Abstract:

Despite businesses taking severe measures to maintain the highest security levels in their cyberspace, the possibility of a cyberattack still exists. Currently, ransomware attacks represent the most common type of cybercrime. Hackers can quickly overcome an organization's cyber defenses, compromise its cyberspace, and profit significantly in the process. Ransomware attacks expose businesses to major technical, operational, and financial disruptions, resulting in revenue losses and potentially leading to customer attrition and loss of future business opportunities due to damage to the company’s image. The least expensive solution in ransomware attacks is to pay the ransom to regain control over the compromised cyberspace; however, this approach does not guarantee the restoration of data. Cyber threat intelligence (CTI) is an essential and effective tool for defending against ransomware attacks targeting organizations and businesses. This study defines a cyber defense strategy for ransomware attacks using CTI tools based on information collected from a Saudi organization, Key Car Rental. It evaluates the effectiveness of these CTI tools in detecting ransomware attacks and how they enhance situational awareness by proactively integrating threat information.