The Social and Technological Incentives for Cybercriminals to Engage in Ransomware Activities | SpringerLink
Skip to main content
Springer Nature Link
Log in

The Social and Technological Incentives for Cybercriminals to Engage in Ransomware Activities

  • Conference paper
  • First Online:
Security and Privacy in Social Networks and Big Data (SocialSec 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14097))

Abstract

Ransomware attacks and the use of the dark web forums are two serious contemporary cyber-problems. These two areas have been investigated separately in the past, but there is currently a gap in our understanding with regard to the interactions between them – i.e., dark web forums that can potentially lead to ransomware activities. The rise of Ransomware-as-a-Service (RaaS) exacerbates these problems even further. The aim of this paper is therefore to investigate the social and technological discourse within the dark web forums that may foster or initiate some of the users’ pathway towards ransomware-related criminal activities. To this aim, we carried out data collection (crawling) of pertinent posts from the “Dread” dark web forum, based on sixteen keywords commonly associated with ransomware. Our data collection and manual screening processes resulted in the identification of 1,279 posts related to ransomware, with the posting dates between 25 March 2018 and 30 September 2022. Our dataset confirms that ransomware-related posts exist on the Dread dark web forum. We found that these posts can generally be grouped into eight categories: Hacker, Potential Hacker, RaaS Provider, Education, Information, News, Debate and Other. Furthermore, the contents of these posts shed some light on the social and technological incentives that may encourage some actors to get involved in ransomware crimes. In conclusion, such posts pose a threat to cyber security, because they might provide a pathway for wannabe ransomware operators to get in on the act. The findings from our research can serve as a starting point for devising practical countermeasures, for instance by considering how such posts should be handled in the future, or how some follow-up intervention actions can be prepared in anticipation of certain actors getting involved in ransomware as a result of reading posts in such forums.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
JPY 3498
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
JPY 5719
Price includes VAT (Japan)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
JPY 7149
Price includes VAT (Japan)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Afroz, S., Garg, V., McCoy, D., Greenstadt, R.: Honor among thieves: a common’s analysis of cybercrime economies. In: 2013 APWG eCrime Researchers Summit, pp. 1–11. IEEE (2013)

    Google Scholar 

  2. Afroz, S., Islam, A.C., Stolerman, A., Greenstadt, R., McCoy, D.: Doppelgänger Finder: taking stylometry to the underground. In: 2014 IEEE Symposium on Security and Privacy, pp. 212–226. IEEE (2014)

    Google Scholar 

  3. Aslan, Ö.A., Samet, R.: A comprehensive review on malware detection approaches. IEEE Access 8, 6249–6271 (2020)

    Article  Google Scholar 

  4. Bada, M., Pete, I.: An exploration of the cybercrime ecosystem around Shodan. In: 2020 7th International Conference on Internet of things: Systems, Management and Security (IOTSMS), pp. 1–8. IEEE (2020)

    Google Scholar 

  5. Bekkers, L., van’t Hoff-de Goede, S., Misana-ter Huurne, E., et al.: Protecting your business against ransomware attacks? explaining the motivations of entrepreneurs to take future protective measures against cybercrimes using an extended protection motivation theory model. Comput. Secur. 127, 103099 (2023)

    Google Scholar 

  6. Cimpanu, C.: Three major hacking forums ban ransomware ads as some ransomware gangs shut down (2021). https://therecord.media/three-major-hacking-forums-ban-ransomware-ads-as-some-ransomware-gangs-shut-down

  7. Connolly, L.Y., Wall, D.S.: The rise of crypto-ransomware in a changing cybercrime landscape: taxonomising countermeasures. Comput. Secur. 87, 101568 (2019)

    Article  Google Scholar 

  8. Continella, A., et al.: ShieldFS: a self-healing, ransomware-aware filesystem. In: Proceedings of 32nd Annual Conference on Computer Security Applications, pp. 336–347 (2016)

    Google Scholar 

  9. DarknetOnions: dread DDOS attack continues, onion site goes offline (2022). https://darknetone.com/dread-ddos-attack-continues-onion-site-goes-offline/

  10. Dread: dread (2023). http://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/

  11. Du, P.Y., Zhang, N., Ebrahimi, M., et al.: Identifying, collecting, and presenting hacker community data: forums, IRC, carding shops, and DNMs. In: 2018 IEEE International Conference on Intelligence and Security Informatics (ISI), pp. 70–75. IEEE (2018)

    Google Scholar 

  12. Eliando, E., Purnomo, Y.: LockBit 2.0 ransomware: analysis of infection, persistence, prevention mechanism. CogITo Smart J. 8(1), 232–243 (2022)

    Google Scholar 

  13. Europol: internet organised crime threat assessment (IOCTA) (2021). https://www.europol.europa.eu/cms/sites/default/files/documents/internet_organised_crime_threat_assessment_iocta_2021.pdf

  14. FBI press: FBI statement on network disruption at colonial pipeline (2021). https://www.fbi.gov/news/press-releases/fbi-statement-on-network-disruption-at-colonial-pipeline

  15. Flashpoint: give me libre or give me dread: the fleeting promise of centralized illicit communities (2023). https://flashpoint.io/blog/libre-forum-centralized-illicit-communities/

  16. Hernandez-Castro, J., Cartwright, A., Cartwright, E.: An economic analysis of ransomware and its welfare consequences. R. Soc. Open Sci. 7(3), 190023 (2020)

    Article  Google Scholar 

  17. Holz, T., Engelberth, M., Freiling, F.: Learning more about the underground economy: a case-study of keyloggers and Dropzones. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 1–18. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04444-1_1

    Chapter  Google Scholar 

  18. Huang, C., Guo, Y., Guo, W., Li, Y.: HackerRank: identifying key hackers in underground forums. Int. J. Distrib. Sens. Netw. 17(5), 15501477211015144 (2021)

    Article  Google Scholar 

  19. Huang, D.Y., Aliapoulios, M.M., Li, V.G., et al.: Tracking ransomware end-to-end. In: 2018 IEEE Symposium on Security and Privacy (SP), pp. 618–631 (2018). https://doi.org/10.1109/SP.2018.00047

  20. Hull, G., John, H., Arief, B.: Ransomware deployment methods and analysis: views from a predictive model and human responses. Crime Sci. 8, 1–22 (2019)

    Article  Google Scholar 

  21. Kaseya press: Kaseya responds swiftly to sophisticated cyberattack (2022). https://www.kaseya.com/press-release/kaseya-responds-swiftly-to-sophisticated-cyberattack-mitigating-global-disruption-to-customers/

  22. Kaspersky: LockBit ransomware - what you need to know (2022). https://www.kaspersky.com/resource-center/threats/lockbit-ransomware

  23. Kolodenker, E., Koch, W., Stringhini, G., Egele, M.: PayBreak: defense against cryptographic ransomware. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 599–611 (2017)

    Google Scholar 

  24. Kouzis-Loukas, D.: Learning Scrapy. Packt Publishing Ltd, Birmingham (2016)

    Google Scholar 

  25. Lang, M., Connolly, L.Y., Taylor, P., Corner, P.J.: The evolving menace of ransomware: a comparative analysis of pre-pandemic and mid-pandemic attacks. Research and Practice, ACM Digital Threats (2022)

    Google Scholar 

  26. Leukfeldt, E.R., Yar, M.: Applying routine activity theory to cybercrime: a theoretical and empirical analysis. Deviant Behav. 37(3), 263–280 (2016)

    Article  Google Scholar 

  27. McAlaney, J., Hambidge, S., Kimpton, E., Thackray, H.: Knowledge is power: an analysis of discussions on hacking forums. In: 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS &PW), pp. 477–483. IEEE (2020)

    Google Scholar 

  28. McIntosh, T., Kayes, A., Chen, Y.P.P., Ng, A., Watters, P.: Ransomware mitigation in the modern era: a comprehensive review, research challenges, and future directions. ACM Comput. Surv. (CSUR) 54(9), 1–36 (2021)

    Article  Google Scholar 

  29. Meland, P.H., Bayoumy, Y.F.F., Sindre, G.: The ransomware-as-a-service economy within the darknet. Comput. Secur. 92, 101762 (2020). https://doi.org/10.1016/j.cose.2020.101762

    Article  Google Scholar 

  30. Motoyama, M., McCoy, D., Levchenko, K., Savage, S., Voelker, G.M.: An analysis of underground forums. In: Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement Conference, pp. 71–80 (2011)

    Google Scholar 

  31. Nuce, J., Kennelly, J., Goody, K., et al.: Shining a light on darkside ransomware operations. Technical Report, Mandiant (2021). https://www.mandiant.com/resources/blog/shining-a-light-on-darkside-ransomware-operations

  32. O’Kane, P., Sezer, S., Carlin, D.: Evolution of ransomware. let Netw. 7(5), 321–327 (2018)

    Google Scholar 

  33. Pastrana, S., Hutchings, A., Caines, A., Buttery, P.: Characterizing eve: analysing cybercrime actors in a large underground forum. In: Bailey, M., Holz, T., Stamatogiannakis, M., Ioannidis, S. (eds.) RAID 2018. LNCS, vol. 11050, pp. 207–227. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-00470-5_10

    Chapter  Google Scholar 

  34. Pastrana, S., Thomas, D.R., Hutchings, A., Clayton, R.: CrimeBB: enabling cybercrime research on underground forums at scale. In: Proceedings of the 2018 World Wide Web Conference, pp. 1845–1854 (2018)

    Google Scholar 

  35. Pete, I., et al.: POSTCOG: a tool for interdisciplinary research into underground forums at scale. In: 2022 IEEE European Symposium on Security and Privacy Workshops (EuroS &PW), pp. 93–104. IEEE (2022)

    Google Scholar 

  36. Pont, J., Abu Oun, O., Brierley, C., Arief, B., Hernandez-Castro, J.: A roadmap for improving the impact of anti-ransomware research. In: Askarov, A., Hansen, R.R., Rafnsson, W. (eds.) NordSec 2019. LNCS, vol. 11875, pp. 137–154. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-35055-0_9

    Chapter  Google Scholar 

  37. Pont, J., Arief, B., Hernandez-Castro, J.: Why current statistical approaches to ransomware detection fail. In: Susilo, W., Deng, R.H., Guo, F., Li, Y., Intan, R. (eds.) ISC 2020. LNCS, vol. 12472, pp. 199–216. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-62974-8_12

    Chapter  Google Scholar 

  38. Ratten, V.: The effect of cybercrime on open innovation policies in technology firms. Information Technology & People (2019)

    Google Scholar 

  39. Yilmaz, Y., Cetin, O., Grigore, C., Arief, B., Hernandez-Castro, J.: Personality Types and Ransomware Victimisation. Research and Practice, ACM Digital Threats (2022)

    Google Scholar 

  40. Yue, W.T., Wang, Q.H., Hui, K.L.: See no evil, hear no evil? Dissecting the impact of online hacker forums. Mis Q. 43(1), 73 (2019)

    Article  Google Scholar 

  41. Yuryna Connolly, L., Wall, D.S., Lang, M., Oddson, B.: An empirical study of ransomware attacks on organizations: an assessment of severity and salient factors affecting vulnerability. J. Cybersecur. 6(1), tyaa023 (2020)

    Google Scholar 

  42. Zhang, Y., Fan, Y., Hou, S., Liu, J., Ye, Y., Bourlai, T.: iDetector: automate underground forum analysis based on heterogeneous information network. In: 2018 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM), pp. 1071–1078. IEEE (2018)

    Google Scholar 

  43. Zhao, Z., Ahn, G.-J., Hu, H., Mahi, D.: SocialImpact: systematic analysis of underground social dynamics. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 877–894. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33167-1_50

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Kent, Canterbury, UK

    Yichao Wang, Sophia Roscoe & Budi Arief

  2. Zayed University, Abu Dhabi, United Arab Emirates

    Lena Connolly & Sanaa Kaddoura

  3. University College London, London, UK

    Hervé Borrion

Authors
  1. Yichao Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sophia Roscoe
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Budi Arief
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Lena Connolly
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Hervé Borrion
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Sanaa Kaddoura
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yichao Wang .

Editor information

Editors and Affiliations

  1. University of Kent, Canterbury, UK

    Budi Arief

  2. University of Pisa, Pisa, Italy

    Anna Monreale

  3. Cyprus University of Technology, Limassol, Cyprus

    Michael Sirivianos

  4. University of Kent, Canterbury, UK

    Shujun Li

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Wang, Y., Roscoe, S., Arief, B., Connolly, L., Borrion, H., Kaddoura, S. (2023). The Social and Technological Incentives for Cybercriminals to Engage in Ransomware Activities. In: Arief, B., Monreale, A., Sirivianos, M., Li, S. (eds) Security and Privacy in Social Networks and Big Data. SocialSec 2023. Lecture Notes in Computer Science, vol 14097. Springer, Singapore. https://doi.org/10.1007/978-981-99-5177-2_9

Download citation

  • DOI: https://doi.org/10.1007/978-981-99-5177-2_9

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-99-5176-5

  • Online ISBN: 978-981-99-5177-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation