【Author】
Huang, Danny Yuxing; Aliapoulios, Maxwell Matthaios; Li, Vector Guo; Invernizzi, Luca; McRoberts, Kylie; Bursztein, Elie; Levin, Jonathan; Levchenko, Kirill; Snoeren, Alex C.; McCoy, Damon
【Source】2018 IEEE SYMPOSIUM ON SECURITY AND PRIVACY (SP)
【Abstract】Ransomware is a type of malware that encrypts the files of infected hosts and demands payment, often in a cryptocurrency such as Bitcoin. In this paper, we create a measurement framework that we use to perform a large-scale, two-year, end-to-end measurement of ransomware payments, victims, and operators. By combining an array of data sources, including ransomware binaries, seed ransom payments, victim telemetry from infections, and a large database of Bitcoin addresses annotated with their owners, we sketch the outlines of this burgeoning ecosystem and associated third-party infrastructure. In particular, we trace the financial transactions, from the moment victims acquire bitcoins, to when ransomware operators cash them out. We find that many ransomware operators cashed out using BTC-e, a now-defunct Bitcoin exchange. In total we are able to track over $16 million in likely ransom payments made by 19,750 potential victims during a two-year period. While our study focuses on ransomware, our methods are potentially applicable to other cybercriminal operations that have similarly adopted Bitcoin as their payment channel.
【摘要】勒索软件是一种恶意软件,会对受感染主机的文件进行加密,并要求支付,通常使用比特币等加密货币。在本文中,我们创建了一个测量框架,用于对勒索软件支付、受害者和运营商进行为期两年的大规模端到端测量。通过结合一系列数据源,包括勒索软件二进制文件、种子赎金支付、感染受害者遥测,以及一个带有其所有者注释的比特币地址的大型数据库,我们勾勒出了这个蓬勃发展的生态系统和相关的第三方基础设施的轮廓。特别是,我们追踪金融交易,从受害者获得比特币的那一刻,到勒索软件运营商兑现比特币的那一刻。我们发现,许多勒索软件运营商使用BTC-e兑现,一个现已关闭的比特币交易所。我们总共能追踪到19750名潜在受害者在两年内支付的超过1600万美元的可能赎金。虽然我们的研究重点是勒索软件,但我们的方法可能也适用于其他类似地采用比特币作为支付渠道的网络犯罪活动。
评论