NASTYWARE

NASTYWARE subproject concerns identifying ransomware behavior since the initial access, passing throughout the persisting in the network hosts to the effectively dispatching the attack. We collect the most common ransomware families, trace their execution on logs, and analyze them statically and dynamically. Understanding the whole chain of events, we can provide protection and forecasting of ongoing threats. Anomaly detection plays a crucial role in this context by helping to identify zero-day behavior.