research-article

Open access

A Tale of Two Markets: Investigating the Ransomware Payments Economy

Authors:

Kris Oosthoek,

Jack Cable,

Georgios SmaragdakisAuthors Info & Claims

Communications of the ACM, Volume 66, Issue 8

Pages 74 - 83

https://doi.org/10.1145/3582489

Published: 25 July 2023 Publication History

All formats PDF

Abstract

A data-driven, follow-the-money approach to characterize the ransomware ecosystem uncovers two parallel ransomware criminal markets: commodity ransomware and Ransomware as a Service (RaaS).

References

[1]

2021 Cybersecurity year in review. National Security Agency (2022); https://bit.ly/3NdXRj1.

Google Scholar

[2]

Abrams, L. Dutch supermarkets run out of cheese after ransomware attack. Bleeping Computer, (2021); https://bit.ly/42nTrKS.

Google Scholar

[3]

AT&T Alien Labs Open Threat Exchange. AT&T (2021); https://bit.ly/3qmsZ6V.

Google Scholar

[4]

Berwick, A. and Wilson, T. Crypto giant Binance kept weak money-laundering checks even as it promised tougher compliance, documents show. Reuters (January 21, 2022); https://reut.rs/3OSHDgD.

Google Scholar

[5]

Blockchain attacks on privacy. Bitcoin Wiki; https://en.bitcoin.it/wiki/Privacy.

Google Scholar

[6]

Bunge, J. JBS paid $11 million to resolve ransomware attack. The Wall Street Journal (June 9, 2021); https://on.wsj.com/3qp5DOa.

Google Scholar

[7]

Cable, J. Ransomwhere: A crowdsourced ransomware payment dataset (2022); https://bit.ly/3OSX9Jd.

Google Scholar

[8]

Cimpanu, C. BTC-e founder sentenced to five years in prison for laundering ransomware funds. ZDNet (2021); https://zd.net/43FwSCq.

Google Scholar

[9]

Crystal Expert. Crystal Blockchain (2021); https://bit.ly/42nyjEG.

Google Scholar

[10]

Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). U.S. Cybersecurity and Infrastructure Security Agency (CISA), (2022); https://bit.ly/42nA1pA.

Google Scholar

[11]

Darkmarket: World's largest illegal dark web marketplace taken down. Europol (2021); https://bit.ly/3qxoQx1.

Google Scholar

[12]

Dark Web Monitor. CFLW Cyber Strategies; https://dws.pm/.

Google Scholar

[13]

Department of Justice launches global action against NetWalker Ransomware. U.S. Department of Justice (2021); https://bit.ly/3oWJRAO.

Google Scholar

[14]

Department of Justice seizes $2.3 million in cryptocurrency paid to the ransomware extortionists Darkside. U.S. Department of Justice (2021); https://bit.ly/3IZ1s29.

Google Scholar

[15]

Greenberg, A. The untold story of NotPetya, the most devastating cyberattack in history. Wired (August 22, 2018); https://bit.ly/3NdwKEM.

Google Scholar

[16]

Hern, A. WannaCry, Petya, NotPetya: How ransomware hit the big time in 2017. The Guardian (December 30, 2017); https://bit.ly/45L4bG1.

Google Scholar

[17]

Hogan-Burney, A. How cyberattacks are changing according to new Microsoft Digital Defense Report. Microsoft (October 24, 2021); https://bit.ly/3Cb5vEL.

Google Scholar

[18]

HSE cyber-attack: Irish health service still recovering months after hack. BBC (2021); https://bbc.in/3CcQwtL.

Google Scholar

[19]

Huang, D.Y. et al. Tracking ransomware end-to-end. In 2018 IEEE Symposium on Security and Privacy, IEEE, 618--631.

Google Scholar

[20]

Individual arrested and charged with operating notorious darknet cryptocurrency mixer. U.S. Department of Justice (2021); https://bit.ly/43qsCa3.

Google Scholar

[21]

Kalodner, H. et al. BlockSci: Design and applications of a blockchain analysis platform. In USENIX Security Symposium (2020).

Google Scholar

[22]

Largent, W. Translated: Talos' insights from the recently leaked Conti ransomware playbook. Cisco Talos (2021); https://bit.ly/43HWIpr.

Google Scholar

[23]

Loui, E. and Reynolds, J. CARBON SPIDER embraces big game hunting, Part 2. Crowdstrike (November 4, 2021); https://bit.ly/3NcWO2V.

Google Scholar

[24]

McMillan R. and Poulsen, R. U.S. accuses Russian of money laundering for Ryuk Ransomware Gang. The Wall Street Journal (November 12, 2021); https://on.wsj.com/43renSw.

Google Scholar

[25]

Mitigating malware and ransomware attacks. UK National Cyber Security Centre (2021); https://bit.ly/45GSiRz.

Google Scholar

[26]

Oosthoek, K. and Doerr, C. Cyber security threats to Bitcoin exchanges: Adversary exploitation and laundering techniques. IEEE Transactions on Network and Service Management 18, 2 (2020), 1616--1628.

Google Scholar

[27]

Paquet-Clouston, M., Haslhofer, B., and Dupont, B. Ransomware payments in the Bitcoin ecosystem. J. of Cybersecurity 5, 1 (2019).

Crossref

Google Scholar

[28]

Ransomware Action Plan. Australian Department of Home Affairs (2021); https://bit.ly/3qoQ1dv.

Google Scholar

[29]

Ransomware. Canadian Centre for Cyber Security (2021); https://bit.ly/45PqCd0.

Google Scholar

[30]

Ransomware trends in Bank Secrecy Act data between January 2021 and June 2021. U.S. Department of Treasury Financial Crimes Enforcement Network (2021); https://bit.ly/43FJTvM.

Google Scholar

[31]

Ransomware. U.S. Federal Bureau of Investigation (2021); https://bit.ly/3CdYWRO.

Google Scholar

[32]

Ransomware: What you need to know. Europol (2021); https://bit.ly/3OWxpM1.

Google Scholar

[33]

Romo, V. Panic drives gas shortages after Colonial Pipeline ransomware attack. NPR, (May 11, 2021); https://n.pr/3qqYMUo.

Google Scholar

[34]

Six charged with crimes related to virtual currency exchange business. U.S. Department of Justice (2021); https://bit.ly/3oLzEHB.

Google Scholar

[35]

Swedish Coop supermarkets shut due to US ransomware cyber-attack. BBC (2021); https://bbc.in/3Cam4R0.

Google Scholar

[36]

Threat Landscape Report 2021. European Union Agency for Cybersecurity (ENISA); https://bit.ly/3qrcoPz.

Google Scholar

[37]

Top routinely exploited vulnerabilities. U.S. Cybersecurity and Infrastructure Security Agency (CISA), Alert (AA21-209A). (2021); https://bit.ly/43tllX9.

Google Scholar

[38]

United States files a civil action to forfeit cryptocurrency valued at over one billion U.S. dollars. U.S. Department of Justice (2020); https://bit.ly/3MOiNMh.

Google Scholar

[39]

Seret, T. et al. Take a "NetWalk" on the wild side. McAfee ATR Operational Intelligence Team (August 3, 2020); https://bit.ly/3MRAIS7.

Google Scholar

[40]

The rise of crypto laundries: How criminals cash out of bitcoin. Financial Times (2022); https://on.ft.com/45OpsOZ.

Google Scholar

[41]

Wang, K. et al. A large-scale empirical analysis of ransomware activities in Bitcoin. ACM Transactions on the Web (TWEB) 16, 2 (2021), 1--29.

Google Scholar

[42]

Wannacry money laundering attempt thwarted. BBC (2017); https://bbc.in/42mMN7K.

Google Scholar

Cited By

View all

Tariq M(2024)Enhancing Cybersecurity Protocols in Modern Healthcare SystemsTransformative Approaches to Patient Literacy and Healthcare Innovation10.4018/979-8-3693-3661-8.ch011(223-241)Online publication date: 9-Feb-2024
https://doi.org/10.4018/979-8-3693-3661-8.ch011
Ruellan EPaquet-Clouston MGarcia S(2024)Conti Inc.: understanding the internal discussions of a large ransomware-as-a-service operator with machine learningCrime Science10.1186/s40163-024-00212-y13:1Online publication date: 12-Jun-2024
https://doi.org/10.1186/s40163-024-00212-y
Tufegdžić MMišković ADašić PNedić V(2024)Statistical Modeling of Ransomware Attacks TrendsNew Technologies, Development and Application VII10.1007/978-3-031-66271-3_10(87-97)Online publication date: 28-Jul-2024
https://doi.org/10.1007/978-3-031-66271-3_10
Show More Cited By

Index Terms

A Tale of Two Markets: Investigating the Ransomware Payments Economy
1. Networks
  1. Network properties
    1. Network security
2. Security and privacy
  1. Human and societal aspects of security and privacy
    1. Social aspects of security and privacy
  2. Intrusion/anomaly detection and malware mitigation

Recommendations

Preventing Ransomware: Understand, prevent, and remediate ransomware attacks
Ransomware: Recent advances, analysis, challenges and future research directions
Abstract
The COVID-19 pandemic has witnessed a huge surge in the number of ransomware attacks. Different institutions such as healthcare, financial, and government have been targeted. There can be numerous reasons for such a sudden rise in ...
Anatomy of ransomware malware: detection, analysis and reporting

Rapidly increasing malware samples pose a serious threat to cyber security especially when they are not getting detected by security tools and techniques. Malware writers obfuscate the malware samples to conceal malicious code inside a legitimate ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

Communications of the ACM Volume 66, Issue 8

August 2023

106 pages

ISSN:0001-0782

EISSN:1557-7317

DOI:10.1145/3610954

Editor:
James Larus
Association for Computing Machinery, New York, NY

Issue’s Table of Contents

This work is licensed under a Creative Commons Attribution International 4.0 License.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 25 July 2023

Published in CACM Volume 66, Issue 8

Check for updates

Qualifiers

Research-article

Funding Sources

European Research Council

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

10
Total Citations
View Citations
8,978
Total Downloads

Downloads (Last 12 months)1,217
Downloads (Last 6 weeks)120

Reflects downloads up to 14 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Tariq M(2024)Enhancing Cybersecurity Protocols in Modern Healthcare SystemsTransformative Approaches to Patient Literacy and Healthcare Innovation10.4018/979-8-3693-3661-8.ch011(223-241)Online publication date: 9-Feb-2024
https://doi.org/10.4018/979-8-3693-3661-8.ch011
Ruellan EPaquet-Clouston MGarcia S(2024)Conti Inc.: understanding the internal discussions of a large ransomware-as-a-service operator with machine learningCrime Science10.1186/s40163-024-00212-y13:1Online publication date: 12-Jun-2024
https://doi.org/10.1186/s40163-024-00212-y
Tufegdžić MMišković ADašić PNedić V(2024)Statistical Modeling of Ransomware Attacks TrendsNew Technologies, Development and Application VII10.1007/978-3-031-66271-3_10(87-97)Online publication date: 28-Jul-2024
https://doi.org/10.1007/978-3-031-66271-3_10
Patsakis CArroyo DCasino F(2024)The Malware as a Service EcosystemMalware10.1007/978-3-031-66245-4_16(371-394)Online publication date: 5-Jul-2024
https://doi.org/10.1007/978-3-031-66245-4_16
Meurs TCartwright ECartwright AJunger MHoheisel RTews EAbhishta A(2023)Ransomware Economics: A Two-Step Approach To Model Ransom Paid2023 APWG Symposium on Electronic Crime Research (eCrime)10.1109/eCrime61234.2023.10485506(1-13)Online publication date: 15-Nov-2023
https://doi.org/10.1109/eCrime61234.2023.10485506
Yulianto SSoewito B(2023)Ransomware Resilience: Investigating Organizational Security Culture and Its Impact on Cybersecurity Practices against Ransomware Threats2023 International Conference on Informatics Engineering, Science & Technology (INCITEST)10.1109/INCITEST59455.2023.10396943(1-7)Online publication date: 25-Oct-2023
https://doi.org/10.1109/INCITEST59455.2023.10396943
Oosthoek KVan Staalduinen MSmaragdakis G(2023)Quantifying Dark Web Shops’ Illicit RevenueIEEE Access10.1109/ACCESS.2023.323540911(4794-4808)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3235409
Nazzari M(2023)From payday to payoff: Exploring the money laundering strategies of cybercriminalsTrends in Organized Crime10.1007/s12117-023-09505-1Online publication date: 20-Sep-2023
https://doi.org/10.1007/s12117-023-09505-1
Patsakis CPolitou EAlepis EHernandez-Castro J(2023)Cashing out crypto: state of practice in ransom paymentsInternational Journal of Information Security10.1007/s10207-023-00766-z23:2(699-712)Online publication date: 13-Oct-2023
https://dl.acm.org/doi/10.1007/s10207-023-00766-z
Meurs TCartwright ECartwright A(2023)Double-Sided Information Asymmetry in Double Extortion RansomwareDecision and Game Theory for Security10.1007/978-3-031-50670-3_16(311-328)Online publication date: 18-Oct-2023
https://dl.acm.org/doi/10.1007/978-3-031-50670-3_16

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Digital Edition

View this article in digital edition.

Digital Edition

Magazine Site

View this article on the magazine site (external)

Magazine Site

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

References

Cited By

Index Terms

Recommendations

Preventing Ransomware: Understand, prevent, and remediate ransomware attacks

Ransomware: Recent advances, analysis, challenges and future research directions

Anatomy of ransomware malware: detection, analysis and reporting

Comments

Information

Published In

Publisher

Publication History

Check for updates

Qualifiers

Funding Sources

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

PDF

eReader

Digital Edition

Magazine Site

Get Access

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations