A Survey of Ransomware Detection Methods
Ransomware attacks continue to pose a significant challenge to cybersecurity, causing substantial financial and reputational damage to individuals and organizations. These attacks typically encrypt user data and demand a ransom for its release. There is a growing need for more effective and dynamic...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2025-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/10945868/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850152130734718976 |
|---|---|
| author | Saleh Alzahrani Yang Xiao Sultan Asiri Jianying Zheng Tieshan Li |
| author_facet | Saleh Alzahrani Yang Xiao Sultan Asiri Jianying Zheng Tieshan Li |
| author_sort | Saleh Alzahrani |
| collection | DOAJ |
| description | Ransomware attacks continue to pose a significant challenge to cybersecurity, causing substantial financial and reputational damage to individuals and organizations. These attacks typically encrypt user data and demand a ransom for its release. There is a growing need for more effective and dynamic detection methods, especially for zero-day and unknown ransomware variants. This survey focuses on ransomware-detecting methods published from 2019 to 2025. One hundred thirty-five papers were reviewed and filtered based on their scope and publication venue. For in-depth analysis, this survey selected 45 papers focusing on ransomware detection for Windows or Android operating systems. This paper aims to comprehensively review existing ransomware detection methods, focusing on their effectiveness, limitations, and applicability. The detection methods are categorized into machine-learning-based and non-machine-learning-based methods, discussing the advantages and drawbacks of each. The paper also highlights ransomware-as-a-service, explaining what it is, how it works, and how it affects the increasing number of ransomware attacks in recent years. It also studies the datasets used in the reviewed literature, listing their structures and limitations. This survey identifies gaps in current research and suggests future directions for developing more robust ransomware detection systems. |
| format | Article |
| id | doaj-art-655bae4ce3c4475d9e4fa3f3471db122 |
| institution | OA Journals |
| issn | 2169-3536 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj-art-655bae4ce3c4475d9e4fa3f3471db1222025-08-20T02:26:03ZengIEEEIEEE Access2169-35362025-01-0113579435798210.1109/ACCESS.2025.355618710945868A Survey of Ransomware Detection MethodsSaleh Alzahrani0https://orcid.org/0000-0001-8380-2487Yang Xiao1https://orcid.org/0000-0001-8549-6794Sultan Asiri2https://orcid.org/0000-0002-7405-7646Jianying Zheng3Tieshan Li4https://orcid.org/0000-0003-0474-953XDepartment of Computer Science, The University of Alabama, Tuscaloosa, AL, USADepartment of Computer Science, The University of Alabama, Tuscaloosa, AL, USADepartment of Computer Science, Applied College, King Khalid University, Muhayil, Saudi ArabiaSchool of Intelligent Manufacturing and Smart Transportation, Suzhou City University, Suzhou, ChinaSchool of Automation Engineering, University of Electronic Science and Technology of China, Chengdu, ChinaRansomware attacks continue to pose a significant challenge to cybersecurity, causing substantial financial and reputational damage to individuals and organizations. These attacks typically encrypt user data and demand a ransom for its release. There is a growing need for more effective and dynamic detection methods, especially for zero-day and unknown ransomware variants. This survey focuses on ransomware-detecting methods published from 2019 to 2025. One hundred thirty-five papers were reviewed and filtered based on their scope and publication venue. For in-depth analysis, this survey selected 45 papers focusing on ransomware detection for Windows or Android operating systems. This paper aims to comprehensively review existing ransomware detection methods, focusing on their effectiveness, limitations, and applicability. The detection methods are categorized into machine-learning-based and non-machine-learning-based methods, discussing the advantages and drawbacks of each. The paper also highlights ransomware-as-a-service, explaining what it is, how it works, and how it affects the increasing number of ransomware attacks in recent years. It also studies the datasets used in the reviewed literature, listing their structures and limitations. This survey identifies gaps in current research and suggests future directions for developing more robust ransomware detection systems.https://ieeexplore.ieee.org/document/10945868/Ransomwaredetection methodsstatic analysisdynamic analysismachine learning |
| spellingShingle | Saleh Alzahrani Yang Xiao Sultan Asiri Jianying Zheng Tieshan Li A Survey of Ransomware Detection Methods IEEE Access Ransomware detection methods static analysis dynamic analysis machine learning |
| title | A Survey of Ransomware Detection Methods |
| title_full | A Survey of Ransomware Detection Methods |
| title_fullStr | A Survey of Ransomware Detection Methods |
| title_full_unstemmed | A Survey of Ransomware Detection Methods |
| title_short | A Survey of Ransomware Detection Methods |
| title_sort | survey of ransomware detection methods |
| topic | Ransomware detection methods static analysis dynamic analysis machine learning |
| url | https://ieeexplore.ieee.org/document/10945868/ |
| work_keys_str_mv | AT salehalzahrani asurveyofransomwaredetectionmethods AT yangxiao asurveyofransomwaredetectionmethods AT sultanasiri asurveyofransomwaredetectionmethods AT jianyingzheng asurveyofransomwaredetectionmethods AT tieshanli asurveyofransomwaredetectionmethods AT salehalzahrani surveyofransomwaredetectionmethods AT yangxiao surveyofransomwaredetectionmethods AT sultanasiri surveyofransomwaredetectionmethods AT jianyingzheng surveyofransomwaredetectionmethods AT tieshanli surveyofransomwaredetectionmethods |