Ransomware is a malware that is able not only to disrupt normal behavior of a system, but the most sophisticated ransomware can attack entire networks, leading to service interruption mainly due to data encryption that makes data useless, which means a loss of money for a company most of the time. Having backups is extremely important, but we want to be able not only to recover from the issue, but also to detect the attack as soon as possible and to stop it. Since ransomware leave traces in the network, we want to exploit this in order to perform the actual detection.