{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,4]],"date-time":"2026-02-04T16:38:41Z","timestamp":1770223121178,"version":"3.49.0"},"publisher-location":"Cham","reference-count":42,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030350543","type":"print"},{"value":"9783030350550","type":"electronic"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-35055-0_9","type":"book-chapter","created":{"date-parts":[[2019,11,12]],"date-time":"2019-11-12T19:05:21Z","timestamp":1573585521000},"page":"137-154","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":13,"title":["A Roadmap for Improving the Impact of Anti-ransomware Research"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-0969-2464","authenticated-orcid":false,"given":"Jamie","family":"Pont","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4884-8011","authenticated-orcid":false,"given":"Osama","family":"Abu Oun","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8766-822X","authenticated-orcid":false,"given":"Calvin","family":"Brierley","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1830-1587","authenticated-orcid":false,"given":"Budi","family":"Arief","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6432-5328","authenticated-orcid":false,"given":"Julio","family":"Hernandez-Castro","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2019,11,13]]},"reference":[{"key":"9_CR1","unstructured":"Varonis: A brief history of ransomware (2016) \nhttps:\/\/www.varonis.com\/blog\/a-brief-history-of-ransomware\/"},{"key":"9_CR2","unstructured":"Young, A., Yung, M.: Cryptovirology: extortion-based security threats and countermeasures. In: Proceedings 1996 IEEE Symposium on Security and Privacy, pp. 129\u2013140, May 1996"},{"key":"9_CR3","unstructured":"Arsene, L., Gheorghe, A.: Ransomware, a victims perspective (2016). \nhttp:\/\/www.bitdefender.com\/media\/materials\/white-papers\/en\/Bitdefender_Ransomware_A_Victim_Perspective.pdf"},{"key":"9_CR4","unstructured":"Dunn, J.E.: Sophoslabs (2018). \nhttps:\/\/nakedsecurity.sophos.com\/2018\/11\/14\/targeted-ransomware-attacks-sophoslabs-2019-threat-report\/"},{"key":"9_CR5","doi-asserted-by":"publisher","unstructured":"Cartwright, E., Hernandez Castro, J., Cartwright, A.: To pay or not: game theoretic models of ransomware. J. Cybersecur. 5(1) (2019). \nhttps:\/\/doi.org\/10.1093\/cybsec\/tyz009","DOI":"10.1093\/cybsec\/tyz009"},{"key":"9_CR6","unstructured":"Hernandez-Castro, J., et al.: Economic analysis of ransomware. CoRR, abs\/1703.06660 (2017). \nhttp:\/\/arxiv.org\/abs\/1703.06660"},{"key":"9_CR7","unstructured":"Kevin Savage, H.L., Coogan, P.: The evolution of ransomware, August 2015. \nhttps:\/\/www.symantec.com\/content\/en\/us\/enterprise\/media\/security_response\/whitepapers\/the-evolution-of-ransomware.pdf"},{"key":"9_CR8","unstructured":"Hart, N.: The New Economy (2018). \nhttps:\/\/www.theneweconomy.com\/technology\/raas-satans-business-model"},{"key":"9_CR9","unstructured":"BBC News: Huge aluminium plants hit by \u2018severe\u2019 ransomware attack (2019). \nhttps:\/\/www.bbc.co.uk\/news\/technology-47624207"},{"key":"9_CR10","unstructured":"No More Ransom (2019). \nhttps:\/\/www.nomoreransom.org"},{"key":"9_CR11","unstructured":"Trend Micro: Best practices: Ransomware (2017). \nhttps:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cybercrime-and-digital-threats\/best-practices-ransomware"},{"key":"9_CR12","doi-asserted-by":"publisher","first-page":"144","DOI":"10.1016\/j.cose.2018.01.001","volume":"74","author":"BAS Al-rimy","year":"2018","unstructured":"Al-rimy, B.A.S., et al.: Ransomware threat success factors, taxonomy, and countermeasures: a survey and research directions. Comput. Secur. 74, 144\u2013166 (2018)","journal-title":"Comput. Secur."},{"key":"9_CR13","doi-asserted-by":"crossref","unstructured":"Ahmadian, M.M., Shahriari, H.R., Ghaffarian, S.M.: Connection-monitor connection-breaker: a novel approach for prevention and detection of high survivable ransomwares. In: 2015 12th International Iranian Society of Cryptology Conference on Information Security and Cryptology (ISCISC), pp. 79\u201384, September 2015","DOI":"10.1109\/ISCISC.2015.7387902"},{"key":"9_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-319-20550-2_1","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"A Kharraz","year":"2015","unstructured":"Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., Kirda, E.: Cutting the gordian knot: a look under the hood of ransomware attacks. In: Almgren, M., Gulisano, V., Maggi, F. (eds.) DIMVA 2015. LNCS, vol. 9148, pp. 3\u201324. Springer, Cham (2015). \nhttps:\/\/doi.org\/10.1007\/978-3-319-20550-2_1"},{"key":"9_CR15","doi-asserted-by":"crossref","unstructured":"Scaife, N., et al.: Cryptolock (and drop it): stopping ransomware attacks on user data. In: 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS), pp. 303\u2013312, June 2016","DOI":"10.1109\/ICDCS.2016.46"},{"issue":"1","key":"9_CR16","doi-asserted-by":"publisher","first-page":"77","DOI":"10.1007\/s11416-008-0092-2","volume":"6","author":"A Gazet","year":"2010","unstructured":"Gazet, A.: Comparative analysis of various ransomware virii. J. Comput. Virol. 6(1), 77\u201390 (2010)","journal-title":"J. Comput. Virol."},{"key":"9_CR17","doi-asserted-by":"crossref","unstructured":"Mercaldo, F., et al.: Ransomware inside out. In: 2016 11th International Conference on Availability, Reliability and Security (ARES), pp. 628\u2013637, August 2016","DOI":"10.1109\/ARES.2016.35"},{"key":"9_CR18","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1155\/2016\/2946735","volume":"2016","author":"Sanggeun Song","year":"2016","unstructured":"Song, S., Kim, B., Lee, S.: The effective ransomware prevention technique using process monitoring on Android platform. Mob. Inf. Syst. 2016 (2016). Article ID 2946735, 9 p. \nhttps:\/\/doi.org\/10.1155\/2016\/2946735","journal-title":"Mobile Information Systems"},{"key":"9_CR19","doi-asserted-by":"crossref","unstructured":"Continella, A., et al.: ShieldFS: a self-healing, ransomware-aware filesystem. In: Proceedings of the 32nd Annual Conference on Computer Security Applications, ACSAC 2016, pp. 336\u2013347. ACM, New York (2016)","DOI":"10.1145\/2991079.2991110"},{"key":"9_CR20","unstructured":"Kharraz, A., et al.: UNVEIL: a large-scale, automated approach to detecting ransomware. In: 25th USENIX Security Symposium (USENIXSecurity 16), pp. 757\u2013772. USENIX (2016)"},{"key":"9_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"382","DOI":"10.1007\/978-3-319-26362-5_18","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"N Andronio","year":"2015","unstructured":"Andronio, N., Zanero, S., Maggi, F.: HelDroid: dissecting and detecting mobile ransomware. In: Bos, H., Monrose, F., Blanc, G. (eds.) RAID 2015. LNCS, vol. 9404, pp. 382\u2013404. Springer, Cham (2015). \nhttps:\/\/doi.org\/10.1007\/978-3-319-26362-5_18"},{"key":"9_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"192","DOI":"10.1007\/978-3-319-70290-2_12","volume-title":"Secure IT Systems","author":"A Palisse","year":"2017","unstructured":"Palisse, A., Durand, A., Le Bouder, H., Le\u00a0Guernic, C., Lanet, J.-L.: Data Aware Defense (DaD): towards a generic and practical ransomware countermeasure. In: Lipmaa, H., Mitrokotsa, A., Matulevi\u010dius, R. (eds.) NordSec 2017. LNCS, vol. 10674, pp. 192\u2013208. Springer, Cham (2017). \nhttps:\/\/doi.org\/10.1007\/978-3-319-70290-2_12"},{"key":"9_CR23","unstructured":"Alam, M., et al.: RAPPER: ransomware prevention via performance counters. abs\/1802.03909 (2018). \nhttp:\/\/arxiv.org\/abs\/1802.03909"},{"key":"9_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"98","DOI":"10.1007\/978-3-319-66332-6_5","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"A Kharraz","year":"2017","unstructured":"Kharraz, A., Kirda, E.: Redemption: real-time protection against ransomware at end-hosts. In: Dacier, M., Bailey, M., Polychronakis, M., Antonakakis, M. (eds.) RAID 2017. LNCS, vol. 10453, pp. 98\u2013119. Springer, Cham (2017). \nhttps:\/\/doi.org\/10.1007\/978-3-319-66332-6_5"},{"key":"9_CR25","unstructured":"Greenberg, A.: The untold story of NotPetya, the most devastating cyberattack in history (2018). \nhttps:\/\/www.wired.com\/story\/notpetya-cyberattack-ukraine-russia-code-crashed-the-world\/"},{"key":"9_CR26","doi-asserted-by":"publisher","unstructured":"Hull, G., John, H., Arief, B.: Ransomware deployment methods and analysis: views from a predictive model and human responses. Crime Sci. 8(1) (2019). \nhttps:\/\/doi.org\/10.1186\/s40163-019-0097-9","DOI":"10.1186\/s40163-019-0097-9"},{"key":"9_CR27","unstructured":"Microsoft: File system minifilter drivers - windows drivers \u2014 microsoft docs (2017). \nhttps:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/ifs\/file-system-minifilter-drivers"},{"key":"9_CR28","unstructured":"Sabi\u0107, N.: Fibratus (2016). \nhttps:\/\/github.com\/rabbitstack"},{"key":"9_CR29","doi-asserted-by":"crossref","unstructured":"Ahmadian, M.M., Shahriari, H.R.: 2entFOX: a framework for high survivable ransomwares detection. In: 2016 13th International Iranian Society of Cryptology Conference on Information Security and Cryptology (ISCISC), pp. 79\u201384, September 2016","DOI":"10.1109\/ISCISC.2016.7736455"},{"key":"9_CR30","unstructured":"Sgandurra, D., et al.: Automated dynamic analysis of ransomware: benefits, limitations and use for detection. arXiv preprint \narXiv:1609.03020\n\n (2016)"},{"key":"9_CR31","doi-asserted-by":"crossref","unstructured":"Baek, S., et al.: SSD-insider: internal defense of solid-state drive against ransomware with perfect data recovery. In: 2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS), pp. 875\u2013884, July 2018","DOI":"10.1109\/ICDCS.2018.00089"},{"key":"9_CR32","doi-asserted-by":"crossref","unstructured":"Kolodenker, E., et al.: Paybreak: defense against cryptographic ransomware. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 599\u2013611. ACM (2017)","DOI":"10.1145\/3052973.3053035"},{"key":"9_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"234","DOI":"10.1007\/978-3-319-93411-2_11","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"ZA Gen\u00e7","year":"2018","unstructured":"Gen\u00e7, Z.A., Lenzini, G., Ryan, P.Y.A.: No random, no ransom: a key to stop cryptographic ransomware. In: Giuffrida, C., Bardin, S., Blanc, G. (eds.) DIMVA 2018. LNCS, vol. 10885, pp. 234\u2013255. Springer, Cham (2018). \nhttps:\/\/doi.org\/10.1007\/978-3-319-93411-2_11"},{"key":"9_CR34","unstructured":"Virus Total: Virustotal-free online virus, malware and URL scanner (2012). \nhttps:\/\/www.virustotal.com\/en"},{"key":"9_CR35","unstructured":"DTREG: Decision trees compared to regression and neural networks (2019). \nhttps:\/\/www.dtreg.com\/methodology\/view\/decision-trees-compared-to-regression-and-neural-networks"},{"key":"9_CR36","unstructured":"Microsoft: Detours (2016). \nhttps:\/\/github.com\/Microsoft\/"},{"key":"9_CR37","unstructured":"Digital Corpora (2018). \nhttps:\/\/digitalcorpora.org"},{"key":"9_CR38","doi-asserted-by":"crossref","unstructured":"Lokuketagoda, B., et al.: R-killer: an email based ransomware protection tool. In: 2018 13th International Conference on Computer Science Education (ICCSE), pp. 1\u20137, August 2018","DOI":"10.1109\/ICCSE.2018.8468807"},{"key":"9_CR39","doi-asserted-by":"publisher","first-page":"389","DOI":"10.1016\/j.cose.2017.11.019","volume":"73","author":"J G\u00f3mez-Hern\u00e1ndez","year":"2018","unstructured":"G\u00f3mez-Hern\u00e1ndez, J., et al.: R-locker: thwarting ransomware action through a honeyfile-based approach. Comput. Secur. 73, 389\u2013398 (2018)","journal-title":"Comput. Secur."},{"key":"9_CR40","doi-asserted-by":"crossref","unstructured":"Moore, C.: Detecting ransomware with honeypot techniques. In: 2016 Cybersecurity and Cyberforensics Conference (CCC), pp. 77\u201381, August 2016","DOI":"10.1109\/CCC.2016.14"},{"key":"9_CR41","unstructured":"BitDefender (2019). \nhttps:\/\/www.bitdefender.com\/business\/cyber-threats-solutions\/anti-ransomware.html"},{"key":"9_CR42","unstructured":"MalwareBytes (2019). \nhttps:\/\/www.malwarebytes.com\/business\/solutions\/ransomware\/"}],"container-title":["Lecture Notes in Computer Science","Secure IT Systems"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-35055-0_9","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,12,4]],"date-time":"2019-12-04T06:06:16Z","timestamp":1575439576000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-35055-0_9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9783030350543","9783030350550"],"references-count":42,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-35055-0_9","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"13 November 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"NordSec","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Nordic Conference on Secure IT Systems","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Aalborg","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Denmark","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2019","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 November 2019","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20 November 2019","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"nordsec2019","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/nordsec2019.cs.aau.dk\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"32","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"17","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"53% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2.9","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}