ARCHIVES

The increasing evolution of ransomware attacks has created significant challenges for traditional cybersecurity systems that rely primarily on signature-based detection and manual incident response mechanisms. According to the National Institute of Standards and Technology (NIST) Special Publication 1800-26, maintaining data integrity through timely detection and response is critical for minimizing organizational downtime and preventing data corruption caused by ransomware and other destructive events. Inspired by the NIST data integrity and ransomware response framework, this paper presents an intelligent and automated Ransomware Threat Detection and Response System designed to identify ransomware behaviour in real time and minimize data loss through rapid containment actions. The proposed framework integrates Wazuh for continuous system monitoring, behavioural analysis, log correlation, and threat detection with Python-based automated response mechanisms. The system continuously monitors critical indicators such as abnormal file modifications, suspicious process execution, unusual CPU and memory utilization, and shadow copy deletion attempts. Upon detecting ransomware-like activity, automated response actions including malicious process termination, network isolation, alert generation, and system containment are executed instantly to prevent further encryption and propagation. The framework is deployed in a virtualized environment consisting of Ubuntu Server, Windows client systems, and Kali Linux attack simulation machines to evaluate real-world attack scenarios safely. Experimental results demonstrate that the proposed behaviour-based approach effectively detects ransomware activity at early stages with faster response times and reduced system impact compared to conventional reactive security solutions. The proposed system offers a scalable, lightweight, and cost-effective cybersecurity solution suitable for academic, enterprise, and small-scale organizational environments.