A Survey of Ransomware Detection Methods

Ransomware attacks continue to pose a significant challenge to cybersecurity, causing substantial financial and reputational damage to individuals and organizations. These attacks typically encrypt user data and demand a ransom for its release. There is a growing need for more effective and dynamic...

Full description

Saved in:
Bibliographic Details
Main Authors: Saleh Alzahrani, Yang Xiao, Sultan Asiri, Jianying Zheng, Tieshan Li
Format: Article
Language:English
Published: IEEE 2025-01-01
Series:IEEE Access
Subjects:
Online Access:https://ieeexplore.ieee.org/document/10945868/
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1850152130734718976
author Saleh Alzahrani
Yang Xiao
Sultan Asiri
Jianying Zheng
Tieshan Li
author_facet Saleh Alzahrani
Yang Xiao
Sultan Asiri
Jianying Zheng
Tieshan Li
author_sort Saleh Alzahrani
collection DOAJ
description Ransomware attacks continue to pose a significant challenge to cybersecurity, causing substantial financial and reputational damage to individuals and organizations. These attacks typically encrypt user data and demand a ransom for its release. There is a growing need for more effective and dynamic detection methods, especially for zero-day and unknown ransomware variants. This survey focuses on ransomware-detecting methods published from 2019 to 2025. One hundred thirty-five papers were reviewed and filtered based on their scope and publication venue. For in-depth analysis, this survey selected 45 papers focusing on ransomware detection for Windows or Android operating systems. This paper aims to comprehensively review existing ransomware detection methods, focusing on their effectiveness, limitations, and applicability. The detection methods are categorized into machine-learning-based and non-machine-learning-based methods, discussing the advantages and drawbacks of each. The paper also highlights ransomware-as-a-service, explaining what it is, how it works, and how it affects the increasing number of ransomware attacks in recent years. It also studies the datasets used in the reviewed literature, listing their structures and limitations. This survey identifies gaps in current research and suggests future directions for developing more robust ransomware detection systems.
format Article
id doaj-art-655bae4ce3c4475d9e4fa3f3471db122
institution OA Journals
issn 2169-3536
language English
publishDate 2025-01-01
publisher IEEE
record_format Article
series IEEE Access
spelling doaj-art-655bae4ce3c4475d9e4fa3f3471db1222025-08-20T02:26:03ZengIEEEIEEE Access2169-35362025-01-0113579435798210.1109/ACCESS.2025.355618710945868A Survey of Ransomware Detection MethodsSaleh Alzahrani0https://orcid.org/0000-0001-8380-2487Yang Xiao1https://orcid.org/0000-0001-8549-6794Sultan Asiri2https://orcid.org/0000-0002-7405-7646Jianying Zheng3Tieshan Li4https://orcid.org/0000-0003-0474-953XDepartment of Computer Science, The University of Alabama, Tuscaloosa, AL, USADepartment of Computer Science, The University of Alabama, Tuscaloosa, AL, USADepartment of Computer Science, Applied College, King Khalid University, Muhayil, Saudi ArabiaSchool of Intelligent Manufacturing and Smart Transportation, Suzhou City University, Suzhou, ChinaSchool of Automation Engineering, University of Electronic Science and Technology of China, Chengdu, ChinaRansomware attacks continue to pose a significant challenge to cybersecurity, causing substantial financial and reputational damage to individuals and organizations. These attacks typically encrypt user data and demand a ransom for its release. There is a growing need for more effective and dynamic detection methods, especially for zero-day and unknown ransomware variants. This survey focuses on ransomware-detecting methods published from 2019 to 2025. One hundred thirty-five papers were reviewed and filtered based on their scope and publication venue. For in-depth analysis, this survey selected 45 papers focusing on ransomware detection for Windows or Android operating systems. This paper aims to comprehensively review existing ransomware detection methods, focusing on their effectiveness, limitations, and applicability. The detection methods are categorized into machine-learning-based and non-machine-learning-based methods, discussing the advantages and drawbacks of each. The paper also highlights ransomware-as-a-service, explaining what it is, how it works, and how it affects the increasing number of ransomware attacks in recent years. It also studies the datasets used in the reviewed literature, listing their structures and limitations. This survey identifies gaps in current research and suggests future directions for developing more robust ransomware detection systems.https://ieeexplore.ieee.org/document/10945868/Ransomwaredetection methodsstatic analysisdynamic analysismachine learning
spellingShingle Saleh Alzahrani
Yang Xiao
Sultan Asiri
Jianying Zheng
Tieshan Li
A Survey of Ransomware Detection Methods
IEEE Access
Ransomware
detection methods
static analysis
dynamic analysis
machine learning
title A Survey of Ransomware Detection Methods
title_full A Survey of Ransomware Detection Methods
title_fullStr A Survey of Ransomware Detection Methods
title_full_unstemmed A Survey of Ransomware Detection Methods
title_short A Survey of Ransomware Detection Methods
title_sort survey of ransomware detection methods
topic Ransomware
detection methods
static analysis
dynamic analysis
machine learning
url https://ieeexplore.ieee.org/document/10945868/
work_keys_str_mv AT salehalzahrani asurveyofransomwaredetectionmethods
AT yangxiao asurveyofransomwaredetectionmethods
AT sultanasiri asurveyofransomwaredetectionmethods
AT jianyingzheng asurveyofransomwaredetectionmethods
AT tieshanli asurveyofransomwaredetectionmethods
AT salehalzahrani surveyofransomwaredetectionmethods
AT yangxiao surveyofransomwaredetectionmethods
AT sultanasiri surveyofransomwaredetectionmethods
AT jianyingzheng surveyofransomwaredetectionmethods
AT tieshanli surveyofransomwaredetectionmethods