Abstract
Cloud computing has become a critical infrastructure for businesses, but presents new security challenges, particularly ransomware attacks. This paper surveys recent machine learning (ML) techniques for detecting ransomware in cloud environments. It analyzes feature selection methods, dataset properties, and ML model performance, comparing their effectiveness in real-world scenarios. In addition, the paper identifies challenges, including dataset bias, limited generalizability, and limitations of current ML-based defenses, and suggests practices to enhance ML-driven ransomware detection. These practices focus on real-world cloud evaluation, improving generalizability, reducing dependency on execution, balancing accuracy and performance, and enhancing explainability. Future work should aim to refine these models for real-world resilience and better adaptation to evolving cyber threats.