top of page
Search

Understanding Ransomware Using Data Science

Our research paper shows how decision-makers that are in a position to affect ransomware at scale – including policy-makers and industry leaders – can use data-science approaches to understand ransomware risk holistically and build cybersecurity strategies that can affect the ransomware ecosystem as a whole.


By Vladimir Kropotov, Bakuei Matsukawa, Robert McArdle, Fyodor Yarochkin, Shingo Matsugaya (Trend Micro), Erin Burns, Eireann Leverett (Waratah Analytics)

Ransomware has become a different animal over the years, made a more insidious threat by attackers who have turned to increasingly sophisticated playbooks and a slew of payment options at their disposal. As part of its continuous evolution, it now takes a holistic approach to better grasp the complexities of the current-day ransomware ecosystem.

In this joint research, “What Decision-Makers Need to Know About Ransomware Risk: Data Science Applied to Ransomware Ecosystem Analysis,” researchers at Trend Micro and Waratah Analytics investigated strategic, tactical, operational, and technical threat intelligence to find emerging trends and developments in the ransomware landscape. The authors collected data from a multitude of sources, including ransomware group leak sites, network-based and host-based telemetry, cryptocurrency transactions, and leaked internal chat logs, which allowed them to understand how ransomware groups operate from different angles.

Using data-science experiments and visualization tools to map out ransomware-related activity allowed the researchers behind this paper to determine changes in ransomware groups’ scope of targets, compare similarities in their business processes, and ascertain difficulties in their day-to-day operations like the procurement of ransom payments. The methodologies laid out in this paper provide a snapshot of the goings-on in present-day ransomware circles, but more importantly, detail how these data-science approaches can be used to help defenders in their own investigation of ransomware risks to their organizations.

Source: Read More

Comments


bottom of page