Following the cyber money trail. Global challenges when investigating ransomware attacks and how regulation can help

Author:Angela S.M. Irwin, Caitlin Dawson
Position:Macquarie University, Sydney, Australia

Purpose The purpose of this paper is to show how global regulation of cryptocurrencies and other cybercurrencies can assist in addressing the challenges of attribution when investigating ransomware attacks and other types of cybercrime using these payment methods. Design/methodology/approach A literature review, looking at current academic research and discourse on the topic cryptocurrency regulation, is conducted to highlight current thinking and perceived difficulties in implanting a global regulatory framework. In... (see full summary)

Following the cyber money trail
Global challenges when investigating
ransomware attacks and how
regulation can help
Angela S.M. Irwin and Caitlin Dawson
Macquarie University, Sydney, Australia
Purpose The purpose of this paper is to show how global regulation of cryptocurrencies and other
cybercurrenciescan assist in addressing the challenges of attributionwhen investigating ransomware attacks
and other typesof cybercrime using these payment methods.
Design/methodology/approach A literature review, looking at current academic research and
discourse on the topic cryptocurrency regulation, is conducted to highlight current thinking and perceived
difculties in implantinga global regulatory framework.In addition, the research explores how governments
have addressed the risks posedby cryptocurrenciesand how regulation has been implemented. The research
focuses on the regulatoryapproaches of Australia, Europe and the Americasto determine whether they could
feasiblyaddress the risks posed by cryptocurrencies and be implementedon a global scale.
Findings To date, few sustained efforts have been made to regulate Bitcoin or other cybercurrencies. Where
regulation has been introduced, it has often proven too costly to implement, thereby, stiing Bitcoin industry
growth, or too ad hoc to function effectively. These regulatory pitfalls are substantiated by the continuing
difculty faced by law enforcement agencies, in identifyingindividual Bitcoin users and separating those that are
using them for nefarious purposes from those that are using them for legitimate ones. These challengesappear to
grow exponentially when it comes to prosecuting criminals for Bitcoin-related offences, due to the enormous lack
of agreement within the justice system of most countries as to the appropriate legal denition for Bitcoin. This
research highlights three characteristics that will be vital to the success of any global regulatory framework.
These are consistency, clarity and cost-effective implementation. A regulatory framework for Bitcoin that lacks
any one of these elements will fail to meet the requirements of every stakeholder in the regulatory process. A
framework that is too costly to implement will stientech innovation, subsequently depriving national
economies of the multitude of potential benets promised by fostering ntech entrepreneurship. Equally, a
framework that is inconsistent will hamper the global cooperation necessary to combat Bitcoin-related crime.
Originality/value This research evaluates research,discourse and regulatory responses from academic
and governmental sources and discusses how a global response to cryptocurrency regulation will help
address the growing problem of attributionwhen it comes to ransomware attacks, which has experienced a
considerablespike in recent months.
Keywords Financial crime, Attribution, Cryptocurrency, Ransomware, Bitcoin regulation
Paper type Research paper
1. Introduction
Cybercurrencies have been linked to illicit cyber activity for some time (Ablon et al., 2014;
Martin, 2014;Paum and Hateley,2014;Irwin and Milad, 2016). They have become common
bartering tools for illicit goods and services on dark marketplaces such as Silk Road 3,
Alphabay and Valhalla. Theseplatforms allow consumers to purchase items such as drugs,
weapons, Cybercrime-as-a-Service, hacking tools, malware, stolen credit card details and
compromised usernames and password combinations using Bitcoins. As we have seen
recently, cryptocurrencies, such as Bitcoin and Ethereum, are also involved in the
Journalof Money Laundering
Vol.22 No. 1, 2019
pp. 110-131
© Emerald Publishing Limited
DOI 10.1108/JMLC-08-2017-0041
The current issue and full text archive of this journal is available on Emerald Insight at:
facilitation of ransomwareattacks, where users are prevented from using their systemsuntil
a ransom is paid.
This paper looks at the challenges in following the money trail when investigating
ransomware attacks and how consistent,global regulation can go some way in helping law
enforcement agencies to identify those who use these currencies to facilitate ransomware
attacks and for other illicit purposes.The paper is structured as follows: Section 2 provides a
background on ransomware and looks at recent prominent ransomware attacks. Section 3
provides a literature review and current discourseon the topic of cryptocurrency regulation.
Section 4 explores the responses to Bitcoin regulation around the world, focussing on
regulatory approaches in Australia, Europe and the Americas. Section 5 looks at the
challenges posed by Bitcoin, and other cryptocurrencies, which make it extremely difcult
to ascertain the identity of offenders and to reduce the frequency of these types of attack.
Section 6 looks at how regulation may help with attribution and assist law enforcement
agencies more effectivelydeal with crimes facilitated by Bitcoin. Finally,Section 7 concludes
the paper.
2. Background
Ransomware is a type of malware that prevents users from accessing their system by
locking the systems screen, locking the usersles or using cryptographic techniques to
encrypt affected systems. Victims are forced to pay a ransom to obtain the decryption key
and regain access to the les on their device or system. Ransomware can unwittingly be
downloaded onto a system by a user visiting a malicious or compromisedwebsite, it can be
delivered as an attachment on spam or in a phishing email or it can arrive as a payload,
either dropped ontothe system or downloaded by another malware.
Often reported to be the rst ransomware attack, a ransomware variant called
TROJ_CRYZIP.A was detected in Russia between 2005 and 2006. TROJ_CRYZIP.A zipped
certain letypes before overwriting the original les, leaving only the password-protected
zip les in the users system (Trend Micro, 2006). A text le was also created that acted as
the ransomware note informing the user that their les could be retrieved in exchange for
US$300. The rst known case of ransomware attack, in fact, occurred nearly 30 years ago,
when, in 1989, the AIDS Trojan was initiated by AIDS researcher, Joseph Popp. Popp
distributed twenty thousand oppy disks to AIDS researchers in 90 countries (Mungo and
Glough, 1992) claimingthat, by completing a questionnaire contained on the disk, a program
on the disk could analyse an individuals risk of contracting AIDS. However, the disk
contained a malware program that sat dormant on the recipients computer until the
computer had been powered on 90 times. After this threshold was reached, a message was
displayed demanding payment of $189 and $378 for a software lease (Mungo and Glough,
1992). Forensic investigation of targeted computers showed that sections of the hard disk
were deliberately scrambledorencrypted (Wilding, 1990). This attack could be considered
an early form of digital social engineering or scareware[1],where social engineering is used
to cause anxiety or perception of threatto manipulate users into buying unwanted software.
Early ransomware developers wrote their own rudimentary, unsophisticated encryption
code, and typically encrypted .doc, .xls, .jpg, .zip and .pdf les, but todays attackers
increasingly rely on off-the-shelf cryptography libraries that are much more sophisticated
and much more difcult to crack. These libraries, tools and applications can be easily
accessed and purchasedfrom numerous dark marketplaces.
Since these early cases of ransomware attack, ransomware has become a prominent
threat to organisationsand individuals. Ransomware was becoming such a prominent cyber
threat in 2015 that Trend Micro predicted that 2016would be the year of online extortion
Cyber money

To continue reading