Ransomware Anti-Analysis and Evasion Techniques: A Survey and Research Directions

Olaimat, Mohammad N.; Maarof, Mohd Aizaini; Al‐rimy, Bander Ali Saleh

doi:10.1109/crc50527.2021.9392529

Cited by 37 publications

(22 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Data-centric identification aims to track the sources being affected rather than the malicious operation causing the attack [19]. Data-centric crypto ransomware identification techniques [4][5][6][7][8][9] have been explored in several studies. To identify anomalous modifications, most of these solutions offered rely on analyzing user-related documents on a continual basis.…”

Section: Data Centric-based Approachesmentioning

confidence: 99%

“…Equation ( 5) consists of two parts: the relevance term ( 6) and redundancy term (7). In addition, the redundancy term has two sub-terms: marginal redundancy (8) and conditional redundancy (9).…”

Section: Features Selection Techniquesmentioning

confidence: 99%

“…They work side-by-side to detect, prevent, and mitigate such attacks and their potential effect. Many research studies investigating ransomware and providing proactive and reactive solutions have been published [7][8][9]. These studies vary based on the focus area, problems they tackle, nature of proposed solutions, and methods they adopt to apply such solutions.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

A Survey of Crypto Ransomware Attack Detection Methodologies: An Evolving Outlook

Alqahtani

Sheldon

2022

Sensors

View full text Add to dashboard Cite

Recently, ransomware attacks have been among the major threats that target a wide range of Internet and mobile users throughout the world, especially critical cyber physical systems. Due to its unique characteristics, ransomware has attracted the attention of security professionals and researchers toward achieving safer and higher assurance systems that can effectively detect and prevent such attacks. The state-of-the-art crypto ransomware early detection models rely on specific data acquired during the runtime of an attack’s lifecycle. However, the evasive mechanisms that these attacks employ to avoid detection often nullify the solutions that are currently in place. More effort is needed to keep up with an attacks’ momentum to take the current security defenses to the next level. This survey is devoted to exploring and analyzing the state-of-the-art in ransomware attack detection toward facilitating the research community that endeavors to disrupt this very critical and escalating ransomware problem. The focus is on crypto ransomware as the most prevalent, destructive, and challenging variation. The approaches and open issues pertaining to ransomware detection modeling are reviewed to establish recommendations for future research directions and scope.

show abstract

Section: Data Centric-based Approachesmentioning

confidence: 99%

Section: Features Selection Techniquesmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A Survey of Crypto Ransomware Attack Detection Methodologies: An Evolving Outlook

Alqahtani

Sheldon

2022

Sensors

View full text Add to dashboard Cite

show abstract

“…With the highly skilled attackers [1], and zero-day vulnerabilities, the number and complexity of sophisticated cyberattacks are increasing [2]. Ransomware [3] and unauthorized cryptomining [4] are the most common threats in the wild [5]. Recently, ransomware and cryptojacking incidents have been observed under an emerging threat: "Fileless malware" that is ten times more successful than the other file-based attacks [6].…”

Section: Introductionmentioning

confidence: 99%

“…Although in-browser cryptojacking attacks declined after Coinhive (in-browser crypto-mining service) shutdown in March 2019, in-memory cryptojacking is one of the most prevalent threats in the wild [5]. It was observed 25% more cryptocurrency mining malware in 2020 over 2019 levels [31].…”

Section: Introductionmentioning

confidence: 99%

The Dangerous Combo: Fileless Malware and Cryptojacking

Varlioglu¹,

Elsayed²,

ElSayed³

et al. 2022

Preprint

View full text Add to dashboard Cite

Fileless malware and cryptojacking attacks have appeared independently as the new alarming threats in 2017. After 2020, fileless attacks have been devastating for victim organizations with low-observable characteristics. Also, the amount of unauthorized cryptocurrency mining has increased after 2019. Adversaries have started to merge these two different cyberattacks to gain more invisibility and profit under "Fileless Cryptojacking." This paper aims to provide a literature review in academic papers and industry reports for this new threat. Additionally, we present a new threat hunting-oriented DFIR approach with the best practices derived from field experience as well as the literature. Last, this paper reviews the fundamentals of the fileless threat that can also help ransomware researchers examine similar patterns.

show abstract

Android Malware Detection Using Artificial Intelligence

Masele,

Khennou

2024

Communications in Computer and Information Science

View full text Add to dashboard Cite

Ransomware Anti-Analysis and Evasion Techniques: A Survey and Research Directions

Cited by 37 publications

References 33 publications

A Survey of Crypto Ransomware Attack Detection Methodologies: An Evolving Outlook

A Survey of Crypto Ransomware Attack Detection Methodologies: An Evolving Outlook

The Dangerous Combo: Fileless Malware and Cryptojacking

Android Malware Detection Using Artificial Intelligence

Contact Info

Product

Resources

About