Studying Ransomware Attacks Using Web Search Logs

Published at 43rd International ACM SIGIR Conference on Research and Development in Information Retrieval, 2020

Cyber attacks are increasingly becoming prevalent and causing significant damage to individuals, businesses and even countries. In particular, ransomware attacks have grown significantly over the last decade. We do the first study on mining insights about ransomware attacks by analyzing query logs from Bing web search engine. We first extract ransomware related queries and then build a machine learning model to identify queries where users are seeking support for ransomware attacks. We show that user search behavior and characteristics are correlated with ransomware attacks. We also analyse trends in the temporal and geographical space and validate our findings against publicly available information. Lastly, we do a case study on ‘Nemty’, a popular ransomware, to show that it is possible to derive accurate insights about cyber attacks by query log analysis.

The short paper has been accepted for virtual presentation at SIGIR 2020. [Acceptance Rate ≈ 30%]

Collaborators - Chetan Bansal, Chandra Maddila, Pantazis Deligiannis

Please find all the relevant resources below:

  1. Preprint on ArXiv.
  2. Conference paper along with presentation video.