A cyber-kill-chain based taxonomy of crypto-ransomware features

Dargahi, T ORCID: https://orcid.org/0000-0002-0908-6483, Dehghantanha, A ORCID: https://orcid.org/0000-0002-9294-7554, Nikkhah Bahrami, P, Conti, M, Bianchi, G and Benedetto, L 2019, 'A cyber-kill-chain based taxonomy of crypto-ransomware features' , Journal of Computer Virology and Hacking Techniques, 15 , pp. 277-305.

PDF - Published Version
Available under License Creative Commons Attribution 4.0.

Download (903kB) | Preview
[img] PDF - Accepted Version
Restricted to Repository staff only

Download (981kB) | Request a copy


In spite of being just a few years old, ransomware is quickly becoming a serious threat to our digital infrastructures, data and services. Majority of ransomware families are requesting for a ransom payment to restore a custodian access or decrypt data which were encrypted by the ransomware earlier. Although the ransomware attack strategy seems to be simple, security specialists ranked ransomware as a sophisticated attack vector with many variations and families. Wide range of features which are available in different families and versions of ransomware further complicates their detection and analysis. Though the existing body of research provides significant discussions about ransomware details and capabilities, the all research body is fragmented. Therefore, a ransomware feature taxonomy would advance cyber defenders’ understanding of associated risks of ransomware. In this paper we provide, to the best of our knowledge, the first scientific taxonomy of ransomware features, aligned with Lockheed Martin Cyber Kill Chain (CKC) model. CKC is a well-established model in industry that describes stages of cyber intrusion attempts. To ease the challenge of applying our taxonomy in real world, we also provide the corresponding ransomware defence taxonomy aligned with Courses of Action matrix (an intelligence-driven defence model). We believe that this research study is of high value for the cyber security research community, as it provides the researchers with a means of assessing the vulnerabilities and attack vectors towards the intended victims.

Item Type: Article
Schools: Schools > School of Computing, Science and Engineering
Journal or Publication Title: Journal of Computer Virology and Hacking Techniques
Publisher: Springer
ISSN: 2274-2042
Related URLs:
Depositing User: T Dargahi
Date Deposited: 15 Jul 2019 09:14
Last Modified: 16 Feb 2022 02:20
URI: https://usir.salford.ac.uk/id/eprint/51794

Actions (login required)

Edit record (repository staff only) Edit record (repository staff only)


Downloads per month over past year