A conceptual framework to mitigate ransomware attacks on IoMT devices using threat intelligence: a systematic literature review

Internet of Medical Things (IoMT) device usage increases due to the development of low-power embedded devices and internet technologies. IoMT devices store medical data on internal devices such as Secure Digital (SD) card, Read Only Memory (ROM), and external devices such as private, public, and hybrid cloud server. IoMT devices, web and application services, and medical data are prone to cyberattacks. However, Ransomware attack on IoMT devices, such as physical and storage devices are increased due to increase usage of home diagnostic devices. Existing cyberattack frameworks, methods, algorithms, and cyber resilience fail to detect, prevent, and mitigate novel ransomware variants. The ransomware variant based attacks on IoMT devices rapidly increases on daily basis. Ransomware variant detection is challenging in IoMT devices due to acquisition of different types and structure of medical data. This Systematic Literature Review (SLR) reviews the existing methods and framework for detection of different ransomware variant attacks. In this SLR, 154 published research articles were analyzed from 2014 to 2025 on ransomware attack detection and prevention methods. The above articles are Scopus indexed and Science Citation Indexed (SCI). This SLR explore towards cyberattack variant detection methods. From this review analysis, a conceptual Robust Reliable Adaptable and comprehensive (RRAC) framework is proposed for the identified research gap, i.e., ransomware variant detection in IoMT devices. The proposed RRAC framework is based on Situational Awareness Reference Model (SARM) and MITRE ATT&CK and uses Fuzzy Rough Set Theory, Graph Theory, GenAI, and Threat Intelligence for ransomware variant detection in IoMT devices.