Abstract

PurposeThis paper aims to demonstrate the utility of a target-centric approach to intelligence collection and analysis in the prevention and investigation of ransomware attacks that involve cryptocurrencies. The paper uses the May 2017 WannaCry ransomware usage of the Bitcoin ecosystem as a case study. The approach proves particularly beneficial in facilitating information sharing and an integrated analysis across intelligence domains.Design/methodology/approachThis study conducted data collection and analysis of the component Bitcoin elements of the WannaCry ransomware attack. A note of both technicalities of Bitcoin operations and current models for sharing cyber intelligence was made. Our analysis builds on and further develops current definitions and strategies for sharing cyber threat intelligence. It uses the problem definition model (PDM) and generic target network model (TNM) to create an analytic framework for the WannaCry ransomware attack scenario, allowing analysts the ability to test their hypotheses and integrate and share data for collaborative investigation.FindingsUsing a target-centric intelligence approach to WannaCry 2.0 shows that it is possible to model the intelligence problem of collecting and analysing data related to inflows and outflows of Bitcoin-related ransomware transactions. Bitcoin transactions form graph networks and allow to build a target network model for collecting, analysing and sharing intelligence with multiple stakeholders. Although attribution and anonymity prevail under cryptocurrency usage, there is a means for developing transaction walks using this method to target nefarious cryptocurrency exchanges where criminals are inclined to cash out their proceeds of crime.Originality/valueThe application of a target-centric intelligence approach to the cryptocurrency components of a ransomware attack provides a framework for intelligence units to break down the problem in the financial domain and model the network behaviour of illicit Bitcoin transactions relating to ransomware.

Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Ransomware Attack: India Issues Red Alert
Simran Sabharwal ... Shilpi Sharma
-
Simran Sabharwal, et. al.Simran Sabharwal ... Shilpi Sharma
17 Jul 2019
High Performance Classification Model to Identify Ransomware Payments for Heterogeneous Bitcoin Networks
Abdulaziz A Alsulami ... Qasem Abu Al-Haija
Electronics | VOL. 10
Abdulaziz A Alsulami, et. al.Abdulaziz A Alsulami ... Qasem Abu Al-Haija
31 Aug 2021
A Comprehensive Detection Approach of Wannacry: Principles, Rules and Experiments
Guohang Lu ... Yifei Chen
-
Guohang Lu, et. al.Guohang Lu ... Yifei Chen
01 Oct 2020
NHS WannaCry Ransomware Attack: Technical Explanation of The Vulnerability, Exploitation, and Countermeasures
Ghassan Samara ... Ayoub Alsarhan
-
Ghassan Samara, et. al.Ghassan Samara ... Ayoub Alsarhan
06 Nov 2022
View more papers

More From: Journal of Money Laundering Control

Paper Title
Journal
Date
Author
Identifying transaction laundering red flags and strategies for risk mitigation
Chandan Saxena
Journal of Money Laundering Control | VOL. -
Chandan SaxenaChandan Saxena
27 May 2024
FIU operational effectiveness – findings and observations from the Asian Development Bank perspective
Cheong-Ann Png
Journal of Money Laundering Control | VOL. -
Cheong-Ann PngCheong-Ann Png
07 May 2024
Painting the picture: why art dealers should be added to Australia’s designated non-financial businesses and professions definition
Sophie Martin
Journal of Money Laundering Control | VOL. -
Sophie MartinSophie Martin
30 Apr 2024
Towards definitive categories for online video game money laundering
James Higgs ... Stephen Flowerday
Journal of Money Laundering Control | VOL. -
James Higgs, et. al.James Higgs ... Stephen Flowerday
29 Apr 2024
View more papers