This study examines on the abnormal behaviors exhibited by ransomware attacks in network environments. We proposed two features based on the number of network packets containing ransomware-associated files and the instances of access being denied to shared files, to detect whether computers within the same local area network are under attack from ransomware. The two features are further trained by various machine learning algorithms, such as decision trees, sequential minimal optimization, and simple logistic regression, to classify different types of ransomware. The experiment employs three well-known ran-somware families: WannaCry, Conti, and Maze. After 600 experiments, the results show that the average classification accuracy rate exceeds 99.25%, proving the effectiveness of the proposed method in detecting and classifying ransomware.