Ransomware and Artificial Intelligence: A Comprehensive Systematic Review of Reviews

TL;DR

This comprehensive review synthesizes recent advances in AI, especially ML and DL, for ransomware defense, highlighting effective hybrid detection models, challenges like deception techniques, and future research directions.

Contribution

It is the first systematic review of reviews on AI-based ransomware defense, consolidating insights, identifying effective models, and proposing a roadmap for future research and practical implementation.

Findings

Hybrid models combining static and dynamic analysis are effective.

AI enables early detection and real-time response to ransomware.

Challenges include deception techniques and limited datasets.

Abstract

This study provides a comprehensive synthesis of Artificial Intelligence (AI), especially Machine Learning (ML) and Deep Learning (DL), in ransomware defense. Using a "review of reviews" methodology based on PRISMA, this paper gathers insights on how AI is transforming ransomware detection, prevention, and mitigation strategies during the past five years (2020-2024). The findings highlight the effectiveness of hybrid models that combine multiple analysis techniques such as code inspection (static analysis) and behavior monitoring during execution (dynamic analysis). The study also explores anomaly detection and early warning mechanisms before encryption to address the increasing complexity of ransomware. In addition, it examines key challenges in ransomware defense, including techniques designed to deceive AI-driven detection systems and the lack of strong and diverse datasets. The results highlight the role of AI in early detection and real-time response systems, improving scalability and resilience. Using a systematic review-of-reviews approach, this study consolidates insights from multiple review articles, identifies effective AI models, and bridges theory with practice to support collaboration among academia, industry, and policymakers. Future research directions and practical recommendations for cybersecurity practitioners are also discussed. Finally, this paper proposes a roadmap for advancing AI-driven countermeasures to protect critical systems and infrastructures against evolving ransomware threats.