Exposed: The Path of Ransomware Payments

by NYU Tandon School of engineering, ECN Magazine

The murky ecosystem of ransomware payments comes into focus in new research led by Damon McCoy, an assistant professor of computer science and engineering at the NYU Tandon School of Engineering. Ransomware attacks, which encrypt and hold a computer user’s files hostage in exchange for payment, extort millions of dollars from individuals each month, and comprise one of the fastest-growing forms of cyber attack.

In a paper slated for presentation at the IEEE Symposium on Security and Privacy in May, McCoy and a team including researchers from the University of California, San Diego; Princeton University; Google; and the blockchain analytics firm Chainalysis provide the first detailed account of the ransomware payment ecosystem, from initial attack to cash-out.

The researchers found that South Koreans are disproportionately impacted by ransomware campaigns, with $2.5 million of the $16 million in ransomware payments tracked in the study having been paid in South Korea. The team also learned that most ransomware operators used BTC-E, a Russian bitcoin exchange that has been seized by the U.S. Federal Bureau of Investigation, to convert bitcoin to fiat currencies.

The researchers estimate that at least 20,000 individuals have made ransomware payments over the past two years. The team utilized the public nature of bitcoin blockchain technology to trace ransomware payments over two years, and executed real ransomware binaries in a controlled experimental environment, essentially becoming victims themselves and making micropayments to actual ransom wallets to follow the bitcoin trail.  Full report.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.