Association for Computing Machinery (ACM)

ACM Computing Surveys

, volume 57 , issue 1 , pages 1-40

Ransomware Reloaded: Re-examining Its Trend, Research and Mitigation in the Era of Data Exfiltration

Timothy McIntosh ^{1, 2, 3, 4, 5}

Teo Susnjak ^{6, 7}

Tong Liu ^{8, 9}

Dan Xu ¹⁰

PAUL A. WATTERS ¹¹

Dongwei Liu ¹²

Yaqi Hao ⁴

Alex Ng ¹³

Malka N. Halgamuge ¹⁴

Hide authors affiliations Show authors affiliations: 14 affiliations

RMIT university, Melbourne, Australia |

Cyberoo Pty Ltd, Melbourne, Australia |

RMIT University, Surrey Hills, Australia |

⁴

Cyberoo Pty Ltd, Surrey Hills, Australia |

⁵

RMIT University, Melbourne, Australia and Cyberoo Pty Ltd, Surrey Hills, Australia |

⁶

Massey University - Albany Campus, Auckland, New Zealand |

⁷

Massey University, Auckland, New Zealand |

⁸

Massey University - Albany Campus, Auckland New Zealand |

⁹

Massey University, Auckland New Zealand |

¹⁰

ANZ Bank, Melbourne, Australia |

¹¹

Cyberstronomy Pty Ltd, Ballarat, Australia |

¹²

Coles Group Ltd, Hawthorn East, Australia |

¹³

Federation University, Ballarat, Australia |

¹⁴

RMIT University, Melbourne Australia |

Publication type: Journal Article

Publication date: 2024-10-07

Association for Computing Machinery (ACM)

ACM Computing Surveys

scimago Q1

wos Q1

SJR: 5.797

CiteScore: 51.6

Impact factor: 28.0

ISSN: 03600300, 15577341

DOI: 10.1145/3691340

Copy DOI

Abstract

Ransomware has grown to be a dominant cybersecurity threat by exfiltrating, encrypting, or destroying valuable user data and causing numerous disruptions to victims. The severity of the ransomware endemic has generated research interest from both the academia and the industry. However, many studies held stereotypical assumptions about ransomware, used unverified, outdated, and limited self-collected ransomware samples, and did not consider government strategies, industry guidelines, or cyber intelligence. We observed that ransomware no longer exists simply as an executable file or limits to encrypting files (data loss); data exfiltration (data breach) is the new norm, espionage is an emerging theme, and the industry is shifting focus from technical advancements to cyber governance and resilience. We created a ransomware innovation adoption curve, critically evaluated 212 academic studies published during 2020 and 2023, and cross-verified them against various government strategies, industry reports, and cyber intelligence on ransomware. We concluded that many studies were becoming irrelevant to the contemporary ransomware reality and called for the redirection of ransomware research to align with the continuous ransomware evolution in the industry. We proposed to address data exfiltration as priority over data encryption, to consider ransomware in a business-practical manner, and recommended research collaboration with the industry.

Found

Top-30

Journals

	1 2 3 4
IEEE Access	IEEE Access, 4, 21.05% IEEE Access 4 publications, 21.05%
Terroryzm	Terroryzm, 2, 10.53% Terroryzm 2 publications, 10.53%
Egyptian Informatics Journal	Egyptian Informatics Journal, 1, 5.26% Egyptian Informatics Journal 1 publication, 5.26%
Communications of the ACM	Communications of the ACM, 1, 5.26% Communications of the ACM 1 publication, 5.26%
Information Systems Research	Information Systems Research, 1, 5.26% Information Systems Research 1 publication, 5.26%
Handbook of Research on Securing Cloud-Based Databases with Biometric Applications	Handbook of Research on Securing Cloud-Based Databases with Biometric Applications, 1, 5.26% Handbook of Research on Securing Cloud-Based Databases with Biometric Applications 1 publication, 5.26%
Computers and Security	Computers and Security, 1, 5.26% Computers and Security 1 publication, 5.26%
Lecture Notes in Computer Science	Lecture Notes in Computer Science, 1, 5.26% Lecture Notes in Computer Science 1 publication, 5.26%
IEEE Transactions on Dependable and Secure Computing	IEEE Transactions on Dependable and Secure Computing, 1, 5.26% IEEE Transactions on Dependable and Secure Computing 1 publication, 5.26%
IFIP Advances in Information and Communication Technology	IFIP Advances in Information and Communication Technology, 1, 5.26% IFIP Advances in Information and Communication Technology 1 publication, 5.26%
Communications in Computer and Information Science	Communications in Computer and Information Science, 1, 5.26% Communications in Computer and Information Science 1 publication, 5.26%
Journal of Cybersecurity and Privacy	Journal of Cybersecurity and Privacy, 1, 5.26% Journal of Cybersecurity and Privacy 1 publication, 5.26%
	1 2 3 4

Publishers

	1 2 3 4 5 6
Institute of Electrical and Electronics Engineers (IEEE)	Institute of Electrical and Electronics Engineers (IEEE), 6, 31.58% Institute of Electrical and Electronics Engineers (IEEE) 6 publications, 31.58%
Springer Nature	Springer Nature, 3, 15.79% Springer Nature 3 publications, 15.79%
Elsevier	Elsevier, 2, 10.53% Elsevier 2 publications, 10.53%
Uniwersytet Jagiellonski - Wydawnictwo Uniwersytetu Jagiellonskiego	Uniwersytet Jagiellonski - Wydawnictwo Uniwersytetu Jagiellonskiego, 2, 10.53% Uniwersytet Jagiellonski - Wydawnictwo Uniwersytetu Jagiellonskiego 2 publications, 10.53%
IGI Global	IGI Global, 2, 10.53% IGI Global 2 publications, 10.53%
Association for Computing Machinery (ACM)	Association for Computing Machinery (ACM), 1, 5.26% Association for Computing Machinery (ACM) 1 publication, 5.26%
Institute for Operations Research and the Management Sciences (INFORMS)	Institute for Operations Research and the Management Sciences (INFORMS), 1, 5.26% Institute for Operations Research and the Management Sciences (INFORMS) 1 publication, 5.26%
IntechOpen	IntechOpen, 1, 5.26% IntechOpen 1 publication, 5.26%
MDPI	MDPI, 1, 5.26% MDPI 1 publication, 5.26%
	1 2 3 4 5 6

We do not take into account publications without a DOI.
Statistics recalculated weekly.

Are you a researcher?

Create a profile to get free access to personal recommendations for colleagues and new articles.

Metrics

Cite this

GOST |

Cite this

GOST Copy

McIntosh T. et al. Ransomware Reloaded: Re-examining Its Trend, Research and Mitigation in the Era of Data Exfiltration // ACM Computing Surveys. 2024. Vol. 57. No. 1. pp. 1-40.

GOST all authors (up to 50) Copy

McIntosh T., Susnjak T., Liu T., Xu D., WATTERS P. A., Liu D., Hao Y., Ng A., Halgamuge M. N. Ransomware Reloaded: Re-examining Its Trend, Research and Mitigation in the Era of Data Exfiltration // ACM Computing Surveys. 2024. Vol. 57. No. 1. pp. 1-40.

RIS |

Cite this

RIS Copy

TY - JOUR

DO - 10.1145/3691340

UR - https://dl.acm.org/doi/10.1145/3691340

TI - Ransomware Reloaded: Re-examining Its Trend, Research and Mitigation in the Era of Data Exfiltration

T2 - ACM Computing Surveys

AU - McIntosh, Timothy

AU - Susnjak, Teo

AU - Liu, Tong

AU - Xu, Dan

AU - WATTERS, PAUL A.

AU - Liu, Dongwei

AU - Hao, Yaqi

AU - Ng, Alex

AU - Halgamuge, Malka N.

PY - 2024

DA - 2024/10/07

PB - Association for Computing Machinery (ACM)

SP - 1-40

IS - 1

VL - 57

SN - 0360-0300

SN - 1557-7341

ER -

BibTex |

Cite this

BibTex (up to 50 authors) Copy

@article{2024_McIntosh,

author = {Timothy McIntosh and Teo Susnjak and Tong Liu and Dan Xu and PAUL A. WATTERS and Dongwei Liu and Yaqi Hao and Alex Ng and Malka N. Halgamuge},

title = {Ransomware Reloaded: Re-examining Its Trend, Research and Mitigation in the Era of Data Exfiltration},

journal = {ACM Computing Surveys},

year = {2024},

volume = {57},

publisher = {Association for Computing Machinery (ACM)},

month = {oct},

url = {https://dl.acm.org/doi/10.1145/3691340},

number = {1},

pages = {1--40},

doi = {10.1145/3691340}

}

MLA

Cite this

MLA Copy

McIntosh, Timothy, et al. “Ransomware Reloaded: Re-examining Its Trend, Research and Mitigation in the Era of Data Exfiltration.” ACM Computing Surveys, vol. 57, no. 1, Oct. 2024, pp. 1-40. https://dl.acm.org/doi/10.1145/3691340.

Publisher

Association for Computing Machinery (ACM)

Journal

ACM Computing Surveys

scimago Q1

wos Q1

SJR

5.797

CiteScore

51.6

Impact factor

28.0

ISSN

03600300 (Print)

15577341 (Electronic)