{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,18]],"date-time":"2026-02-18T15:08:12Z","timestamp":1771427292501,"version":"3.50.1"},"reference-count":196,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2026,4,1]],"date-time":"2026-04-01T00:00:00Z","timestamp":1775001600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2026,4,1]],"date-time":"2026-04-01T00:00:00Z","timestamp":1775001600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"},{"start":{"date-parts":[[2026,1,19]],"date-time":"2026-01-19T00:00:00Z","timestamp":1768780800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Computers and Electrical Engineering"],"published-print":{"date-parts":[[2026,4]]},"DOI":"10.1016\/j.compeleceng.2026.110963","type":"journal-article","created":{"date-parts":[[2026,1,28]],"date-time":"2026-01-28T20:14:07Z","timestamp":1769631247000},"page":"110963","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":0,"special_numbering":"C","title":["Comprehensive performance benchmarking and comparative analysis of active ransomware threats"],"prefix":"10.1016","volume":"132","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-9377-4539","authenticated-orcid":false,"given":"Simon R.","family":"Davies","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5325-2872","authenticated-orcid":false,"given":"Richard","family":"Macfarlane","sequence":"additional","affiliation":[]}],"member":"78","reference":[{"issue":"7","key":"10.1016\/j.compeleceng.2026.110963_b1","doi-asserted-by":"crossref","first-page":"9355","DOI":"10.1007\/s12652-023-04603-y","article-title":"Advanced persistent threats (APT): evolution, anatomy, attribution and countermeasures","volume":"14","author":"Sharma","year":"2023","journal-title":"J Ambient Intelllgence Humaniz Comput","ISSN":"https:\/\/id.crossref.org\/issn\/1868-5145","issn-type":"print"},{"key":"10.1016\/j.compeleceng.2026.110963_b2","doi-asserted-by":"crossref","first-page":"144","DOI":"10.1016\/j.cose.2018.01.001","article-title":"Ransomware threat success factors, taxonomy, and countermeasures: A survey and research directions","volume":"74","author":"Al-rimy","year":"2018","journal-title":"Comput Secur","ISSN":"https:\/\/id.crossref.org\/issn\/0167-4048","issn-type":"print"},{"issue":"June","key":"10.1016\/j.compeleceng.2026.110963_b3","article-title":"Cryptographic ransomware encryption detection: Survey","volume":"132","author":"Begovic","year":"2023","journal-title":"Comput Secur","ISSN":"https:\/\/id.crossref.org\/issn\/0167-4048","issn-type":"print"},{"key":"10.1016\/j.compeleceng.2026.110963_b4","doi-asserted-by":"crossref","first-page":"144925","DOI":"10.1109\/ACCESS.2019.2945839","article-title":"A survey on detection techniques for cryptographic ransomware","volume":"7","author":"Berrueta","year":"2019","journal-title":"IEEE Access","ISSN":"https:\/\/id.crossref.org\/issn\/2169-3536","issn-type":"print"},{"issue":"2","key":"10.1016\/j.compeleceng.2026.110963_b5","doi-asserted-by":"crossref","first-page":"17","DOI":"10.33736\/jcsi.4932.2022","article-title":"Trends and future directions in automated ransomware detection","volume":"1","author":"Jegede","year":"2022","journal-title":"J Comput Soc Inform."},{"issue":"2","key":"10.1016\/j.compeleceng.2026.110963_b6","first-page":"136","article-title":"Ransomware, threat and detection techniques: A review","volume":"19","author":"Kok","year":"2019","journal-title":"IJCSNS Int J Comput Sci Netw Secur"},{"issue":"August","key":"10.1016\/j.compeleceng.2026.110963_b7","first-page":"1","article-title":"Trends in ransomware attacks: Analysis and future predictions","volume":"1","author":"Malik","year":"2024","journal-title":"Int J Glob Innov Solut. (IJGIS)"},{"key":"10.1016\/j.compeleceng.2026.110963_b8","series-title":"(ENCRYPTION ) Time flies when you \u2019re having fun : The case of the exotic BLACKCAT ransomware","first-page":"13","author":"Milenkoski","year":"2022"},{"key":"10.1016\/j.compeleceng.2026.110963_b9","series-title":"Splunk","article-title":"Gone in 52 seconds\u2026and 42 minutes: A comparative analysis of ransomware encryption speed","author":"Davis","year":"2022"},{"key":"10.1016\/j.compeleceng.2026.110963_b10","series-title":"An Empirically Comparative Analysis of Ransomware Binaries","author":"Davis","year":"2022"},{"key":"10.1016\/j.compeleceng.2026.110963_b11","series-title":"Gone in 240 seconds: ransomware speeds compared","author":"ACS, Information Age","year":"2023"},{"key":"10.1016\/j.compeleceng.2026.110963_b12","series-title":"Gone in 52 seconds\u2026and 42 minutes: A comparative analysis of ransomware encryption speed \u2014 splunk","author":"Davis","year":"2022"},{"key":"10.1016\/j.compeleceng.2026.110963_b13","series-title":"For ransomware, speed matters","author":"Rashid","year":"2022"},{"key":"10.1016\/j.compeleceng.2026.110963_b14","series-title":"Bleeping computer","article-title":"Ten notorious ransomware strains put to the encryption speed test","author":"Toulas","year":"2022"},{"key":"10.1016\/j.compeleceng.2026.110963_b15","first-page":"1","article-title":"Analysis of encryption schemes in modern ransomware","volume":"25","author":"Ploszek","year":"2021","journal-title":"Rad Hrvat Akad Znan I Umjet Mat Znan","ISSN":"https:\/\/id.crossref.org\/issn\/1849-2215","issn-type":"print"},{"issue":"1","key":"10.1016\/j.compeleceng.2026.110963_b16","article-title":"A survey on ransomware: Evolution, taxonomy, and defense solutions","volume":"1","author":"Oz","year":"2021","journal-title":"ACM Comput Surv"},{"key":"10.1016\/j.compeleceng.2026.110963_b17","series-title":"A resilient and evolving threat landscape: 2024 state of the threat report","author":"Secureworks Counter Threat Unit","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b18","series-title":"Hackers ramp up efficiency, speed, and scale in 2024","author":"Huntress Labs","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b19","doi-asserted-by":"crossref","first-page":"65658","DOI":"10.1109\/ACCESS.2020.2984187","article-title":"Open repository for the evaluation of ransomware detection tools","volume":"8","author":"Berrueta","year":"2020","journal-title":"IEEE Access","ISSN":"https:\/\/id.crossref.org\/issn\/2169-3536","issn-type":"print"},{"issue":"6","key":"10.1016\/j.compeleceng.2026.110963_b20","doi-asserted-by":"crossref","DOI":"10.1145\/3453153","article-title":"A survey on windows-based ransomware taxonomy and detection mechanisms: Case closed?","volume":"54","author":"Moussaileb","year":"2021","journal-title":"ACM Comput Surv","ISSN":"https:\/\/id.crossref.org\/issn\/1557-7341","issn-type":"print"},{"issue":"1","key":"10.1016\/j.compeleceng.2026.110963_b21","doi-asserted-by":"crossref","DOI":"10.3390\/app12010172","article-title":"Ransomware detection using the dynamic analysis and machine learning: A survey and research directions","volume":"12","author":"Urooj","year":"2022","journal-title":"Appl Sci (Switzerland)","ISSN":"https:\/\/id.crossref.org\/issn\/2076-3417","issn-type":"print"},{"issue":"April 2023","key":"10.1016\/j.compeleceng.2026.110963_b22","article-title":"Ransomware early detection: A survey","volume":"239","author":"Cen","year":"2024","journal-title":"Comput Netw","ISSN":"https:\/\/id.crossref.org\/issn\/1389-1286","issn-type":"print"},{"key":"10.1016\/j.compeleceng.2026.110963_b23","doi-asserted-by":"crossref","first-page":"S94","DOI":"10.1016\/j.diin.2017.06.004","article-title":"Availability of datasets for digital forensics \u2013 and what is missing","volume":"22","author":"Grajeda","year":"2017","journal-title":"Digit Investig","ISSN":"https:\/\/id.crossref.org\/issn\/1742-2876","issn-type":"print"},{"issue":"2","key":"10.1016\/j.compeleceng.2026.110963_b24","doi-asserted-by":"crossref","first-page":"67","DOI":"10.1007\/s40860-019-00080-3","article-title":"Systematic literature review and metadata analysis of ransomware attacks and detection mechanisms","volume":"5","author":"Maigida","year":"2019","journal-title":"J Reliab Intell Environ","ISSN":"https:\/\/id.crossref.org\/issn\/2199-4676","issn-type":"print"},{"issue":"9","key":"10.1016\/j.compeleceng.2026.110963_b25","doi-asserted-by":"crossref","DOI":"10.1145\/3479393","article-title":"Ransomware mitigation in the modern era: A comprehensive review, research challenges, and future directions","volume":"54","author":"McIntosh","year":"2022","journal-title":"ACM Comput Surv","ISSN":"https:\/\/id.crossref.org\/issn\/1557-7341","issn-type":"print"},{"key":"10.1016\/j.compeleceng.2026.110963_b26","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2021.102287","article-title":"Challenges and pitfalls in malware research","volume":"106","author":"Botacin","year":"2021","journal-title":"Comput Secur","ISSN":"https:\/\/id.crossref.org\/issn\/0167-4048","issn-type":"print"},{"key":"10.1016\/j.compeleceng.2026.110963_b27","doi-asserted-by":"crossref","DOI":"10.1016\/j.fsidi.2021.301330","article-title":"NapierOne: A modern mixed file data set alternative to Govdocs1","volume":"40","author":"Davies","year":"2022","journal-title":"Forensic Sci Int: Digit Investig","ISSN":"https:\/\/id.crossref.org\/issn\/2666-2817","issn-type":"print"},{"key":"10.1016\/j.compeleceng.2026.110963_b28","series-title":"DigitalCorpora.org","article-title":"Digital corpora >> Govdocs1","author":"Digital Corpora","year":"2014"},{"key":"10.1016\/j.compeleceng.2026.110963_b29","isbn-type":"print","first-page":"1","article-title":"Towards reproducible ransomware analysis","author":"Hussain","year":"2023","ISBN":"https:\/\/id.crossref.org\/isbn\/9781450390651"},{"issue":"1","key":"10.1016\/j.compeleceng.2026.110963_b30","doi-asserted-by":"crossref","first-page":"533","DOI":"10.1007\/s10207-023-00758-z","article-title":"Rwarmor: a static-informed dynamic analysis approach for early detection of cryptographic windows ransomware","volume":"23","author":"Ayub","year":"2024","journal-title":"Int J Inf Secur","ISSN":"https:\/\/id.crossref.org\/issn\/1615-5270","issn-type":"print"},{"key":"10.1016\/j.compeleceng.2026.110963_b31","series-title":"Enhancing ransomware detection in cybersecurity : A comprehensive ensemble approach","first-page":"5222","author":"Rayudu","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b32","series-title":"Proceedings - 3rd International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS 2014","isbn-type":"print","first-page":"40","article-title":"Are we missing labels? A study of the availability of ground-truth in network security research","author":"Abt","year":"2016","ISBN":"https:\/\/id.crossref.org\/isbn\/9781479983087"},{"issue":"SUPPL.","key":"10.1016\/j.compeleceng.2026.110963_b33","doi-asserted-by":"crossref","first-page":"44","DOI":"10.1016\/j.diin.2012.05.008","article-title":"Using NLP techniques for file fragment classification","volume":"9","author":"Fitzgerald","year":"2012","journal-title":"Digit Investig","ISSN":"https:\/\/id.crossref.org\/issn\/1742-2876","issn-type":"print"},{"key":"10.1016\/j.compeleceng.2026.110963_b34","doi-asserted-by":"crossref","DOI":"10.1016\/j.fsidi.2021.301314","article-title":"RanSAP: An open dataset of ransomware storage access patterns for training machine learning models","volume":"40","author":"Hirano","year":"2022","journal-title":"Forensic Sci Int: Digit Investig","ISSN":"https:\/\/id.crossref.org\/issn\/2666-2817","issn-type":"print"},{"issue":"4","key":"10.1016\/j.compeleceng.2026.110963_b35","doi-asserted-by":"crossref","first-page":"277","DOI":"10.1007\/s11416-019-00338-7","article-title":"A cyber-kill-chain based taxonomy of crypto-ransomware features","volume":"15","author":"Dargahi","year":"2019","journal-title":"J Comput Virol Hacking Tech","ISSN":"https:\/\/id.crossref.org\/issn\/2263-8733","issn-type":"print"},{"key":"10.1016\/j.compeleceng.2026.110963_b36","series-title":"The eight stages of the ransomware attack chain","author":"Proofpoint U.S.","year":"2022"},{"key":"10.1016\/j.compeleceng.2026.110963_b37","series-title":"7 new computer viruses and malware of 2024","author":"Avast","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b38","series-title":"The top 10 ransomware groups of 2023","author":"Blackfog","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b39","series-title":"Ransomware in 2024: Top 5 delivery methods and threats to know","author":"Cofense","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b40","series-title":"Map of worldwide ransomware attacks (updated daily)","author":"Comparitech","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b41","series-title":"Q1 2024 ransomware report: 21% increase in Q1 2023 ransomware activity","author":"Corvus","year":"2023"},{"key":"10.1016\/j.compeleceng.2026.110963_b42","series-title":"16 Ransomware examples from recent attacks","author":"CrowdStrike","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b43","series-title":"Ransomware groups report 2024 - Q3","author":"Cyberint","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b44","series-title":"LockBit: The world\u2019s most active ransomware group","author":"Flashpoint","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b45","series-title":"HC3\u2019s top 10 most active ransomware groups","first-page":"1","author":"HC3","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b46","series-title":"Top 5 ransomware groups and malware delivering ransomware in 2024","author":"Magazine, Security","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b47","series-title":"Ransomware groups profiles","author":"Ransomlook","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b48","series-title":"Ransomwatch","author":"Ransomwatch","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b49","series-title":"Most popular ransomware groups to watch (updated 2024)","author":"Recordedfuture","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b50","series-title":"Kaspersky anti-ransomware day report 2024","author":"Securelist","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b51","series-title":"Ransomware statistics 2024: Latest trends methods","author":"Stationx","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b52","series-title":"Ransomware leak sites","author":"The DFIR Spot","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b53","series-title":"Ransomware tracker: The latest figures [June 2024]","author":"The Record","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b54","series-title":"Ransomware review: First half of 2024","author":"Unit42","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b55","series-title":"Stormous Ransomware: Complete Guide","year":"2025"},{"issue":"July","key":"10.1016\/j.compeleceng.2026.110963_b56","doi-asserted-by":"crossref","first-page":"100178","DOI":"10.1109\/ACCESS.2022.3207757","article-title":"An analysis of conti ransomware leaked source codes","volume":"10","author":"Alzahrani","year":"2022","journal-title":"IEEE Access","ISSN":"https:\/\/id.crossref.org\/issn\/2169-3536","issn-type":"print"},{"key":"10.1016\/j.compeleceng.2026.110963_b57","series-title":"What is conti ransomware?","author":"Balckberry","year":"2023"},{"key":"10.1016\/j.compeleceng.2026.110963_b58","series-title":"SecurityWeek","article-title":"Conti ransomware operation shut down after brand becomes toxic","author":"Kovacs","year":"2022"},{"key":"10.1016\/j.compeleceng.2026.110963_b59","series-title":"Dark web threat profile: Conti ransomware group - SOCRadar\u00ae cyber intelligence inc","author":"SOCRadar","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b60","series-title":"MalwareBazaar \u2014 malware sample exchange","author":"Malwarebazaar","year":"2025"},{"key":"10.1016\/j.compeleceng.2026.110963_b61","series-title":"VirusTotal","author":"VirusTotal","year":"2020"},{"key":"10.1016\/j.compeleceng.2026.110963_b62","series-title":"Vx underground","author":"Vxunderground","year":"2025"},{"key":"10.1016\/j.compeleceng.2026.110963_b63","series-title":"3AM Ransomware: Emerging Threat And Tactics","author":"Editorial","year":"2023"},{"key":"10.1016\/j.compeleceng.2026.110963_b64","series-title":"3AM ransomware: LockBit\u2019s failed standoff revealed","author":"Hiveforce Labs","year":"2025"},{"key":"10.1016\/j.compeleceng.2026.110963_b65","series-title":"Dark web profile: 3AM ransomware - SOCRadar\u00ae cyber intelligence inc.","author":"SOCRadar","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b66","series-title":"Threeam ransomware","author":"Watchguard Technologies","year":"2025"},{"key":"10.1016\/j.compeleceng.2026.110963_b67","series-title":"Daily dark web","author":"Daily Dark Web","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b68","series-title":"Ransomware spotlight: 8base \u2014 trend micro (SE)","author":"TrendMicro","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b69","series-title":"Dissecting 8Base: the anatomy of a cybercriminal threat actor - Almond","first-page":"42","author":"Almond","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b70","series-title":"Dark web profile: 8base ransomware - SOCRadar\u00ae cyber intelligence inc.","author":"SOCRadar","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b71","series-title":"A deep dive into phobos ransomware, recently deployed by 8base group","author":"Venere","year":"2023"},{"key":"10.1016\/j.compeleceng.2026.110963_b72","series-title":"Abyss locker ransomware: Attack flow & defense strategies","author":"Abigail See","year":"2025"},{"key":"10.1016\/j.compeleceng.2026.110963_b73","series-title":"Abyss ransomware THREAT PROFILE","author":"Blackpoint","year":"2023"},{"key":"10.1016\/j.compeleceng.2026.110963_b74","series-title":"Dark web profile: Abyss ransomware","author":"SOCRadar","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b75","series-title":"Dark web profile: Akira ransomware - SOCRadar\u00ae cyber intelligence inc","author":"SOCRadar","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b76","series-title":"#StopRansomware: Akira ransomware","author":"CISA","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b77","series-title":"Akira ransomware","author":"Kersten","year":"2023"},{"key":"10.1016\/j.compeleceng.2026.110963_b78","series-title":"Decrypted : Akira ransomware","author":"Nomoreransom","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b79","series-title":"Emerging threat: BianLian ransomware\u2019s shapeshift to encryption-less extortion","author":"Logpoint","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b80","series-title":"Redacted","article-title":"BianLian ransomware gang gives it a go!","author":"Armstrong","year":"2023"},{"key":"10.1016\/j.compeleceng.2026.110963_b81","series-title":"Cyber threat intelligence advisory \u2014 enhanced reader","author":"KPMG","year":"2023"},{"key":"10.1016\/j.compeleceng.2026.110963_b82","series-title":"Threat actor profile: BianLian, the shape-shifting ransomware group - SOCRadar\u00ae cyber intelligence inc","author":"SOCRadar","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b83","series-title":"VirusTotal - file - 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43","author":"VirusTotal","year":"2025"},{"key":"10.1016\/j.compeleceng.2026.110963_b84","series-title":"From origins to operations: Understanding black basta ransomware","author":"Flashpoint","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b85","series-title":"Unit42","article-title":"Threat assessment: Black basta ransomware","author":"Elsad","year":"2022"},{"key":"10.1016\/j.compeleceng.2026.110963_b86","series-title":"2024 cyber research conference - Ireland, cyber-RCI 2024","isbn-type":"print","first-page":"1","article-title":"Intelligence driven threat actor analysis: BlackBasta and affiliates","author":"Hayman","year":"2024","ISBN":"https:\/\/id.crossref.org\/isbn\/9798350390100"},{"key":"10.1016\/j.compeleceng.2026.110963_b87","volume":"vol. Arxiv","author":"Korac","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b88","series-title":"Data encryption battlefield: A deep dive into the dynamic confrontations in ransomware attacks","author":"Mahboubi","year":"2025"},{"key":"10.1016\/j.compeleceng.2026.110963_b89","series-title":"A deep dive into blackbasta","author":"Pasca","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b90","series-title":"Deciphering ransomware through contextual anomaly signatures : A novel approach","first-page":"1","author":"Shim","year":"2025"},{"key":"10.1016\/j.compeleceng.2026.110963_b91","series-title":"Dark web profile: Black basta ransomware - SOCRadar\u00ae cyber intelligence inc","author":"SOCRadar","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b92","series-title":"A deep dive into ALPHV\/BlackCat ransomware","author":"SecurityScorecard","year":"2023"},{"key":"10.1016\/j.compeleceng.2026.110963_b93","series-title":"What is BlackCat ransomware? \u2014 how does BlackCat work?","author":"Akami","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b94","series-title":"Dark web profile: BlackCat (ALPHV) - SOCRadar\u00ae cyber intelligence inc","author":"SOCRadar","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b95","series-title":"Blackcat","author":"Tiage","year":"2025"},{"key":"10.1016\/j.compeleceng.2026.110963_b96","series-title":"Exploring the (not so) secret code of black hunt ransomware","author":"Rapid7","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b97","series-title":"Rapid7","article-title":"Exploring the (not so) secret code of black hunt ransomware","author":"\u0160irokova","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b98","series-title":"Continuous activities of the BlackHunt ransomware group","author":"SOCRadar","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b99","series-title":"BlackSuit","author":"SentinelOne","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b100","series-title":"StopRansomware: Blacksuit (royal) ransomware","author":"CISA","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b101","series-title":"StopRansomware: Blacksuit (royal) ransomware","author":"CIA","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b102","series-title":"Deep Dive: Exposing BlackSuit Ransomware","author":"deepinstinct Kosarev","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b103","series-title":"Dark web profile: BlackSuit ransomware - SOCRadar\u00ae cyber intelligence inc","author":"SOCRadar","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b104","series-title":"Cactus ransomware: New strain in the market","author":"Trellix","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b105","series-title":"Dark Web Profile: Cactus Ransomware - SOCRadar\u00ae Cyber Intelligence Inc.","author":"SOCRadar","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b106","series-title":"A deep dive into cactus ransomware","author":"Vlad Pascaa","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b107","series-title":"2015 international conference on computer, communications, and control technology","first-page":"294","article-title":"In memory detection of windows API call hooking technique","author":"Mohd Shaid","year":"2015"},{"key":"10.1016\/j.compeleceng.2026.110963_b108","series-title":"What is cl0p ransomware?","author":"Kaspersky","year":"2024"},{"issue":"18","key":"10.1016\/j.compeleceng.2026.110963_b109","doi-asserted-by":"crossref","DOI":"10.3390\/electronics13183689","article-title":"Clop ransomware in action: A comprehensive analysis of its multi-stage tactics","volume":"13","author":"Lee","year":"2024","journal-title":"Electron (Switzerland)","ISSN":"https:\/\/id.crossref.org\/issn\/2079-9292","issn-type":"print"},{"key":"10.1016\/j.compeleceng.2026.110963_b110","series-title":"A deep dive into CL0p ransomware","author":"Pditechnologie","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b111","series-title":"Dark web threat profile: CLOP ransomware - SOCRadar\u00ae cyber intelligence inc","author":"SOCRadar","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b112","series-title":"The rise and fall of the conti ransomware group","author":"Initiative, Global","year":"2023"},{"key":"10.1016\/j.compeleceng.2026.110963_b113","series-title":"SentinelLabs","article-title":"Conti unpacked \u2014 understanding ransomware development as a response to detection","author":"Weizman","year":"2021"},{"key":"10.1016\/j.compeleceng.2026.110963_b114","series-title":"Conti\u2019s source code: Deep dive","author":"Team, Cluster","year":"2022"},{"key":"10.1016\/j.compeleceng.2026.110963_b115","series-title":"Hunters international: New ransomware based on hive source code","author":"Acronis","year":"2023"},{"key":"10.1016\/j.compeleceng.2026.110963_b116","series-title":"Hunters international: A deep dive into the evolution of A stealthy ransomware group","author":"AmpcusCyber","year":"2025"},{"key":"10.1016\/j.compeleceng.2026.110963_b117","series-title":"Dark Web Profile: Hunters International - SOCRadar\u00ae Cyber Intelligence Inc.","author":"SOCRadar","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b118","series-title":"Vedere labs","article-title":"Hunters international ransomware: What we learned","author":"Tilekar","year":"2025"},{"key":"10.1016\/j.compeleceng.2026.110963_b119","series-title":"INC linux ransomware - sandboxing with ELFEN and analysis","author":"Hill","year":"2023"},{"key":"10.1016\/j.compeleceng.2026.110963_b120","series-title":"Dark web profile: INC ransom - SOCRadar\u00ae cyber intelligence inc.","author":"SOCRadar","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b121","series-title":"INC ransomware group: A deep dive into their TTPs, IOCs, and defense strategies","author":"Tindall","year":"2025"},{"key":"10.1016\/j.compeleceng.2026.110963_b122","series-title":"Dark web profile: LockBit 3.0 ransomware - SOCRadar\u00ae cyber intelligence inc","author":"SOCRadar","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b123","series-title":"Analysis of the LockBit 3.0 and its infiltration into advanced\u2019s infrastructure crippling NHS services","first-page":"24","author":"Akinyemi","year":"2024"},{"issue":"8","key":"10.1016\/j.compeleceng.2026.110963_b124","doi-asserted-by":"crossref","DOI":"10.3390\/info15080484","article-title":"Earlier decision on detection of ransomware identification: A comprehensive systematic literature review","volume":"15","author":"Albshaier","year":"2024","journal-title":"Inf (Switzerland)","ISSN":"https:\/\/id.crossref.org\/issn\/2078-2489","issn-type":"print"},{"key":"10.1016\/j.compeleceng.2026.110963_b125","series-title":"APT Deep Dive: LockBit","author":"Hill","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b126","series-title":"A look at LockBit 3 ransomware","author":"Piranha","year":"2023"},{"issue":"1","key":"10.1016\/j.compeleceng.2026.110963_b127","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1002\/spy2.328","article-title":"Understanding impacts of a ransomware on medical and health facilities by utilizing LockBit as a case study","volume":"7","author":"Rauf Ali Khan","year":"2024","journal-title":"Secur Priv","ISSN":"https:\/\/id.crossref.org\/issn\/2475-6725","issn-type":"print"},{"key":"10.1016\/j.compeleceng.2026.110963_b128","series-title":"8th international conference on information technology 2024","isbn-type":"print","doi-asserted-by":"crossref","first-page":"624","DOI":"10.1109\/InCIT63192.2024.10810564","article-title":"Digital forensic analysis of lockbit ransomware attack on operational technology","author":"Suk-On","year":"2024","ISBN":"https:\/\/id.crossref.org\/isbn\/9798350366303"},{"key":"10.1016\/j.compeleceng.2026.110963_b129","series-title":"MalasLocker ransomware: How to stay safe","author":"Data","year":"2023"},{"key":"10.1016\/j.compeleceng.2026.110963_b130","series-title":"Dark web profile: MalasLocker ransomware - SOCRadar\u00ae cyber intelligence inc","author":"SOCRadar","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b131","series-title":"Evolution of mallox: from private ransomware to RaaS","author":"Securelist","year":"2023"},{"key":"10.1016\/j.compeleceng.2026.110963_b132","series-title":"Ransomware analysis report: Mallox","author":"Loda","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b133","series-title":"The new threat: Mallox ransomware","author":"Sangfor Technologies","year":"2021"},{"key":"10.1016\/j.compeleceng.2026.110963_b134","series-title":"Dark web profile: Mallox ransomware - SOCRadar\u00ae cyber intelligence inc","author":"SOCRadar","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b135","series-title":"Ransomware lab walkthrough: Maze edition! \u2014 by Bl@ckC!pH3r \u2014 medium","author":"Bl@ckC!pH3r","year":"2025"},{"key":"10.1016\/j.compeleceng.2026.110963_b136","series-title":"What is maze ransomware?","author":"Crowd Strike","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b137","series-title":"Maze ransomware","author":"Security, H.H.S. CyberSecurity Program. Office of Information","year":"2020"},{"key":"10.1016\/j.compeleceng.2026.110963_b138","series-title":"Medusa ransomware: What you need to know","author":"Provendata","year":"2023"},{"key":"10.1016\/j.compeleceng.2026.110963_b139","series-title":"Dark web profile: Medusa ransomware (MedusaLocker) - SOCRadar\u00ae cyber intelligence inc","author":"SOCRadar","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b140","series-title":"A deep dive into medusa ransomware","author":"Vlad Pascaa","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b141","series-title":"Meow ransomware gang claims superior court of California","author":"Cyber News","year":"2023"},{"key":"10.1016\/j.compeleceng.2026.110963_b142","series-title":"Feline hackers among us? (a deep dive and simulation of the meow attack)","author":"Biron","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b143","series-title":"Dark web profile: Meow ransomware - SOCRadar\u00ae cyber intelligence inc","author":"SOCRadar","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b144","series-title":"MEOW! ransomware","author":"Watchguard Technologies","year":"2025"},{"key":"10.1016\/j.compeleceng.2026.110963_b145","series-title":"Noescape","author":"Sentinel One","year":"2023"},{"key":"10.1016\/j.compeleceng.2026.110963_b146","series-title":"HC3: NoEscape ransomware","year":"2023"},{"key":"10.1016\/j.compeleceng.2026.110963_b147","series-title":"Noescape ransomware report","author":"Cyber, Quorum","year":"2023"},{"key":"10.1016\/j.compeleceng.2026.110963_b148","series-title":"Dark web profile: NoEscape ransomware - SOCRadar\u00ae cyber intelligence inc","author":"SOCRadar","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b149","series-title":"An in-depth look at play ransomware","year":"2023"},{"key":"10.1016\/j.compeleceng.2026.110963_b150","series-title":"PLAY ransomware","author":"Cymulate","year":"2023"},{"key":"10.1016\/j.compeleceng.2026.110963_b151","series-title":"Dark web profile: Play ransomware - SOCRadar\u00ae cyber intelligence inc","author":"SOCRadar","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b152","series-title":"Techniques of the recent Qilin ransomware attacks","author":"Group-IB","year":"2023"},{"key":"10.1016\/j.compeleceng.2026.110963_b153","series-title":"HC3: Qilin, aka agenda ransomware","author":"HC","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b154","series-title":"Dark web profile: Qilin (agenda) ransomware - SOCRadar\u00ae cyber intelligence inc","author":"SOCRadar","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b155","series-title":"Qilin ransomware: a deep dive into operations & OPSEC breakdowns","author":"Squad","year":"2025"},{"key":"10.1016\/j.compeleceng.2026.110963_b156","series-title":"An overview of the new rhysida ransomware","author":"Trend Micro","year":"2023"},{"key":"10.1016\/j.compeleceng.2026.110963_b157","series-title":"Ransomware spotlight: Rhysida","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b158","series-title":"HC3: Sector alert rhysida ransomware","author":"HC","year":"2023"},{"key":"10.1016\/j.compeleceng.2026.110963_b159","series-title":"Threat profile: Rhysida ransomware - SOCRadar\u00ae cyber intelligence inc","author":"SOCRadar","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b160","series-title":"Royal ransomware deep dive \u2014 kroll","author":"Lacono","year":"2023"},{"key":"10.1016\/j.compeleceng.2026.110963_b161","series-title":"Dark web profile: Royal ransomware - SOCRadar\u00ae cyber intelligence inc","author":"SOCRadar","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b162","series-title":"What is sodinokibi ransomware?","author":"Avast","year":"2022"},{"key":"10.1016\/j.compeleceng.2026.110963_b163","series-title":"Taking a deep dive into Sodinokibi ransomware","author":"Tiwari","year":"2019"},{"issue":"February","key":"10.1016\/j.compeleceng.2026.110963_b164","doi-asserted-by":"crossref","first-page":"40698","DOI":"10.1109\/ACCESS.2023.3268535","article-title":"The age of ransomware: A survey on the evolution, taxonomy, and research directions","volume":"11","author":"Razaulla","year":"2023","journal-title":"IEEE Access","ISSN":"https:\/\/id.crossref.org\/issn\/2169-3536","issn-type":"print"},{"key":"10.1016\/j.compeleceng.2026.110963_b165","series-title":"Stormous ransomware: analysis of cybercrime group","author":"Arun","year":"2025"},{"key":"10.1016\/j.compeleceng.2026.110963_b166","series-title":"Dark web profile: Who is \u2019stormous ransomware\u2019 claiming to leak epic games information","author":"SOCRadar","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b167","series-title":"Alert: GhostSec and stormous launch joint ransomware attacks in over 15 countries","author":"TheHAckerNews","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b168","series-title":"Technical analysis of trigona ransomware","author":"Brett Stone-Gross","year":"2023"},{"key":"10.1016\/j.compeleceng.2026.110963_b169","series-title":"Trigona ransomware uses password-protected malware","author":"Extrahop","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b170","series-title":"ThreeAM (3AM): Exploring the new and evolving ransomware","author":"Cybernext","year":"2024"},{"issue":"PB","key":"10.1016\/j.compeleceng.2026.110963_b171","article-title":"Digital forensic of maze ransomware: A case of electricity distributor enterprise in ASEAN","volume":"249","author":"Chimmanee","year":"2024","journal-title":"Expert Syst Appl","ISSN":"https:\/\/id.crossref.org\/issn\/0957-4174","issn-type":"print"},{"key":"10.1016\/j.compeleceng.2026.110963_b172","series-title":"Stormous ransomware decryption and data recovery guide","author":"Decryptor","year":"2023"},{"key":"10.1016\/j.compeleceng.2026.110963_b173","series-title":"Free automated malware analysis service - powered by falcon sandbox","year":"2025"},{"key":"10.1016\/j.compeleceng.2026.110963_b174","series-title":"Thezoo\/malware\/binaries at master \u00b7 ytisf\/thezoo","year":"2025"},{"key":"10.1016\/j.compeleceng.2026.110963_b175","series-title":"VirusShare.com","year":"2025"},{"key":"10.1016\/j.compeleceng.2026.110963_b176","doi-asserted-by":"crossref","first-page":"144","DOI":"10.1016\/j.cose.2018.01.001","article-title":"Ransomware threat success factors, taxonomy, and countermeasures: A survey and research directions","volume":"74","author":"Al-rimy","year":"2018","journal-title":"Comput Secur","ISSN":"https:\/\/id.crossref.org\/issn\/0167-4048","issn-type":"print"},{"issue":"1","key":"10.1016\/j.compeleceng.2026.110963_b177","article-title":"Crypto-ransomware detection and prevention techniques and tools: A survey","volume":"14","author":"Alshaikh","year":"2023","journal-title":"Int J Comput Digit Syst"},{"key":"10.1016\/j.compeleceng.2026.110963_b178","series-title":"Threat actor profile \u2013 \u201cBlackMatter\u201d ransomware","author":"Avertium","year":"2021"},{"key":"10.1016\/j.compeleceng.2026.110963_b179","isbn-type":"print","first-page":"254","article-title":"The naked sun: Malicious cooperation between benign-looking processes","volume":"vol. 12147 LNCS, no. Ml","author":"De Gaspari","year":"2020","ISBN":"https:\/\/id.crossref.org\/isbn\/9783030578770"},{"key":"10.1016\/j.compeleceng.2026.110963_b180","isbn-type":"print","first-page":"1","article-title":"A key-management-based taxonomy for ransomware","volume":"vol. 2018-May","author":"Enbody","year":"2018","ISBN":"https:\/\/id.crossref.org\/isbn\/9781538649220"},{"issue":"1","key":"10.1016\/j.compeleceng.2026.110963_b181","doi-asserted-by":"crossref","first-page":"77","DOI":"10.1007\/s11416-008-0092-2","article-title":"Comparative analysis of various ransomware virii","volume":"6","author":"Gazet","year":"2010","journal-title":"J Comput Virol","ISSN":"https:\/\/id.crossref.org\/issn\/1772-9890","issn-type":"print"},{"key":"10.1016\/j.compeleceng.2026.110963_b182","series-title":"CryptoLocker ransomware threat analysis \u2014 secureworks","author":"Jarvis","year":"2024"},{"key":"10.1016\/j.compeleceng.2026.110963_b183","series-title":"Proceedings of the 2014 Virus bulletin conference","isbn-type":"print","first-page":"757","article-title":"UNVEIL : A large-scale , automated approach to detecting ransomware this paper is included in the proceedings of the","author":"Kharaz","year":"2016","ISBN":"https:\/\/id.crossref.org\/isbn\/9781931971324"},{"issue":"2","key":"10.1016\/j.compeleceng.2026.110963_b184","doi-asserted-by":"crossref","DOI":"10.3390\/e24020239","article-title":"A method for neutralizing entropy measurement-based ransomware detection technologies using encoding algorithms","volume":"24","author":"Lee","year":"2022","journal-title":"Entropy","ISSN":"https:\/\/id.crossref.org\/issn\/1099-4300","issn-type":"print"},{"issue":"1","key":"10.1016\/j.compeleceng.2026.110963_b185","doi-asserted-by":"crossref","first-page":"213","DOI":"10.14569\/IJACSA.2023.0140124","article-title":"Ransomware: Analysis of encrypted files","volume":"14","author":"Madani","year":"2023","journal-title":"Int J Adv Comput Sci Appl","ISSN":"https:\/\/id.crossref.org\/issn\/2156-5570","issn-type":"print"},{"key":"10.1016\/j.compeleceng.2026.110963_b186","isbn-type":"print","first-page":"643","article-title":"The growing influence of ransomware","volume":"vol. 2020-July","author":"Mos","year":"2020","ISBN":"https:\/\/id.crossref.org\/isbn\/9781728153179"},{"key":"10.1016\/j.compeleceng.2026.110963_b187","first-page":"S69","article-title":"File fragment encoding classification - an empirical approach","volume":"vol. 10","author":"Roussev","year":"2013"},{"issue":"2","key":"10.1016\/j.compeleceng.2026.110963_b188","first-page":"5","article-title":"Ransomware behavior attack construction via graph theory approach","volume":"11","author":"Safwan Rosli","year":"2020","journal-title":"(IJACSA) Int J Adv Comput Sci Appl"},{"issue":"5","key":"10.1016\/j.compeleceng.2026.110963_b189","first-page":"2016","article-title":"A brief study of wannacry threat: Ransomware attack 2017","volume":"8","author":"Savita Mohurle","year":"2017","journal-title":"Int J Adv Res Comput Sci","ISSN":"https:\/\/id.crossref.org\/issn\/0976-5697","issn-type":"print"},{"key":"10.1016\/j.compeleceng.2026.110963_b190","series-title":"NapierOne","author":"Davies","year":"2021"},{"key":"10.1016\/j.compeleceng.2026.110963_b191","series-title":"BCS code of conduct","year":"2015"},{"key":"10.1016\/j.compeleceng.2026.110963_b192","series-title":"Computer Misuse Act 1990 (Oct-2017)","author":"Spiritual","year":"2017"},{"key":"10.1016\/j.compeleceng.2026.110963_b193","series-title":"Mandiant special report 2023","year":"2023"},{"key":"10.1016\/j.compeleceng.2026.110963_b194","series-title":"Ransomware and extortion report 2023 \u2014 2","author":"Unit 42","year":"2023"},{"key":"10.1016\/j.compeleceng.2026.110963_b195","unstructured":"Ponemon Institute. The third annual study on the state of endpoint security risk. Tech. rep. January, 2020, https:\/\/rb.gy\/6dq970."},{"key":"10.1016\/j.compeleceng.2026.110963_b196","first-page":"1","article-title":"CrowdStrike 2020 global threat report","author":"Crowdstrike","year":"2020","journal-title":"Crowdstrike"}],"container-title":["Computers and Electrical Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0045790626000315?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0045790626000315?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2026,2,18]],"date-time":"2026-02-18T14:10:16Z","timestamp":1771423816000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0045790626000315"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,4]]},"references-count":196,"alternative-id":["S0045790626000315"],"URL":"https:\/\/doi.org\/10.1016\/j.compeleceng.2026.110963","relation":{},"ISSN":["0045-7906"],"issn-type":[{"value":"0045-7906","type":"print"}],"subject":[],"published":{"date-parts":[[2026,4]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"Comprehensive performance benchmarking and comparative analysis of active ransomware threats","name":"articletitle","label":"Article Title"},{"value":"Computers and Electrical Engineering","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.compeleceng.2026.110963","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2026 The Author(s). Published by Elsevier Ltd.","name":"copyright","label":"Copyright"}],"article-number":"110963"}}