4. Yes, we can decrypt a ransomware through PCAP files. However, PCAP should have captured the encryption key. This means that the network should have been in the monitoring state while the ransomware was executed.
5. A Command and Control may or may not have encryption and encoding. However, beaconing behavior is always present.
6. All of the above. A banking Trojan can be installed on a system through any means. However, the most common ones are malspam and phishing.