Tracing Ransomware Payments in the Bitcoin Ecosystem
Ransomware can prevent a user from accessing a device and its files until a ransom is paid to the attacker, most frequently in Bitcoin. With over 500 known ransomware families, it has become an important online threat for law enforcement, security professionals and the public.
We present a data-driven method for identifying and gathering information on Bitcoin transactions related to illicit activity based on footprints left on the public Bitcoin blockchain. We implement the method on-top-of the GraphSense open-source platform and apply it to empirically analyze transactions related to 35 ransomware families.
The analyses allow us to estimate the lower bound direct financial impact of each ransomware family and the minimum worth of the market for these 35 families, from 2013 to mid-2017. Security analysts, policy-makers and law enforcement agencies can replicate the method and use the statistics provided in this presentation to understand the size of the illicit market and make informed decisions on how best to address the threat.
Speakers Bio: Masarah Paquet-Clouston is a security researcher at GoSecure, a PhD student at Simon Fraser University in criminology and one of Canada’s decorated 150 scientific innovators. With her background in economics and criminology, she specializes in the study of markets behind illicit online activities. She published in several peer-reviewed journals, such as Social Networks, Global Crime and the International Journal for the Study of Drug Policy, and presented at various international conferences including WEIS, Virus Bulletin, Black Hat Europe, Botconf and the American Society of Criminology.