This study provides a comprehensive synthesis of Artificial Intelligence (AI), especially Machine Learning (ML) and Deep Learning (DL), in ransomware defense. Using a "review of reviews" methodology based on PRISMA, this paper gathers insights on how AI is transforming ransomware detection, prevention, and mitigation strategies during the past five years (2020-2024). The findings highlight the effectiveness of hybrid models that combine multiple analysis techniques such as code inspection (static analysis) and behavior monitoring during execution (dynamic analysis). The study also explores anomaly detection and early warning mechanisms before encryption to address the increasing complexity of ransomware. In addition, it examines key challenges in ransomware defense, including techniques designed to deceive AI-driven detection systems and the lack of strong and diverse datasets. The results highlight the role of AI in early detection and real-time response systems, improving scalability and resilience. Using a systematic review-of-reviews approach, this study consolidates insights from multiple review articles, identifies effective AI models, and bridges theory with practice to support collaboration among academia, industry, and policymakers. Future research directions and practical recommendations for cybersecurity practitioners are also discussed. Finally, this paper proposes a roadmap for advancing AI-driven countermeasures to protect critical systems and infrastructures against evolving ransomware threats.

翻译：本研究对人工智能（AI），特别是机器学习（ML）和深度学习（DL）在勒索软件防御中的应用进行了全面综合。本文基于PRISMA框架，采用"综述之综述"方法，汇集了过去五年（2020-2024年）关于AI如何变革勒索软件检测、预防和缓解策略的见解。研究结果强调了结合多种分析技术（如代码检查（静态分析）和执行期间行为监控（动态分析））的混合模型的有效性。本研究还探讨了在加密前进行异常检测和早期预警的机制，以应对日益复杂的勒索软件。此外，本文审视了勒索软件防御中的关键挑战，包括旨在欺骗AI驱动检测系统的技术以及缺乏强大且多样化的数据集。研究结果凸显了AI在早期检测和实时响应系统中的作用，提升了可扩展性和韧性。通过采用系统性的综述之综述方法，本研究整合了多篇综述文章的见解，识别了有效的AI模型，并架起了理论与实践之间的桥梁，以支持学术界、工业界和政策制定者之间的协作。本文还讨论了未来的研究方向以及对网络安全从业者的实践建议。最后，本文提出了一个路线图，旨在推进AI驱动的应对措施，以保护关键系统和基础设施免受不断演变的勒索软件威胁。