A brief overview of ransomware behavior analysis challenges / Uma breve visão geral dos desafios da análise do comportamento do resgate de bens

João Vitor Assis Ribeiro


The ransomware threat is a widespread and growing menace that has caused havoc on many companies and institutions over the world. By leveraging vulnerable and insecure software and using social engineering, cybercriminals have found a wide opportunity for considerable profit in the thriving age of digital businesses and cyber currency payments. In this light, malware behavior analysis plays a crucial role in the development of proper prevention and detection technology and is the cornerstone of an effective incident response practice. Given this, this survey attempts to perform an overview of the aspects of ransomware behavior that, depending on the prominence of its end goals, can facilitate or hinder its analysis.


ransomware, malware analysis, network security.

Full Text:



European Union Agency for Cybersecurity. Enisa Threat Landscape 2021 (2021).


Cybereason. Report: Ransomware Attacks and the True Cost to Business. (2021).


Richardson, R., & North, M. M. (2017). Ransomware: Evolution, mitigation and prevention. International Management Review, 13(1), 10.

Kharraz, A., Robertson, W., & Kirda, E. (2018). Protecting against ransomware: A new line of research or restating classic ideas?. IEEE Security & Privacy, 16(3), 103-107.

Milošević, N. (2013). History of malware. arXiv preprint arXiv:1302.5392.

Oliveira, L. S. Dutra, E. C. Hive Ransomware – Tips For Forensic Examiners And First Responders (2022). Network Forensics Data Traffic Analysis eForensics Magazine.

Boddy, M., Jones, B., & Stockley, M. (2019). RDP Exposed-The Threat That's Already at Your Door. Sophos White paper. Sophos, Inc.

Nieuwenhuizen, D. (2017). A behavioural-based approach to ransomware detection. Whitepaper. MWR Labs Whitepaper.

Akbanov, M., Vassilakis, V. G., & Logothetis, M. D. (2019). WannaCry ransomware: Analysis of infection, persistence, recovery prevention and propagation mechanisms. Journal of Telecommunications and Information Technology.

Leyden, J. for The Daily Swig. (2021) EU ban on anonymous domain registration welcomed by threat intel firm.


DOI: https://doi.org/10.34117/bjdv8n5-365