Modeling Ransomware Spreading by a Dynamic Node-Level Method

Abstract

Ransomware attacks are becoming increasingly sophisticated, more damaging to victims and more challenging to prevent. In this paper, a dynamic modelling method is used to study the spreading behaviors of ransomware. The dynamic state of each network node is assumed to be statistically dependent of the states of its neighboring nodes. By incorporating the full topology of the propagating network via its adjacent matrix, a novel node-based model is developed which is also suitable over generic connected networks. The dynamics of the model is theoretically analyzed. Especially, the global stability of its trivial equilibrium is theoretically confirmed depending on a sufficient condition including the leading eigenvalue of the adjacent matrix. We also present results from extensive numerical simulations designed for some specific networks, exhibiting different dynamic properties over distinct networks. Consequently, we suggest that ransomware spreading can be availably contained by properly adjusting the network structure so that its largest eigenvalue satisfies the desired requirement.