Studying Ransomware Attacks Using Web Search Logs

Bansal et al. look to see where users seek support after undergoing a ransomware attack. They note that most of the information given to users after an attack is from a private cyber company or on a public database of information—which are often not updated as often as they should to be accurate sources of information for users. To determine how users gain more up-to-date information and from which sources, Bansal et al. mined ransomware related searches from Bing. After classifying this data by search type and user behavior analysis, the authors found that “attacked users generally had a much higher search volume compared to safe users which implies that the more the users search the web, the more likely they are to be attacked” (Bansal et al. 1518). They also analyzed searches of “Nemty”, a Windows malware and found that an increase in searches for how to get the virus off a computer corresponded with attacks before they were reported. As a result, they conclude that governments and private companies can look at search logs to predict and see when big user