District Ransomware: Static and Dynamic Analysis

“…Extensive investigations have illustrated that machine learning and deep learning techniques have been effectively employed to detect ransomware activities, demonstrating significant improvements over traditional signature-based detection systems. Studies revealed that dynamic analysis methods, leveraging behavioral patterns and system interactions, offered promising results in identifying ransomware with high accuracy [10], [15], [16], [17]. Research on static analysis, focusing on examining the code without execution, also contributed to early detection capabilities but faced limitations due to obfuscation techniques used by malware authors [18], [19], [20], [21].…”

“…Research also looked into the development of decryption tools as a reactive measure, offering victims alternative solutions to paying ransoms [40], [41], [42]. However, the continuous evolution of ransomware encryption techniques renders many decryption tools obsolete, underscoring the need for proactive and preventive measures [20], [16], [19]. The potential of blockchain technology in thwarting ransomware attacks was examined, with its application in securing transactions and data exchanges showing promise [43], [44], [45].…”

“…The emergence of Ransomware-as-a-Service (RaaS) models significantly lowered the barrier for cybercriminals to launch ransomware attacks, exacerbating the threat landscape [36], [48], [49], [50], [51]. Research highlighted the adaptation of ransomware to exploit novel vulnerabilities and the incorporation of advanced techniques such as polymorphism to evade detection [20], [16]. The trend towards using ransomware to exfiltrate and threaten the release of sensitive data, rather than just encrypting it, marked a significant evolution in ransomware's impact on data privacy and security [52], [53], [54].…”

Examining Windows File System IRP Operations with Machine Learning for Ransomware Detection

“…Extensive investigations have illustrated that machine learning and deep learning techniques have been effectively employed to detect ransomware activities, demonstrating significant improvements over traditional signature-based detection systems. Studies revealed that dynamic analysis methods, leveraging behavioral patterns and system interactions, offered promising results in identifying ransomware with high accuracy [10], [15], [16], [17]. Research on static analysis, focusing on examining the code without execution, also contributed to early detection capabilities but faced limitations due to obfuscation techniques used by malware authors [18], [19], [20], [21].…”

“…Research also looked into the development of decryption tools as a reactive measure, offering victims alternative solutions to paying ransoms [40], [41], [42]. However, the continuous evolution of ransomware encryption techniques renders many decryption tools obsolete, underscoring the need for proactive and preventive measures [20], [16], [19]. The potential of blockchain technology in thwarting ransomware attacks was examined, with its application in securing transactions and data exchanges showing promise [43], [44], [45].…”

“…The emergence of Ransomware-as-a-Service (RaaS) models significantly lowered the barrier for cybercriminals to launch ransomware attacks, exacerbating the threat landscape [36], [48], [49], [50], [51]. Research highlighted the adaptation of ransomware to exploit novel vulnerabilities and the incorporation of advanced techniques such as polymorphism to evade detection [20], [16]. The trend towards using ransomware to exfiltrate and threaten the release of sensitive data, rather than just encrypting it, marked a significant evolution in ransomware's impact on data privacy and security [52], [53], [54].…”

Examining Windows File System IRP Operations with Machine Learning for Ransomware Detection

“…This evolution signifies a strategic enhancement in the approach of attackers, leveraging not just the unavailability of data but also the potential harm of data exposure [5,25,26]. Researchers have categorized ransomware based on various criteria such as their methods of infiltration, the nature of encryption, and the type of ransom demands [21,6,27]. These classifications are vital for comprehending the diverse tactics employed by ransomware, providing insights into how each type operates and the specific challenges they pose [6,7,1].…”

“…These classifications are vital for comprehending the diverse tactics employed by ransomware, providing insights into how each type operates and the specific challenges they pose [6,7,1]. Such understanding is essential for developing effective countermeasures and for informing users and organizations about the risks and appropriate response strategies [7,27,6]. This comprehensive body of research underscores the adaptive nature of ransomware, highlighting the continuous need for up-to-date cybersecurity measures to protect against these evolving digital threats [28,29,30].…”

Applying Markov Decision Processes to Evaluate Ransomware Data Theft Risks

Digital forensic of Maze ransomware: A case of electricity distributor enterprise in ASEAN