Advertisement

On Locky Ransomware, Al Capone and Brexit

  • John MacRae
  • Virginia N. L. FranqueiraEmail author
Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 216)

Abstract

The highly crafted lines of code which constitute the Locky cryptolocker ransomware are there to see in plain text in an infected machine. Yet, this forensic evidence does not lead investigators to the identity of the extortionists nor to the destination of the ransom payments. Perpetrators of this ransomware remain unknown and unchallenged and so the ransomware cyber crimewave gathers pace. This paper examines what Locky is, how it works, and the mechanics of this malware to understand how ransom payments are made. The financial impact of Locky is found to be substantial. The paper describes methods for “following the money” to assess how effectively such a digital forensic trail can assist ransomware investigators. The legal instruments that are being established by the authorities as they attempt to shut down ransomware attacks and secure prosecutions are evaluated. The technical difficulty of following the money coupled with a lack of registration and disclosure legislation mean that investigators of this cybercrime are struggling to secure prosecutions and halt Locky.

Keywords

Locky Ransomware Cryptolocker Bitcoin Brexit Digital forensics Money laundering 

References

  1. 1.
    Alina, S.: Ransomware’s stranger-than-fiction origin story (2015). https://medium.com/un-hackable/the-bizarre-pre-internet-history-of-ransomware-bb480a652b4b-.z5qxcdeyy
  2. 2.
    Calderbank, M.: The RSA Cryptosystem: History, Algorithm, Primes. http://www.math.uchicago.edu/~may/VIGRE/VIGRE2007/REUPapers/FINALAPP/Calderbank.pdf
  3. 3.
    Trendmicro.co.uk: Ransomware - Definition - Trend Micro UK. http://www.trendmicro.co.uk/vinfo/uk/security/definition/ransomware
  4. 4.
  5. 5.
    Valdez, J.: Meet the latest member of the Locky family: odin. https://blog.gdatasoftware.com/2016/10/29245-meet-the-latest-member-of-the-locky-family-odin
  6. 6.
  7. 7.
    It-b.co.uk: What is Thor. http://www.it-b.co.uk/blog/what-is-thor
  8. 8.
    Zorz, Z.: Dridex botnet alive and well, now also spreading ransomware - Help Net Security. Help Net Security. https://www.helpnetsecurity.com/2016/02/17/dridex-botnet-alive-and-well-now-also-spreading-ransomware/
  9. 9.
    Intelligence Threat Team: A closer look at the Locky ransomware. Blog.avast.com, https://blog.avast.com/a-closer-look-at-the-locky-ransomware
  10. 10.
    Blog.anubisnetworks.com: Locky ransomware, metrics and protection. http://blog.anubisnetworks.com/blog/locky-ransomware-metrics-and-protection
  11. 11.
    Griffin, D.: Cyber-extortion losses skyrocket, says FBI. CNNMoney. http://money.cnn.com/2016/04/15/technology/ransomware-cyber-security/
  12. 12.
    Yadron, D.: Los Angeles hospital paid $17,000 in bitcoin to ransomware hackers. The Guardian. https://www.theguardian.com/technology/2016/feb/17/los-angeles-hospital-hacked-ransom-bitcoin-hollywood-presbyterian-medical-center
  13. 13.
    Theregister.co.uk: FireEye warns ‘massive’ ransomware campaign hits US, Japan hospitals. http://www.theregister.co.uk/2016/08/18/fireeye_warns_massive_ransomware_campaign_hits_us_japan_hospitals/
  14. 14.
    Krebsonsecurity.com: Ransomware for Dummies: Anyone Can Do It — Krebs on Security. https://krebsonsecurity.com/2017/03/ransomware-for-dummies-anyone-can-do-it/
  15. 15.
    Coinsbank.com: CoinsBank - the bank of Blockchain future. https://coinsbank.com/wallet
  16. 16.
    InfoSec Resources: The End of Bitcoin Ransomware? http://resources.infosecinstitute.com/the-end-of-bitcoin-ransomware/#gref
  17. 17.
    Spagnuolo, M., Maggi, F., Zanero, S.: BitIodine: extracting intelligence from the Bitcoin network. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 457–468. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-45472-5_29 Google Scholar
  18. 18.
    Bit-cluster.com: BitCluster. http://www.bit-cluster.com
  19. 19.
    Elliptic: Elliptic. https://www.elliptic.co/
  20. 20.
    chainalysis.com: Chainalysis - Blockchain analysis. Chainalysis. https://www.chainalysis.com/
  21. 21.
    Meiklejohn, S., Pomarole, M., Jordan, G., Levchenko, K., McCoy, D., Voelker, G., Savage, S.: A fistful of Bitcoins. Commun. ACM 59(4), 86–93 (2016)CrossRefGoogle Scholar
  22. 22.
    Europol: Europol and Chainalysis Reinforce Their Cooperation in The Fight Against Cybercrime. https://www.europol.europa.eu/newsroom/news/europol-and-chainalysis-reinforce-their-cooperation-in-fight-against-cybercrime
  23. 23.
    Justice.gov: Court Authorizes Service of John Doe Summons Seeking the Identities of U.S. Taxpayers Who Have Used Virtual Currency. https://www.justice.gov/opa/pr/court-authorizes-service-john-doe-summons-seeking-identities-us-taxpayers-who-have-used-virtual-currency
  24. 24.
    Coinbase.com: Bitcoin & Ethereum Wallet - Coinbase. https://www.coinbase.com/?locale=en
  25. 25.
    UK Treasury: UK national risk assessment of money laundering and terrorist financing. https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/468210/UK_NRA_October_2015_final_web.pdf
  26. 26.
    Fatf-gafi.org: Documents - Financial Action Task Force (FATF) (2017). http://www.fatf-gafi.org/publications/fatfrecommendations/documents/fatf-recommendations.html
  27. 27.
    Consilium.europa.eu: Economic and Financial Affairs Council configuration (Ecofin) - Consilium. http://www.consilium.europa.eu/en/council-eu/configurations/ecofin/. Accessed 15 Mar 2017
  28. 28.
    Consilium.europa.eu: Justice and Home Affairs Council configuration (JHA) - Consilium. http://www.consilium.europa.eu/en/council-eu/configurations/jha/
  29. 29.
    Consilium.europa.eu: The European Council - Consilium. http://www.consilium.europa.eu/en/european-council/
  30. 30.
  31. 31.

Copyright information

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2018

Authors and Affiliations

  1. 1.Department of Research and ImpactUlster UniversityBelfastUK
  2. 2.Department of Electronics, Computing and MathematicsUniversity of DerbyDerbyUK

Personalised recommendations