This research introduces a machine learning approach to detect crypto ransomware on Windows devices.
The model leverages static and behavioral features to achieve early detection, preventing data encryption and minimizing system downtime.

ABSTRACT Ransomware is one of the most significant threats to corporate and individual Internet users today. Especially Crypto-ransomware, which encrypts crucial user data and can only be unlocked if a ransom is paid. Therefore, it is urgently necessary to develop efficient and effective countermeasures. Due to the ongoing and expensive nature of this danger, both academia and industry have been working to create methods for detecting and recovering from ransomware attacks. This study focuses on crypto-ransomware as the most common, harmful, and difficult variant. The early detection of these assaults is necessary due to the catastrophic damage crypto-ransomware causes. This study developed a machine learning-based crypto-ransomware early detection model for Windows devices (being the most widely used operating system). Random forest and K-Nearest Neighbor (KNN), two supervised machine learning algorithms, were used in this study to train and test the model’s performance. To train and test the model using random forest and KNN algorithms, 62485 samples dataset were employed, of which 35367 were malware samples and 27118 were benign. The experimental evaluation showed that the suggested strategy could detect crypto-ransomware with a high level of accuracy of 99.96%.