Ransomware remains an alarming threat in the 21st century. It has evolved from being a simple scare tactic into a complex malware capable of evasion. Formerly, end-users were targeted via mass infection campaigns. Nevertheless, in recent years, the attackers have focused on targeted attacks, since the latter are profitable and can induce severe damage. A vast number of detection mechanisms have been proposed in the literature. We provide a systematic review of ransomware countermeasures starting from its deployment on the victim machine until the ransom payment via cryptocurrency. We define four stages of this malware attack: Delivery, Deployment, Destruction, and Dealing. Then, we assign the corresponding countermeasures for each phase of the attack and cluster them by the techniques used. Finally, we propose a roadmap for researchers to fill the gaps found in the literature in ransomware’s battle.

中文翻译：

---

基于 Windows 的勒索软件分类和检测机制调查

勒索软件在 21 世纪仍然是一个令人震惊的威胁。它已经从一种简单的恐吓策略演变为一种能够规避的复杂恶意软件。以前，最终用户是大规模感染活动的目标。然而，近年来，攻击者专注于有针对性的攻击，因为后者是有利可图的，并且会造成严重的破坏。文献中已经提出了大量的检测机制。我们对勒索软件的对策进行了系统的审查，从它在受害者机器上的部署开始，直到通过加密货币支付赎金。我们定义了这种恶意软件攻击的四个阶段：交付、部署、破坏和处理。然后，我们为攻击的每个阶段分配相应的对策，并通过使用的技术对它们进行聚类。最后，