A Tale of Two Markets: Investigating the Ransomware Payments Economy
AI-generated Key Points
- Ransomware attacks pose severe threats to governments, critical infrastructure, and corporations
- Collecting and analyzing ransomware data is crucial for designing effective defense mechanisms against these attacks
- Ransomwhere is an open crowdsourced ransomware payment tracker that has been instrumental in gathering information from victims of ransomware attacks
- Ransomwhere has provided valuable insights into the evolving structure of the ransomware payments economy, with over 13.5k ransom payments to more than 87 criminal actors and total payments exceeding $101 million
- Researchers have characterized two parallel markets within the ransomware ecosystem: commodity ransomware and Ransomware as a Service (RaaS)
- There are striking differences between these two markets in terms of how cryptocurrency resources are utilized, revenue per transaction, and ransom laundering efficiency
- It is relatively easy to identify choke points in commodity ransomware payment activity, but more difficult to do so for RaaS
- The study highlights the importance of understanding the evolving nature of the ransomware payments economy and designing effective defense mechanisms against these attacks.
Authors: Kris Oosthoek, Jack Cable, Georgios Smaragdakis
Abstract: Ransomware attacks are among the most severe cyber threats. They have made headlines in recent years by threatening the operation of governments, critical infrastructure, and corporations. Collecting and analyzing ransomware data is an important step towards understanding the spread of ransomware and designing effective defense and mitigation mechanisms. We report on our experience operating Ransomwhere, an open crowdsourced ransomware payment tracker to collect information from victims of ransomware attacks. With Ransomwhere, we have gathered 13.5k ransom payments to more than 87 ransomware criminal actors with total payments of more than $101 million. Leveraging the transparent nature of Bitcoin, the cryptocurrency used for most ransomware payments, we characterize the evolving ransomware criminal structure and ransom laundering strategies. Our analysis shows that there are two parallel ransomware criminal markets: commodity ransomware and Ransomware as a Service (RaaS). We notice that there are striking differences between the two markets in the way that cryptocurrency resources are utilized, revenue per transaction, and ransom laundering efficiency. Although it is relatively easy to identify choke points in commodity ransomware payment activity, it is more difficult to do the same for RaaS.
Ask questions about this paper to our AI assistant
You can also chat with multiple papers at once here.
Assess the quality of the AI-generated content by voting
Score: 0
Why do we need votes?
Votes are used to determine whether we need to re-run our summarizing tools. If the count reaches -10, our tools can be restarted.
The previous summary was created more than a year ago and can be re-run (if necessary) by clicking on the Run button below.
Similar papers summarized with our AI tools
Navigate through even more similar papers through a
tree representationLook for similar papers (in beta version)
By clicking on the button above, our algorithm will scan all papers in our database to find the closest based on the contents of the full papers and not just on metadata. Please note that it only works for papers that we have generated summaries for and you can rerun it from time to time to get a more accurate result while our database grows.
Disclaimer: The AI-based summarization tool and virtual assistant provided on this website may not always provide accurate and complete summaries or responses. We encourage you to carefully review and evaluate the generated content to ensure its quality and relevance to your needs.