Abstract
This chapter explores the underlying economics of cybercrime. The chapter begins by examining how cybercrime syndicates adapt to changing market conditions. This following section of the chapter explores how ransomware demonstrates the ability to monetise both valuable and innocuous data. The chapter then moves forward to discuss how Internet marketplaces have changed the dynamic for criminal activities and why some cybercriminals are shifting their focus to ransomware. It explores why cybercriminals have become more focused on holding files hostage for money than on unleashing stolen data to the black market (Parrish 2018). The final section of the chapter examines what are cryptocurrencies and what impact they have in ransomware attacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Note: Data analytics tools may provide significant improvements in analysing known data sets. An example of this would be analysing internal company financial records for theft or fraudulent transactions. However, currently, these data analytics tools cannot be (or fully) applied to analyse transactions and exchanges between all known fiat currencies and cryptocurrencies. This indicates that attackers retain an advantage when utilising automated (scripted) transfers across multiple currencies and cryptocurrencies to launder illicit funds.
- 2.
Note: This practice is not dissimilar to stolen property in the physical world. Due to the attention the property (coins) will draw from law enforcement, this increases the risk associated with the exchange. For accepting this burden, the exchange demands increased returns.
- 3.
Note: A family member, friend or co-worker may have discussed a previous ransomware experience. This may have a significant influence on the victims perceived situation and its potential outcomes.
- 4.
Note: Corporations should also understand their legal and regulatory constraints. In many Western countries, paying a ransom may not be permitted due to Know Your Customer (KYC) and anti-money laundering (AML) restrictions.
- 5.
Note: The Internet is usually accessed through search engines. The darknet and Dark Web are the same distinction. The darknet is the network of computers that you can’t usually see/search, and the Dark Web is the system that allows you to interact with them.
- 6.
Note: Cryptocurrencies are also generally not bound by regulations such as KYC and AML, which may cause delays in conventional finacial systems.
- 7.
Note: To increase the probability of payment, some ransomware attackers have created even detailed instructions and inbuilt help desk-style features that assist victims purchase and make payment using cryptocurrencies.
- 8.
Note: A user accessing the Internet from a public connection may be able to improve their level of online anonymity; however, they may inadvertently increase their probability of detection and identification through third-party systems such as CCTV. A user accessing the Internet from a private Internet connection that is routing through a VPN in combination with software applications such as TOR can generally expect their Internet connection and online activities to be anonymous. The obvious exception is a user’s system and networks whose hardware or software integrity has already been compromised (i.e., under surveillance by the state, a state agency or another actor).
- 9.
Note: The Cryptolocker attacks infected over 500,000 machines between 2013 and 2014, using primitive spam messages to spread the virus and RSA encryption to lock the user’s files before demanding payment. The virus was ultimately brought down by a white hat campaign Tovar.
- 10.
Note: The use of the term cryptojacking refers to the process of using malware to illegally steal CPU revolutions from victims’ devices to mine cryptocurrencies. (See Fuscaldo 2018).
References
L. Ablon, M. Libicki, A. Golay, Projections and predictions for the black market, in Markets for Cybercrime Tools and Stolen Data Book Subtitle: Hackers’ Bazaar, (RAND Corporation, Santa Monica, 2014a)
L. Ablon, M. Libicki, A. Golay, Characteristics of the black market, in Markets for Cybercrime Tools and Stolen Data Book Subtitle: Hackers’ Bazaar, (RAND Corporation, Santa Monica, 2014b)
J. Angel, D. McCabe, The Ethics of Payments: Paper, Plastic, or Bitcoin? J. Bus. Ethics 132, 603–611 (2015)
N. Aslam, Bitcoin: The harder the fall, the higher the rise: $35K by Q4, Forbes. (2018) [Online]. Available online: https://www.forbes.com/sites/naeemaslam/2018/04/10/bitcoin-the-harder-the-fall-the-higher-the-rise-35k-by-q4/#18e1126d5410. Accessed 10 Apr 2018
T. Bossert, Press briefing on the attribution of the WannaCry malware attack to North Korea, 19 Dec 2017
T. Brewster, Google warns ransomware boom scored crooks $2 million a month, Forbes. (25 July 2019) 2017 [Online]. Available online: https://www.forbes.com/sites/thomasbrewster/2017/07/25/google-ransomware-multi-million-dollar-business-with-locky-and-cerber/#758974576caf. Accessed 17 Jan 2019
D. Bryans, Bitcoin and money laundering: Mining for an effective solution. Indiana Law J. 89, 440–472 (2014)
M. Casey, How Bitcoin and Blockchain are changing the world. (5 Mar 2018) [Video]. Available online: https://vimeopro.com/user12220083/osmosis-work-samples-for-unsw/video/151457603. Accessed 24 Sep 2019
J. Ciolli, People are making a fortune buying government-seized bitcoins, Business Insider Australia. (2017). Available online: https://www.businessinsider.com.au/bitcoin-price-government-auction-winners-2017-5?r=US&IR=T. Accessed 28 May 2018
A. Cohen, Cyber (in)security decision-making dynamics when moving out of your comfort zone. Cyber Def. Rev. (Army Cyber Institute) 2(1) (Winter), 45–60 (2017)
M. Conti, A. Gangwal, S. Ru, On the economic significance of ransomware campaigns: A bitcoin transactions perspective. Comput. Secur. 79, 162–189 (2018)
European Central Bank, Virtual Currency Schemes (European Central Bank, Germany, 2012)
EY, The relevance challenge: What retail banks must do to remain in the game, EY. (2016)
D. Fuscaldo, Crypto mining malware grew 4,000% this year, Forbes. (2018). Available online: https://www.forbes.com/sites/donnafuscaldo/2018/12/28/crypto-mining-malware-grew-4000-this-year/#7efbb86a224c. Accessed 13 Sept 2019
M. Gardiner, To guard against cybercrime, follow the money, Harvard Business Review. (2017). Available online: https://hbr.org/2017/05/to-guard-against-cybercrime-follow-the-money. Accessed 16 June 2018
S. Goldfeder, H. Kalodner, D. Reisman†, A. Narayanan, When the cookie meets the blockchain: Privacy risks of web payments via cryptocurrencies, Princeton University. (2017)
A. Greenberg, The untold story of NotPetya, the most devastating cyber attack in history, WIRED. (2018). Available online: https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/. Accessed 23 Jan 2019
T. Hanuka, The untold story of silk road, part 2: The fall. (2015). Available online: https://www.wired.com/2015/05/silk-road-2/. Accessed 27 May 2018
G. Hileman, M. Rauchs, Global Cryptocurrency Benchmarking Study (University of Cambridge, 2017). Cambridge Centre for Alternative Finance, Cambridge, United Kingdom
D.Y. Huang, M.M. Aliapoulios, V.G. Li, L. Invernizzi, E. Bursztein, K. McRoberts, J. Levin, K. Levchenko, A.C. Snoeren, D. McCoy, Tracking ransomware end-to-end, IEEE symposium on security and privacy, 23 May 2018 [Video]. Available online: https://www.youtube.com/watch?v=H5bPmzsVLF8. Accessed 14 Mar 2019
IBM, IBM X-Force threat intelligence index 2019. (2019)
D. Irving, The digital underworld: What you need to know, RAND Review. (2016), 21 May 2018
A. Kesari, C. Hoofnagle, D. McCoy, Deterring cybercrime: Focus on intermediaries. Berkeley Technol. Law J. 32(3), 1131 (2017)
A. Kharraz, W. Robertson, D. Balzarotti, L. Bilge, E. Kirda, Cutting the Gordian Knot: A Look Under the Hood of Ransomware Attacks (Springer International Publishing, Cham, 2015)
M. Kien-Meng Ly, Coining Bitcoin’s “Legal-Bits”: Examining the regulatory framework for bitcoin and virtual currencies. Harvard J. Law Technol. 27(2) (Spring), 588–608 (2014)
N. Kshetri, Diffusion and effects of cyber-crime in developing economies. Third World Q.31(7), 1057–1079 (2010)
M. Lucas, The difference between Bitcoin and Blockchain for business. Available online: https://www.ibm.com/blogs/blockchain/2017/05/the-difference-between-bitcoin-and-blockchain-for-business/. Accessed 12 Mar 2018
R. McMillen, Who owns the worlds biggest bitcoin wallet? The FBI, WIRED. (2013). Available online: https://www.wired.com/2013/12/fbi-wallet/. Accessed 14 Mar 2018
M. Moser, Anonymity of bitcoin transactions: An analysis of mixing services, Monster Bitcoin Conference 17 Sept 2013, 2013
S. Nakamoto, Bitcoin: A peer-to-peer electronic cash system, (2008). Available online: www.bitcoin.org. Accessed 28 May 2017
K. Parrish, Hackers are now favoring ransomware over personal data theft, Digital Trends. (2018). Available online: https://www.digitaltrends.com/computing/report-suggests-hackers-leaning-towards-ransomware/. Accessed 2 Jan 2019
Ponemon Institute, The Rise of Ransomware. (2017)
J. Robertson, A. Diab, E. Marin, E. Nunes, V. Paliath, J. Shakarian, P. Shakarian, Darknet mining and game theory for enhanced cyber threat intelligence. Cyber Def. Rev.1(2 (Fall)), 95–122 (2016)
B. Schneier, Applied Cryptography: Protocols, Algorithms, and Source Code in C (Wiley, New York, 1996)
J. Silver-Greenberg, Justice department inquiry takes aim at banks’ business with payday lenders, The New York Times. 26 Jan 2014 (2014) [Online]. Available online: https://dealbook.nytimes.com/2014/01/26/justice-dept-inquiry-takes-aim-at-banksbusiness-with-payday-lenders/. Accessed 22 Jan 2019
P. Singer, A. Friedman, Cybersecurity and Cyberwar: What Everyone Needs to Know (Oxford University Press, New York, 2014)
Symantec, Cryptojacking Skyrockets to the Top of the Attacker Toolkit, Signaling Massive Threat to Cyber and Personal Security, 21 Mar 2018
TED, The Deadly Genius of Drug Cartels (TED Salon, New York, 2013). Available online: https://www.ted.com/talks/rodrigo_canales_the_deadly_genius_of_drug_cartels/discussion?ga_source=embed&ga_medium=embed&ga_campaign=embedT. Accessed 26 Jan 2019
S. Thakkar, Ransomware – Exploring the electronic form of extortion. Int. J. Sci. Res. Dev.2(10), 123–126 (2014)
The Economist, The world’s most valuable resource is no longer oil, but data, The Economist. (2017). Available online: https://www.economist.com/leaders/2017/05/06/the-worlds-most-valuable-resource-is-no-longer-oil-but-data. Accessed 27 Jan 2018
Trend Micro, What Happens When Victims Pay Ransomware Attackers? 10 Dec 2018. Available online: https://blog.trendmicro.com/what-happens-when-victims-pay-ransomware-attackers/. Accessed 1 Jan 2018
Trustwave, The Value of Data: A Cheap Commodity or Priceless Asset? (Trustwave, United Kingdom, 2017)
Verizon, Data Breach Investigations Report (2016). Available online: www.verizonenterprise.com/verizon-insights-lab/dbir/2016. Accessed 9 Jan 2018
J. Wolff, You’ll See This Message When It Is Too Late: The Legal and Economic Aftermath of Cybersecurity Breaches (The MIT Press, Cambridge, 2018)
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Ryan, M. (2021). Ransomware Economics. In: Ransomware Revolution: The Rise of a Prodigious Cyber Threat. Advances in Information Security, vol 85. Springer, Cham. https://doi.org/10.1007/978-3-030-66583-8_4
Download citation
DOI: https://doi.org/10.1007/978-3-030-66583-8_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-66582-1
Online ISBN: 978-3-030-66583-8
eBook Packages: Computer ScienceComputer Science (R0)