Tracking Ransomware End to End

Presented at Black Hat USA 2017, July 26, 2017, 5:05 p.m. (25 minutes).

A niche term just two years ago, ransomware has rapidly risen to fame in the last year, infecting hundreds of thousands of users, locking their documents, and demanding hefty ransoms to get them back. In doing so, it has become one of the largest cybercrime revenue sources, with heavy reliance on Bitcoins and Tor to confound the money trail.

In this talk, we demonstrate a method to track the ransomware ecosystem at scale, from distribution sites to the cash-out points. By processing 100k+ samples, we shed light on the economics and infrastructure of the largest families, and we provide insight on their revenue and conversion rates. With a deep dive in the two largest groups, we show the details of their operation. Finally, we uncover the cash-out points, tracking how the money exits the bitcoin network, enabling the authorities to pick up the money trail using conventional financial tracing means.


Presenters:

  • Kylie McRoberts - Sr. Strategist, Google
    Kylie McRoberts is a senior strategist with Google's Safe Browsing where she is currently focused on binary analysis in support of enforcement of Safe Browsing policies. Before joining Google, she conducted political and military analysis for the Australian Department of Defence.
  • Elie Bursztein - anti-fraud research lead, Google
    Elie Bursztein leads Google's anti-abuse research, which helps protect users against Internet threats. Elie has contributed to applied-cryptography, machine learning for security, malware understanding, and web security; authoring over fifty research papers in the field. Most recently, he was involved in finding the first SHA-1 collision. Elie is a beret aficionado, tweets at @elie, and performs magic tricks in his spare time. Born in Paris, he received a PhD from ENS-cachan in 2008 before working at Stanford University and ultimately joining Google in 2011. He now lives with his wife in Mountain View, California.
  • Luca Invernizzi - Research Scientist, Google
    Luca Invernizzi is a Research Scientist in Google's anti-abuse team. His current research focuses in understanding and modeling the underground economy of abuse, and detecting malware at scale on desktop and mobile. Luca holds a Ph.D. in Computer Science from the University of California, Santa Barbara.

Links:

Similar Presentations: