Jurnal Institusi
Copyright (c) 2023 Digital Zone: Jurnal Teknologi Informasi dan Komunikasi
Ransomware is a dangerous malware that blocks access to data through encryption, and it exploits device vulnerabilities to perform chain attacks from one system to another. This study results in modeling the threat of ransomware attacks using Bayesian Network. The structure of the model is created using device vulnerabilities that can be exploited. As the basis for calculating the probability of the model, the EPSS vulnerability score is used. The risk exposure rating is calculated through the joint probability distribution formulation based on attack scenarios. Our model shows that ransomware attacks are most likely to exploit the chain of vulnerabilities CVE-2021-26855, CVE-2021-26857, CVE-2021-27065, CVE-2021-36942, and CVE-2017-0144 which has a probability value of 0.046534. In addition, the use of the EPSS also makes the risk assessment more factual, accurate, and effective. The threat modeling method can help in identifying ransomware attacks through a chain of vulnerabilities, making risk assessment more precise.
Digital Zone: Jurnal Teknologi Informasi dan Komunikasi; Vol. 14 No. 1 (2023): Digital Zone: Jurnal Teknologi Informasi dan Komunikasi ; 43-56
Penerbit: Publisher: Fakultas Ilmu Komputer, Institution: Universitas Lancang Kuning