Ransomware can prevent a user from accessing a device and its files until a ransom is paid to the attacker, most frequently in Bitcoin. With over 500 known ransomware families, it has become one of the dominant cybercrime threats for law enforcement, security professionals and the public. However, a more comprehensive, evidence-based picture on the global direct financial impact of ransomware attacks is still missing. In this paper, we present a data-driven method for identifying and gathering information on Bitcoin transactions related to illicit activity based on footprints left on the public Bitcoin blockchain. We implement this method on-top-of the GraphSense open-source platform and apply it to empirically analyze transactions related to 35 ransomware families. We estimate the lower bound direct financial impact of each ransomware family and find that, from 2013 to mid-2017, the market for ransomware payments has a minimum worth of USD 12,768,536 (22,967.54 BTC). We also find that the market is highly skewed with only a few number of players responsible for the majority of the payments. Based on these research findings, policy-makers and law enforcement agencies can use the statistics provided to understand the size of the illicit market and make informed decisions on how best to address the threat.
This article explores the social and market dynamics of Darkode, an invitation-only cybercrime forum that was dismantled by the FBI in July 2015 and was described by a U.S. Attorney as “the most sophisticated English-speaking forum for criminal computer hackers in the world.” Based on a leaked database of 4,788 discussion threads, we examine the selection process through which 344 potential new members introduced themselves to the community in order to be accepted into this exclusive group. Using a qualitative approach, we attempt to assess whether this rigorous procedure significantly enhanced the trust between traders, and therefore, contributed to the efficiency of this online illicit marketplace. We find that trust remained elusive and interactions were often fraught with suspicion and accusations. Even hackers who were considered successful faced significant challenges in trying to profit from the sale of malicious software and stolen data.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.