Studying Ransomware Attacks Using Web Search Logs
This provides insights into ransomware trends for cybersecurity researchers and practitioners, but it is incremental as it applies existing methods to a new data source.
The study tackled the problem of understanding ransomware attacks by analyzing Bing web search logs, extracting ransomware-related queries and building a machine learning model to identify support-seeking queries, showing correlations between user search behavior and attacks with validation against public data.
Cyber attacks are increasingly becoming prevalent and causing significant damage to individuals, businesses and even countries. In particular, ransomware attacks have grown significantly over the last decade. We do the first study on mining insights about ransomware attacks by analyzing query logs from Bing web search engine. We first extract ransomware related queries and then build a machine learning model to identify queries where users are seeking support for ransomware attacks. We show that user search behavior and characteristics are correlated with ransomware attacks. We also analyse trends in the temporal and geographical space and validate our findings against publicly available information. Lastly, we do a case study on 'Nemty', a popular ransomware, to show that it is possible to derive accurate insights about cyber attacks by query log analysis.