Ransomware Detection Using Open-source Tools

The recent development of new and variant malicious codes, and the increase in cyberattacks in the form of intelligent Advanced Persistent Threat (APT), has led to rapidly increasing levels of damage. In particular, in the case of ransomware, the damage per attack is large, because ransomware uses a network propagation method, by which each attack can infect multiple victims. As ransomware as a service (RaaS) has increased recently, even people without the capacity to develop malicious code have become able to attack via ransomware. In this study, we built and experimented with a framework that detects ransomware in network and system environments using open-source tools. This study showed through analysis and experiments that open-source tools can quickly identify and respond immediately to APT attacks.