Ransomware uses encryption methods to make data inaccessible to legitimate users. To date a wide range of ransomware families have been developed and deployed, causing immense damage to governments, corporations, and private users. As these cyberthreats multiply, researchers have proposed a range of ransomware detection and classification schemes. Most of these methods use advanced machine learning techniques to process and analyze real-world ransomware binaries and action sequences. Hence this paper presents a survey of this critical space and classifies existing solutions into several categories, i.e., including network-based, host-based, forensic characterization, and authorship attribution. Key facilities and tools for ransomware analysis are also presented along with open challenges.

翻译：勒索软件通过加密手段使合法用户无法访问数据资源。目前已有多种勒索软件家族被研发和部署，对政府机构、企业和个人用户造成了巨大损害。随着这类网络威胁的持续蔓延，研究人员提出了多种勒索软件检测与分类方案。这些方法大多采用先进机器学习技术处理和分析真实世界的勒索软件二进制文件及行为序列。本文对该关键研究领域进行综述，将现有解决方案划分为基于网络、基于主机、取证特征分析及作者归属分析等类别。同时介绍了勒索软件分析的关键设施与工具，并探讨了当前面临的开放性挑战。