Ransomware Attacks Threat Modeling Using Bayesian Network

Abstract

Ransomware is a dangerous malware that blocks access to data through encryption, and it exploits device vulnerabilities to perform chain attacks from one system to another. This study results in modeling the threat of ransomware attacks using Bayesian Network. The structure of the model is created using device vulnerabilities that can be exploited. As the basis for calculating the probability of the model, the EPSS vulnerability score is used. The risk exposure rating is calculated through the joint probability distribution formulation based on attack scenarios. Our model shows that ransomware attacks are most likely to exploit the chain of vulnerabilities CVE-2021-26855, CVE-2021-26857, CVE-2021-27065, CVE-2021-36942, and CVE-2017-0144 which has a probability value of 0.046534. In addition, the use of the EPSS also makes the risk assessment more factual, accurate, and effective. The threat modeling method can help in identifying ransomware attacks through a chain of vulnerabilities, making risk assessment more precise.