Tracking desktop ransomware payments end to end Tracking desktop ransomware payments end to end
  1. publications
  2. security

Tracking desktop ransomware payments end to end

Available Media

Publication (Pdf)

ConferenceSecurity and Privacy
AuthorsDanny Yuxing Huang , Maxwell Aliapoulios , Vector Guo ,
Citation

Bibtex Citation

@inproceedings{ YUXING HUANG2018TRACKING,title = {Tracking desktop ransomware payments end to end },author = {"Danny, Yuxing Huang" and "Maxwell, Aliapoulios" and "Vector, Guo" and "Luca, Invernizzi" and "Kylie, McRoberts" and "Elie, Bursztein" and "Jonathan, Levin" and "Kirill, Levchenko" and "Alex, C. Snoeren" and "Damon, McCoy"},booktitle = {Security and Privacy},year = {2018},organization = {IEEE}}

Ransomware is a type of malware that encrypts the files of infected hosts and demands payment, often in a crypto-currency such as Bitcoin. In this paper, we create a measurement framework that we use to perform a large-scale, two-year, end-to-end measurement of ransomware payments, victims, and operators. By combining an array of data sources, including ransomware binaries, seed ransom payments, victim telemetry from infections, and a large database of Bitcoin addresses annotated with their owners, we sketch the outlines of this burgeoning ecosystem and associated third-party infrastructure.

In particular, we trace the financial transactions, from the moment victims acquire bitcoins, to when ransomware operators cash them out. We find that many ransomware operators cashed out using BTC-e, a now-defunct Bitcoin exchange. In total we are able to track over $16 million in likely ransom payments made by 19,750 potential victims during a two-year period.

While our study focuses on ransomware, our methods are potentially applicable to other cybercriminal operations that have similarly adopted Bitcoin as their payment channel.

Recent

newsletter signup slide

Get cutting edge research directly in your inbox.

newsletter signup slide

Get cutting edge research directly in your inbox.