Chapter 6: Investigating Good, Known, and Ugly Malware
Yes, we can decrypt a ransomware through PCAP files. However, PCAP should have captured the encryption key. This means that the network should have been in the monitoring state while the ransomware was executed.
A Command and Control may or may not have encryption and encoding. However, beaconing behavior is always present.
All of the above. A banking Trojan can be installed on a system through any means. However, the most common ones are malspam and phishing.