In recent years, information security incidents about enterprises and government agencies being attacked by ransomware viruses have gradually appeared on the news. Hackers penetrate users' computers through social engineering or insidious methods and encrypt their files by using ransomware viruses. Suppose the victim is eager to restore the files to avoid stagnation of the organization's operations and damage to personal interests. In that case, the ransom payment may be made according to the method specified by the hacker. To reduce damage, gaining response time is the primary goal while attacked by such attacks. Therefore, a real-time dynamic analysis method is required to detect ransomware attacks. Because of the abnormal behaviors of ransomware attacks in the network environment, this research proposes two indicators, that is, the ransom file (RF) and abnormal packets (AP), to detect whether computers are attacked by ransomware and use machine learning algorithms such as decision tree, sequential minimum optimization (SMO) and simple Logistic regression to classify different ransomware according to the two indicators. After 600 rounds of experiments, the results show an average classification accuracy rate of 99.25%, indicating that the proposed method can effectively detect and classify ransomware.