Ransomware and reputation

open access articleRansomware is a particular form of cyber-attack in which a victim loses access to either his electronic device or files unless he pays a ransom to criminals. A criminal’s ability to make money from ransomware critically depends on victims believing that the criminal will honour ransom payments. In this paper we explore the extent to which a criminal can build trust through reputation. We demonstrate that there are situations in which it is optimal for the criminal to always return the files and situations in which it is not. We argue that the ability to build reputation will depend on how victims distinguish between different ransomware strands. If ransomware is to survive as a long term revenue source for criminals then they need to find ways of building a good reputation

Ransomware Detection Dynamics: Insights and Implications

The rise of ransomware attacks has necessitated the development of effective strategies for identifying and mitigating these threats. This research investigates the utilization of a feature selection algorithm for distinguishing ransomware-related and benign transactions in both Bitcoin (BTC) and United States Dollar (USD). Leveraging the UGRansome dataset, a comprehensive repository of ransomware related BTC and USD transactions, we propose a set of novel features designed to capture the distinct characteristics of ransomware activity within the cryptocurrency ecosystem. These features encompass transaction metadata, ransom analysis, and behavioral patterns, offering a multifaceted view of ransomware-related financial transactions. Through rigorous experimentation and evaluation, we demonstrate the effectiveness of our feature set in accurately extracting BTC and USD transactions, thereby aiding in the early detection and prevention of ransomware-related financial flows. We introduce a Ransomware Feature Selection Algorithm (RFSA) based on Gini Impurity and Mutual Information (MI) for selecting crucial ransomware features from the UGRansome dataset. Insights from the visualization highlight the potential of Gini Impurity and MI-based feature selection to enhance ransomware detection systems by effectively discriminating between ransomware classes. The analysis reveals that approximately 68% of ransomware incidents involve BTC transactions within the range of 1.46 to 2.56, with an average of 2.01 BTC transactions per attack. The findings emphasize the dynamic and adaptable nature of ransomware demands, suggesting that there is no fixed amount for specific cyberattacks, highlighting the evolving landscape of ransomware threats

Safeguarding the Evidential Value of Forensic Cryptocurrency Investigations

Analyzing cryptocurrency payment flows has become a key forensic method in law enforcement and is nowadays used to investigate a wide spectrum of criminal activities. However, despite its widespread adoption, the evidential value of obtained findings in court is still largely unclear. In this paper, we focus on the key ingredients of modern cryptocurrency analytics techniques, which are clustering heuristics and attribution tags. We identify internationally accepted standards and rules for substantiating suspicions and providing evidence in court and project them onto current cryptocurrency forensics practices. By providing an empirical analysis of CoinJoin transactions, we illustrate possible sources of misinterpretation in algorithmic clustering heuristics. Eventually, we derive a set of legal key requirements and translate them into a technical data sharing framework that fosters compliance with existing legal and technical standards in the realm of cryptocurrency forensics. Integrating the proposed framework in modern cryptocurrency analytics tools could allow more efficient and effective investigations, while safeguarding the evidential value of the analysis and the fundamental rights of affected persons