Litcius/Paper detail

A Survey of Ransomware Detection Methods

Saleh Alzahrani, Yang Xiao, Sultan Asiri, Jianying Zheng, Tieshan Li

2025IEEE Access23 citationsDOIOpen Access PDF

Abstract

Ransomware attacks continue to pose a significant challenge to cybersecurity, causing substantial financial and reputational damage to individuals and organizations. These attacks typically encrypt user data and demand a ransom for its release. There is a growing need for more effective and dynamic detection methods, especially for zero-day and unknown ransomware variants. This survey focuses on ransomware-detecting methods published from 2019 to 2025. One hundred thirty-five papers were reviewed and filtered based on their scope and publication venue. For in-depth analysis, this survey selected 45 papers focusing on ransomware detection for Windows or Android operating systems. This paper aims to comprehensively review existing ransomware detection methods, focusing on their effectiveness, limitations, and applicability. The detection methods are categorized into machine-learning-based and non-machine-learning-based methods, discussing the advantages and drawbacks of each. The paper also highlights ransomware-as-a-service, explaining what it is, how it works, and how it affects the increasing number of ransomware attacks in recent years. It also studies the datasets used in the reviewed literature, listing their structures and limitations. This survey identifies gaps in current research and suggests future directions for developing more robust ransomware detection systems.

Topics & Concepts

RansomwareComputer scienceComputer securityMalwareAdvanced Malware Detection TechniquesSpam and Phishing DetectionNetwork Security and Intrusion Detection