This document discusses how wire data analytics can be used to detect ransomware infections on a network. It explains that wire data contains information within network packet headers and payloads that can reveal the source of ransomware infections in real-time. Specific wire data sources like IDS events, user complaints of blocked files or strange desktop messages can indicate an infection. The document also describes how ransomware most commonly enters networks through phishing emails and recommends Langaurdian as a wire data analytics tool that can log and report on activity by IP address and user to investigate ransomware infections.