Ransomware attacks continue to pose a significant threat to cybersecurity, with increasingly sophisticated variants evading traditional detection methods. A novel dual-layer clustering approach has been developed that integrates both opcode similarity and network traffic behavior, providing a more accurate and comprehensive framework for ransomware classification. The method leverages static code analysis and dynamic network monitoring to improve detection, effectively capturing both structural and behavioral traits of ransomware samples. Through this dual-layer analysis, the system achieves enhanced classification accuracy, outperforming single-dimensional methods in identifying known and emerging ransomware variants. The results demonstrate the scalability and robustness of the approach, making it particularly suitable for automated malware analysis systems and large-scale cybersecurity frameworks. The findings suggest practical applications in security operation centers, where rapid and reliable ransomware detection is crucial for preventing widespread damage.