Advanced virus known as ransomware has been spreading quickly in recent years, resulting in considerable financial losses for a variety of victims, including businesses, hospitals, and people. Modern host-based detection techniques need to first infect the host in order to spot abnormalities and find the malware. When the system is infected, it can already be too late because some of the assets have been exfiltrated or encrypted by the malware. On the other hand, as most ransomware families attempt to connect to command-and-control servers before to executing their damaging payloads, network-based methods can be helpful in detecting ransomware attacks. Therefore, one of the most important methods for early identification can be a detailed examination of ransomware network activity. This study presents a thorough behavioral analysis of the ransomware LockBit. In early 2022, ransomware, particularly targeting data on endpoints in Indonesia, was enough to horrify the news online. LockBit ransomware is one of the ransomwares that is particularly worrisome in Indonesia, so study is required to combat the ransomware. Static and dynamic analyses are used to study the ransomware; the former involves deciphering the portable executable (PE) file, while the latter involves actually running the ransomware. These analyses will reveal the impurity and resolve of the LockBit ransomware. Examine the running operations, the resources utilized, the network activities the ransomware performed, and the effect it had on the impacted operating system to try to build a scenario for preventative measures. The real effects of the ransomware-as-a-service (Raas) attacks conducted by the LockBit ransomware are demonstrated in this research. In this work, we describe an attribute selection-based system for identifying and avoiding ransomware that uses a variety of machine learning techniques, such as neural network-based frameworks, to classify the malware's security grade. We used a range of machine learning approaches, such as Decision Tree-DT, Random Forest-RF, Naive Bayes-NB, and Logical Regression-LR based classifiers, on a selected set of attributes for ransomware detection. The results of the study demonstrate that the Random-Forest predictor outperformed different classifiers by achieving the best accuracy, precision, recall, and F1-Score.

Ransomeware LockBit, LockBit attacks, Decision Tree, Naïve Bayes, Logistic Regression; Random Forest