Search results

This paper aims to demonstrate the utility of a target-centric approach to intelligence collection and analysis in the prevention and investigation of ransomware attacks that involve cryptocurrencies. The paper uses the May 2017 WannaCry ransomware usage of the Bitcoin ecosystem as a case study. The approach proves particularly beneficial in facilitating information sharing and an integrated analysis across intelligence domains.

This study conducted data collection and analysis of the component Bitcoin elements of the WannaCry ransomware attack. A note of both technicalities of Bitcoin operations and current models for sharing cyber intelligence was made. Our analysis builds on and further develops current definitions and strategies for sharing cyber threat intelligence. It uses the problem definition model (PDM) and generic target network model (TNM) to create an analytic framework for the WannaCry ransomware attack scenario, allowing analysts the ability to test their hypotheses and integrate and share data for collaborative investigation.

Using a target-centric intelligence approach to WannaCry 2.0 shows that it is possible to model the intelligence problem of collecting and analysing data related to inflows and outflows of Bitcoin-related ransomware transactions. Bitcoin transactions form graph networks and allow to build a target network model for collecting, analysing and sharing intelligence with multiple stakeholders. Although attribution and anonymity prevail under cryptocurrency usage, there is a means for developing transaction walks using this method to target nefarious cryptocurrency exchanges where criminals are inclined to cash out their proceeds of crime.

The application of a target-centric intelligence approach to the cryptocurrency components of a ransomware attack provides a framework for intelligence units to break down the problem in the financial domain and model the network behaviour of illicit Bitcoin transactions relating to ransomware.

The purpose of this paper is to investigate the impact of ransomware cyber-attacks “WannaCry” and “Petya” on stock prices of publicly traded companies in the European Union. The study analyses a set of case studies related to largest recent cybercrime events, which happened in the first half of 2017. The study answers two questions, what is the impact of cybercrime to public companies? How do cybercrime announcements and publications affect stock prices?

Using archival financial data, an event study methodology was used to assess the impact of cybercrime activity on market value of European companies affected during WannaCry and Petya ransomware attacks in 2017.

The results suggest that announcements of information breaches because of ransomware exploits have impact on stock market returns. There is evidence of positive investors` reactions to the announcements. Specifically, there was little impact of “Wannacry” ransomware attack on market returns. Although stock market reactions differ by the sector, the market was positively affected in general. Our analysis of the impact of the more aggressive “Petya attack,” aimed at destroying affected data found evidence that such information security breach leads to increased market returns. There were significant abnormal returns starting from the third day of the announcement. These findings contradict previous results and the literature related to the impact of cyber-attacks.

Contrary to previous findings, the results suggest that ransomware attacks lead to positive market returns. However, cybercrime and other types of cyber-attacks pose serious threats whose implications deserve further investigation. Different attacks may have different consequences and could be potentially damaging to a firm’s reputation. Thus, it is necessary for companies to avoid becoming victim of cybercrime. Information systems should be continuously monitored for vulnerabilities.

The purpose of this paper is to investigate available forensic data on the Bitcoin blockchain to identify typical transaction patterns of ransomware attacks. Specifically, the authors explore how distinct these patterns are and their potential value for intelligence exploitation in support of countering ransomware attacks.

The authors created an analytic framework – the Ransomware–Bitcoin Intelligence–Forensic Continuum framework – to search for transaction patterns in the blockchain records from actual ransomware attacks. Data of a number of different ransomware Bitcoin addresses was extracted to populate the framework, via the WalletExplorer.com programming interface. This data was then assembled in a representation of the target network for pattern analysis on the input (cash-in) and output (cash-out) side of the ransomware seed addresses. Different graph algorithms were applied to these networks. The results were compared to a “control” network derived from a Bitcoin charity.

The findings show discernible patterns in the network relating to the input and output side of the ransomware graphs. However, these patterns are not easily distinguishable from those associated with the charity Bitcoin address on the input side. Nonetheless, the collection profile over time is more volatile than with the charity Bitcoin address. On the other hand, ransomware output patterns differ from those associated charity addresses, as the attacker cash-out tactics are quite different from the way charities mobilise their donations. We further argue that an application of graph machine learning provides a basis for future analysis and data refinement possibilities.

Limitations are evident in the sample size of data taken on ransomware campaigns and the “control” subject. Further analysis of additional ransomware campaigns and “control” subjects over time would help refine and validate the preliminary observations in this paper. Future research will also benefit from the application of more powerful computing resources and analytics platforms that scale with the amount of data being collected.

This research contributes to the maturity of the field by analysing ransomware-Bitcoin behaviour using the Ransomware–Bitcoin Intelligence–Forensic Continuum. By combining several different techniques to discerning patterns of ransomware activity on the Bitcoin network, it provides insight into whether a ransomware attack is occurring and could be used to trigger alerts to seek additional evidence of attack, or could corroborate other information in the system.

The purpose of this paper is to show how global regulation of cryptocurrencies and other cybercurrencies can assist in addressing the challenges of attribution when investigating ransomware attacks and other types of cybercrime using these payment methods.

A literature review, looking at current academic research and discourse on the topic cryptocurrency regulation, is conducted to highlight current thinking and perceived difficulties in implanting a global regulatory framework. In addition, the research explores how governments have addressed the risks posed by cryptocurrencies and how regulation has been implemented. The research focuses on the regulatory approaches of Australia, Europe and the Americas to determine whether they could feasibly address the risks posed by cryptocurrencies and be implemented on a global scale.

To date, few sustained efforts have been made to regulate Bitcoin or other cybercurrencies. Where regulation has been introduced, it has often proven too costly to implement, thereby, stifling Bitcoin industry growth, or too ad hoc to function effectively. These regulatory pitfalls are substantiated by the continuing difficulty faced by law enforcement agencies, in identifying individual Bitcoin users and separating those that are using them for nefarious purposes from those that are using them for legitimate ones. These challenges appear to grow exponentially when it comes to prosecuting criminals for Bitcoin-related offences, due to the enormous lack of agreement within the justice system of most countries as to the appropriate legal definition for Bitcoin. This research highlights three characteristics that will be vital to the success of any global regulatory framework. These are consistency, clarity and cost-effective implementation. A regulatory framework for Bitcoin that lacks any one of these elements will fail to meet the requirements of every stakeholder in the regulatory process. A framework that is too costly to implement will stifle fintech innovation, subsequently depriving national economies of the multitude of potential benefits promised by fostering fintech entrepreneurship. Equally, a framework that is inconsistent will hamper the global cooperation necessary to combat Bitcoin-related crime.

This research evaluates research, discourse and regulatory responses from academic and governmental sources and discusses how a global response to cryptocurrency regulation will help address the growing problem of attribution when it comes to ransomware attacks, which has experienced a considerable spike in recent months.