Mitigating Ransomware Attacks through Cyber Threat Intelligence and Machine Learning: Survey

Abstract

Lately, the rise of the Internet has led to a surge in the occurrences of ransomware attacks targeting individuals and organizations. Thus, developing a relevant detection system capable of detecting or preventing ransomware becomes a necessity, and the quality of services provided by that system will highly depend on the quality of the data with which the system is designed. Ransomware stands out as a highly perilous type of malware that has attracted global attention. Its operation involves encrypting files on the computer's storage or restricting system access, with a demand for payment to undo the damage. There are diverse types of ransomware that continue to evolve day by day. Hackers are employing advanced techniques to create a new generation of ransomware that can easily bypass an organization's security infrastructure. Cyber Threat Intelligence (CTI) is an approach used to acquire knowledge about malware collected from various sources. Machine-learning algorithms can utilize data collected by CTI to detect ransom attacks or any abnormal activities in the system more accurately than traditional methods. This paper is designed to explore the impact of Cyber Threat Intelligence and Machine Learning on mitigating ransomware attacks, demonstrating their importance in terms of predictive and preventive approaches, as well as how they can enhance traditional detection systems.