Examining Ransomware Payments From a Data-Science Lens

In partnership with: Erin Burns, Eireann Leverett of Waratah Analytics

Ransomware has come a long way since the Internet’s pre-cryptocurrency days. The advent of cryptocurrency was an important turning point in the evolution of this cyberthreat, as malicious actors are now no longer confined to available local or regional payment options when collecting ransom payments.

The operation costs and monetization models of a ransomware group can be telling of its persistence methods, the tactics, techniques, and procedures (TTPs) in its arsenal, and the qualifications of its members — all valuable insights for defenders if they are to mount a defense strategy that can hold out against increasingly sophisticated ransomware attacks. Previously, we explored how analyzing CVE data through data-science approaches can guide cybersecurity teams’ patching priorities — one of many data sources that organizations can turn to as a means of understanding the inner workings of the ransomware ecosystem. In this entry, we discuss case studies that demonstrated how data-science techniques were applied in our investigation of ransomware groups’ ransom transactions, as detailed in our joint research with Waratah Analytics, “What Decision-Makers Need to Know About Ransomware Risk.”

Ransomware groups profile potential victims to calculate the ransom amount

Several factors contribute to the ransom amount that attackers initially demand from their victims and later, over the course of negotiations with them, the minimum amount for which malicious actors are willing to settle. The victim’s revenue is one of the attacker’s top considerations. Based on Conti’s leaked

Read more

Explore the site

More from the blog

Latest News