MétaCan
Menu
← all works

Ransomware payments in the Bitcoin ecosystem

2019· article· en· 233 citations· W2963604227 on OpenAlex· 10.1093/cybsec/tyz003

Why is this work in the frame?

A frame that forgets how it found something cannot be audited. These are the routes that admitted this work.

Canadian affiliationAn author listed a Canadian institution. This is the only route the usual frame has.

Full frame distilled prediction

Learned from the 10,348 direct Codex labels and 10,348 direct Gemma labels. Candidate is the union of thresholded teacher heads; consensus is their intersection. These outputs are machine_predicted_unvalidated and are not human labels or direct frontier model labels.

Candidate categories
none
Consensus categories
none
Domain
Candidate signal: noneConsensus signal: none
Study design
Candidate signal: Theoretical or conceptualConsensus signal: none
Genre
Candidate signal: EmpiricalConsensus signal: Empirical
Teacher disagreement score
0.420
Threshold uncertainty score
0.245
Validation status
machine_predicted_unvalidated · codex-gemma-dda1882f352a

Codex and Gemma teacher scores by category

CategoryCodexGemma
Metaresearch0.0010.000
Meta-epidemiology (narrow)0.0000.000
Meta-epidemiology (broad)0.0000.000
Bibliometrics0.0000.000
Science and technology studies0.0000.000
Scholarly communication0.0000.001
Open science0.0010.000
Research integrity0.0000.000
Insufficient payload (model declined to judge)0.0000.000

Machine scores (provisional)

Baseline scores from an immature model (maturity gate not passed, 7 training rounds). Scores rank; they never assert a category.

The two teacher heads of the student model, read on this work. A score orders the frame for review; it never asserts a category, and the validation status ships verbatim with every row.

Opus teacher head0.006
GPT teacher head0.239
Teacher spread
0.233 · how far apart the two teachers sit on this one work
Validation status
score_only:v0-immature-baseline · verbatim from the scoring run: score_only means the number may rank works, and no category label ships from it

Abstract

Ransomware can prevent a user from accessing a device and its files until a ransom is paid to the attacker, most frequently in Bitcoin. With over 500 known ransomware families, it has become one of the dominant cybercrime threats for law enforcement, security professionals, and the public. However, a more comprehensive, evidence-based picture on the global direct financial impact of ransomware attacks is still missing. In this article, we present a data-driven method for identifying and gathering information on Bitcoin transactions related to illicit activity based on footprints left on the public Bitcoin blockchain. We implement this method on-top-of the GraphSense open-source platform and apply it to empirically analyze transactions related to 35 ransomware families. We estimate the lower bound direct financial impact of each ransomware family and find that, from 2013 to mid-2017, the market for ransomware payments has a minimum worth of USD 12 768 536 (22 967.54 BTC). We also find that the market is highly skewed with only a few number of players responsible for the majority of the payments. Based on these research findings, policy-makers and law enforcement agencies can use the statistics provided to understand the size of the illicit market and make informed decisions on how best to address the threat.

Fetched live from OpenAlex and de-inverted. Abstracts are not stored in this database: the inverted indexes are 8.6 GB of the frame’s 9.3 GB of text, and the host has 13 GB free.

The record

Venue
Journal of Cybersecurity
Topic
Advanced Malware Detection Techniques
Field
Computer Science
Canadian institutions
Université de Montréal
Funders
European Commission
Keywords
RansomwarePaymentCybercrimeBusinessComputer securityLaw enforcementRansomEnforcementVirtual currencyInternet privacyCryptocurrencyMalwareThe InternetFinanceComputer scienceEconomicsMonetary economicsLawCurrency
Has abstract in OpenAlex
yes