Studying Ransomware Attacks Using Web Search Logs

Microsoft Research Lab - India, Bangalore, India, 2020

Cyber attacks are increasingly becoming prevalent and causing significant damage to individuals, businesses and even countries. In particular, ransomware attacks have grown significantly over the last decade. We do the first study on mining insights about ransomware attacks by analyzing query logs from Bing web search engine. We first extract ransomware related queries and then build a machine learning model to identify queries where users are seeking support for ransomware attacks. We show that user search behavior and characteristics are correlated with ransomware attacks. We also analyse trends in the temporal and geographical space and validate our findings against publicly available information. Lastly, we do a case study on ‘Nemty’, a popular ransomware, to show that it is possible to derive accurate insights about cyber attacks by query log analysis.

This work has been accepted as a short paper at SIGIR 2020. [Acceptance Rate ≈ 30%]

Collaborators - Chetan Bansal, Chandra Maddila, Pantazis Deligiannis

Please find all the relevant resources below:

  1. Preprint on ArXiv.
  2. Conference paper along with presentation video.