26 research outputs found
Ransomware and reputation
open access articleRansomware is a particular form of cyber-attack in which a victim loses access to either his electronic device or files unless he pays a ransom to criminals. A criminal’s ability to make money from ransomware critically depends on victims believing that the criminal will honour ransom payments. In this paper we explore the extent to which a criminal can build trust through reputation. We demonstrate that there are situations in which it is optimal for the criminal to always return the files and situations in which it is not. We argue that the ability to build reputation will depend on how victims distinguish between different ransomware strands. If ransomware is to survive as a long term revenue source for criminals then they need to find ways of building a good reputation
Ransomware Detection Dynamics: Insights and Implications
The rise of ransomware attacks has necessitated the development of effective
strategies for identifying and mitigating these threats. This research
investigates the utilization of a feature selection algorithm for
distinguishing ransomware-related and benign transactions in both Bitcoin (BTC)
and United States Dollar (USD). Leveraging the UGRansome dataset, a
comprehensive repository of ransomware related BTC and USD transactions, we
propose a set of novel features designed to capture the distinct
characteristics of ransomware activity within the cryptocurrency ecosystem.
These features encompass transaction metadata, ransom analysis, and behavioral
patterns, offering a multifaceted view of ransomware-related financial
transactions. Through rigorous experimentation and evaluation, we demonstrate
the effectiveness of our feature set in accurately extracting BTC and USD
transactions, thereby aiding in the early detection and prevention of
ransomware-related financial flows. We introduce a Ransomware Feature Selection
Algorithm (RFSA) based on Gini Impurity and Mutual Information (MI) for
selecting crucial ransomware features from the UGRansome dataset. Insights from
the visualization highlight the potential of Gini Impurity and MI-based feature
selection to enhance ransomware detection systems by effectively discriminating
between ransomware classes. The analysis reveals that approximately 68% of
ransomware incidents involve BTC transactions within the range of 1.46 to 2.56,
with an average of 2.01 BTC transactions per attack. The findings emphasize the
dynamic and adaptable nature of ransomware demands, suggesting that there is no
fixed amount for specific cyberattacks, highlighting the evolving landscape of
ransomware threats
Safeguarding the Evidential Value of Forensic Cryptocurrency Investigations
Analyzing cryptocurrency payment flows has become a key forensic method in
law enforcement and is nowadays used to investigate a wide spectrum of criminal
activities. However, despite its widespread adoption, the evidential value of
obtained findings in court is still largely unclear. In this paper, we focus on
the key ingredients of modern cryptocurrency analytics techniques, which are
clustering heuristics and attribution tags. We identify internationally
accepted standards and rules for substantiating suspicions and providing
evidence in court and project them onto current cryptocurrency forensics
practices. By providing an empirical analysis of CoinJoin transactions, we
illustrate possible sources of misinterpretation in algorithmic clustering
heuristics. Eventually, we derive a set of legal key requirements and translate
them into a technical data sharing framework that fosters compliance with
existing legal and technical standards in the realm of cryptocurrency
forensics. Integrating the proposed framework in modern cryptocurrency
analytics tools could allow more efficient and effective investigations, while
safeguarding the evidential value of the analysis and the fundamental rights of
affected persons