order to prevent these kinds of attacks at an early stage. However, there is no complete list of them. To the best of our knowledge, this paper is the first proposal that summarizes the parameters evaluated in this research field and considers the SA concept. Furthermore, there are several articles that tackle ransomware problems. However, there are few surveys that summarize the current situation in the area, not only regarding its evolution but also its issues and future challenges. This survey also provides a classification of ransomware articles based on detection and prevention approaches.