Estimation of ransomware payments in Bitcoin ecosystem

Abstract

Ransomware is one of the malicious software that is designed to prevent access to computer system until a sum of money is paid by the victim to the attacker. During the infection, the computer will either be locked, or the data will be encrypted. Ransoms are often demanded in Bitcoin, a largely anonymous Cryptocurrency. All transactions are recorded in the blockchain and verified by peer-to-peer networks. This paper investigation collects ten recent ransomware families, which use bitcoin as a payment for their ransom. In conjunction, we identified, collected and analysed Bitcoin addresses of users combining information from a clustering model and the blockchain. We used a heuristic clustering algorithm to reveal the hidden node's payment of ransomware. Finally, we demonstrated the characteristics of ransomware encryption mechanisms that include a view of the infected process and its execution, and the distinctive demands of ransom

    Similar works