Ransomware early detection: A survey

In recent years, ransomware attacks have exploded globally, and it has become one of the most significant cyber threats to digital infrastructure. Such attacks have been targeting ranging from individuals to critical infrastructure or large organizations such as large commercial companies, energy facilities, medical centers and government departments. Ransomware attackers use sophisticated encryption techniques to hijack victims' files in exchange for a large ransom to release encrypted data. Sophisticated encryption techniques make it almost impossible for victims to recover data without the secret key in the event of such an attack. To protect systems from ransomware threats, malicious activities had better be detected earlier, preferably before they engage in harmful behavior. Numerous studies have focused on ransomware threats and attempted to provide detection and prevention solutions for ransomware attacks, but none of the surveys explored the early detection of ransomware and highlighted challenges and issues with existing solutions. This survey fills this gap and provides a state-of-the-art overview of research on ransomware early detections. Moreover, we investigate the latest ransomware surveys and give an overview of the categories of ransomware from different perspectives, the evolution and attack process of ransomware, and provide datasets used for ransomware detection. Finally, the possible future research directions are discussed.