On Locky Ransomware, Al Capone and Brexit

  • John MacRae
  • Virginia N. L. FranqueiraEmail author
Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 216)


The highly crafted lines of code which constitute the Locky cryptolocker ransomware are there to see in plain text in an infected machine. Yet, this forensic evidence does not lead investigators to the identity of the extortionists nor to the destination of the ransom payments. Perpetrators of this ransomware remain unknown and unchallenged and so the ransomware cyber crimewave gathers pace. This paper examines what Locky is, how it works, and the mechanics of this malware to understand how ransom payments are made. The financial impact of Locky is found to be substantial. The paper describes methods for “following the money” to assess how effectively such a digital forensic trail can assist ransomware investigators. The legal instruments that are being established by the authorities as they attempt to shut down ransomware attacks and secure prosecutions are evaluated. The technical difficulty of following the money coupled with a lack of registration and disclosure legislation mean that investigators of this cybercrime are struggling to secure prosecutions and halt Locky.


Locky Ransomware Cryptolocker Bitcoin Brexit Digital forensics Money laundering 


  1. 1.
    Alina, S.: Ransomware’s stranger-than-fiction origin story (2015).
  2. 2.
    Calderbank, M.: The RSA Cryptosystem: History, Algorithm, Primes.
  3. 3. Ransomware - Definition - Trend Micro UK.
  4. 4.
  5. 5.
    Valdez, J.: Meet the latest member of the Locky family: odin.
  6. 6.
  7. 7. What is Thor.
  8. 8.
    Zorz, Z.: Dridex botnet alive and well, now also spreading ransomware - Help Net Security. Help Net Security.
  9. 9.
    Intelligence Threat Team: A closer look at the Locky ransomware.,
  10. 10. Locky ransomware, metrics and protection.
  11. 11.
    Griffin, D.: Cyber-extortion losses skyrocket, says FBI. CNNMoney.
  12. 12.
    Yadron, D.: Los Angeles hospital paid $17,000 in bitcoin to ransomware hackers. The Guardian.
  13. 13. FireEye warns ‘massive’ ransomware campaign hits US, Japan hospitals.
  14. 14. Ransomware for Dummies: Anyone Can Do It — Krebs on Security.
  15. 15. CoinsBank - the bank of Blockchain future.
  16. 16.
    InfoSec Resources: The End of Bitcoin Ransomware?
  17. 17.
    Spagnuolo, M., Maggi, F., Zanero, S.: BitIodine: extracting intelligence from the Bitcoin network. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 457–468. Springer, Heidelberg (2014). Google Scholar
  18. 18. BitCluster.
  19. 19.
    Elliptic: Elliptic.
  20. 20. Chainalysis - Blockchain analysis. Chainalysis.
  21. 21.
    Meiklejohn, S., Pomarole, M., Jordan, G., Levchenko, K., McCoy, D., Voelker, G., Savage, S.: A fistful of Bitcoins. Commun. ACM 59(4), 86–93 (2016)CrossRefGoogle Scholar
  22. 22.
    Europol: Europol and Chainalysis Reinforce Their Cooperation in The Fight Against Cybercrime.
  23. 23. Court Authorizes Service of John Doe Summons Seeking the Identities of U.S. Taxpayers Who Have Used Virtual Currency.
  24. 24. Bitcoin & Ethereum Wallet - Coinbase.
  25. 25.
    UK Treasury: UK national risk assessment of money laundering and terrorist financing.
  26. 26. Documents - Financial Action Task Force (FATF) (2017).
  27. 27. Economic and Financial Affairs Council configuration (Ecofin) - Consilium. Accessed 15 Mar 2017
  28. 28. Justice and Home Affairs Council configuration (JHA) - Consilium.
  29. 29. The European Council - Consilium.
  30. 30.
  31. 31.

Copyright information

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2018

Authors and Affiliations

  1. 1.Department of Research and ImpactUlster UniversityBelfastUK
  2. 2.Department of Electronics, Computing and MathematicsUniversity of DerbyDerbyUK

Personalised recommendations