Utilizing Cyber Threat Hunting Techniques to Find Ransomware Attacks: A Survey of the State of the Art

Abstract

Ransomware is one of the most harmful types of cyber attacks that cause major concerns on a global scale. It makes the victims’ resources unusable by encrypting data or locking systems to extort ransom payments. Ransomware has variant families that continue to evolve. Moreover. cybercriminals use advanced techniques to develop ransomware, making it harder for anti-malware detection systems to detect them. Ransomware solutions need the capabilities of timely and effective detection and response to discover uncommon behavior before losing sensitive data. Cyber threat hunting (CTH) is a novel proactive malware detection approach that includes cyber threat intelligence (CTI) methods and data analysis methods. However, most present CTH solutions depend on internal data sources and reactive techniques to detect unusual activities. An effective CTI technique is required to obtain knowledge from external data sources and combine it with internal sources to enhance the hunting capabilities. Then, using the optimal data analysis technique is needed for the CTH approach to obtain valuable insights into abnormal patterns in running activities in the early stages. In this study, we investigate using a practical CTI approach and different CTH models. Subsequently, we discussed ransomware research directions to detect known and unknown ransomware attacks. Also, we discussed the available ransomware datasets used in present ransomware studies.