Blockchain’s benefits and advantages have been extensively studied in literature, but far fewer works can be found on the dishonest uses of them. In this paper, we present the first blockchain-based ransomware schemes, which use smart contracts and simple cryptographic primitives to provide a limited degree of automation and fair exchange. Specifically, the use of smart contracts would enable new capabilities for ransomware, such as the possibility of paying for individual files or the refund of the ransom to the victim if the decryption keys are not received within a specified period of time. To demonstrate their feasibility, both technically and economically, these proposals have been implemented in the Ethereum Ropsten test network. The results show that running a full ransomware campaign similar to WannaCry, with more than 300,000 affected users, would have an additional cost of only 3 cents of a dollar per victim. Finally, we show that there are no feasible countermeasures if these schemes are implemented in public blockchains. Therefore, we firmly believe that it is increasingly urgent to recognize and study this matter, in order to create new policies and technical countermeasures.
Read full abstract