Exploring the ransomware ecosystem and the active defense concept: Review of attacks and defense

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications Pub Date : 2025-09-10 DOI:10.1016/j.jisa.2025.104171

Lingbo Zhao , Zhilu Wang , Shuquan Wang , Yuhui Zhang , Rui Hou , Dan Meng

{"title":"Exploring the ransomware ecosystem and the active defense concept: Review of attacks and defense","authors":"Lingbo Zhao , Zhilu Wang , Shuquan Wang , Yuhui Zhang , Rui Hou , Dan Meng","doi":"10.1016/j.jisa.2025.104171","DOIUrl":null,"url":null,"abstract":"<div><div>Ransomware has become one of the most notorious types of malware, increasingly targeting end-users, governments, and businesses. Its growing sophistication poses a significant cybersecurity threat. Researchers have proposed numerous defense solutions to mitigate the ransomware threat. They have also conducted over 10 review studies to cover certain aspects of ransomware in the past ten years. However, none of them detail the attack mechanisms or explore possible mitigation strategies. To this end, we present a comprehensive review of ransomware and its defenses. We detail the attack mechanisms and vulnerabilities exploited by ransomware, and assess both commercial and academic defense solutions. Additionally, we explore active defense concepts that help mitigate ransomware threats and provide strategic guidance for future ransomware defense efforts. Our survey serves as an entry point into the study of ransomware and its defense, offering potential insights for enhancing existing solutions and minimizing the impact of ransomware attacks.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104171"},"PeriodicalIF":3.7000,"publicationDate":"2025-09-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S221421262500208X","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Ransomware has become one of the most notorious types of malware, increasingly targeting end-users, governments, and businesses. Its growing sophistication poses a significant cybersecurity threat. Researchers have proposed numerous defense solutions to mitigate the ransomware threat. They have also conducted over 10 review studies to cover certain aspects of ransomware in the past ten years. However, none of them detail the attack mechanisms or explore possible mitigation strategies. To this end, we present a comprehensive review of ransomware and its defenses. We detail the attack mechanisms and vulnerabilities exploited by ransomware, and assess both commercial and academic defense solutions. Additionally, we explore active defense concepts that help mitigate ransomware threats and provide strategic guidance for future ransomware defense efforts. Our survey serves as an entry point into the study of ransomware and its defense, offering potential insights for enhancing existing solutions and minimizing the impact of ransomware attacks.

查看原文本刊更多论文

探索勒索软件生态系统与主动防御概念：攻击与防御综述

勒索软件已经成为最臭名昭著的恶意软件之一，越来越多地以终端用户、政府和企业为目标。其日益复杂的技术构成了重大的网络安全威胁。研究人员已经提出了许多防御方案来减轻勒索软件的威胁。在过去的十年里，他们还进行了十多次审查研究，以涵盖勒索软件的某些方面。但是，它们都没有详细说明攻击机制或探索可能的缓解策略。为此，我们对勒索软件及其防御进行了全面的回顾。我们详细介绍了勒索软件利用的攻击机制和漏洞，并评估了商业和学术防御解决方案。此外，我们探索主动防御概念，帮助减轻勒索软件威胁，并为未来的勒索软件防御工作提供战略指导。我们的调查作为勒索软件及其防御研究的切入点，为增强现有解决方案和最大限度地减少勒索软件攻击的影响提供了潜在的见解。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Information Security and Applications Computer Science-Computer Networks and Communications

CiteScore

10.90

自引率

5.40%

发文量

206

审稿时长

56 days

期刊介绍： Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.