This demo shows the power of using KeyLines combos with the time bar.

The data1 contains details of the top three ransomware families from January to April 2016. The chart starts with a high-level view of the data, with connections between:

• combos containing malware hosts for each family
• combos containing IP addresses registered in countries from which the attacks originated

Reducing clutter with combos

This is a large, complex dataset, yet the combos feature means the chart remains clean, uncluttered and easy to interact with. The detail is there when you want it, giving immediate insight by revealing malware host details. To compare how much harder it’d be to understand the data without combos, try selecting and then uncombining items.

Filtering time-based data

The histogram shows at a glance the level of ransomware activity at certain points in time. The time bar selection line compares the activity of an item selected in the chart against total activity. You can also zoom in to the time bar to filter the hosts, ransomware families and countries that were active at a particular time.

About ransomware

Ransomware is a type of malware that holds a victim's computer "hostage", typically by encrypting data and then demanding payment to receive a decryption key. The number of attacks continues to grow significantly year on year, with increasingly sophisticated attack vectors and distribution methods.

1 Ransomware Tracker hosted on abuse.ch.

Key functions used:

• chart.filter
• chart.selection
• chart.combo().combine
• chart.combo().isCombo
• chart.combo().uncombine
• chart.graph().neighbours
• timebar.inRange
• Chart Events
  • 'selection-change'
• Time bar Events
  • 'change'