Skip to main content
Kent Academic Repository

A Roadmap for Improving the Impact of Anti-Ransomware Research

Pont, Jamie, Abu Oun, Osama, Brierley, Calvin, Arief, Budi, Hernandez-Castro, Julio C. (2019) A Roadmap for Improving the Impact of Anti-Ransomware Research. In: Askarov, Aslan and Hansen, René Rydhof and Rafnsson, Willard, eds. Lecture Notes in Computer Science. Secure IT Systems: 24th Nordic Conference, NordSec 2019, Aalborg, Denmark, November 18–20, 2019, Proceedings. 11875. Springer ISBN 978-3-030-35054-3. (doi:10.1007/978-3-030-35055-0_9) (KAR id:76942)


Ransomware is a type of malware which restricts access to a victim’s computing resources and demands a ransom in order to restore access. This is a continually growing and costly threat across the globe, therefore efforts have been made both in academia and industry to develop techniques that can help to detect and recover from ransomware attacks. This paper aims to provide an overview of the current landscape of Windows-based anti-ransomware tools and techniques, using a clear, simple and consistent terminology in terms of Data Sources, Processing and Actions. We extensively analysed relevant literature so that, to the best of our knowledge, we had at the time covered all approaches taken to detect and recover from ransomware attacks. We grouped these techniques according to their main features as a way to understand the landscape. We then selected 15 existing anti-ransomware tools both to examine how they fit into this landscape and to compare them by aggregating their accuracy and overhead – two of the most important selection criteria of these tools – as reported by the tools’ respective authors. We were able to determine popular solutions and unexplored gaps that could lead to promising areas of anti-ransomware development. From there, we propose two novel detection techniques, namely serial byte correlation and edit distance. This paper serves as a much needed roadmap of knowledge and ideas to systematise the current landscape of anti-ransomware tools.

Item Type: Conference or workshop item (Proceeding)
DOI/Identification number: 10.1007/978-3-030-35055-0_9
Uncontrolled keywords: ransomware, anti-ransomware, detection, recovery
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Depositing User: Budi Arief
Date Deposited: 01 Oct 2019 12:47 UTC
Last Modified: 04 Mar 2024 17:26 UTC
Resource URI: (The current URI for this page, for reference purposes)

University of Kent Author Information

  • Depositors only (login required):

Total unique views for this document in KAR since July 2020. For more details click on the image.