What To Do Against Ransomware? Evaluating Law Enforcement Interventions

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

135 Downloads (Pure)

Abstract

Ransomware poses an increasing challenge to society, yet there is a notable gap in research on the effectiveness of law enforcement interventions. A key insight from our study is that the presence of victims' details on leak pages following double extortion ransomware attacks offers a unique opportunity to evaluate these interventions. Analyzing a dataset containing victims published by ransomware groups, we assess the impact of five specific types of interventions: arresting group members, taking down leak page server infrastructure, freezing crypto assets, releasing decryptors, and imposing sanctions.

From a collected list of interventions, we categorize ransomware groups' responses into three actions: ceasing operations, continuing operations, or rebranding under a new name. Initial results show that nearly half of the interventions led to ransomware groups ceasing operations. Additionally, our findings suggest minimal crime displacement, with fewer victims attacked post-intervention if the groups continued their activities. Observed rebranding among these groups is also limited.

We discuss the implications and limitations of our research and conclude with two recommendations for law enforcement: prioritize frequent small interventions over a single large intervention and diversify the set of interventions to better counter the adaptive nature of ransomware groups.
Original languageEnglish
Title of host publicationSymposium on Electronic Crime Research
Publication statusAccepted/In press - 2025
EventSymposium on Electronic Crime Research, eCrime 2024 - Boston, United States
Duration: 24 Sept 202426 Sept 2024

Publication series

NameeCrime Researchers Summit, eCrime
PublisherIEEE
ISSN (Print)2159-1237

Conference

ConferenceSymposium on Electronic Crime Research, eCrime 2024
Abbreviated titleeCrime 2024
Country/TerritoryUnited States
CityBoston
Period24/09/2426/09/24

Fingerprint

Dive into the research topics of 'What To Do Against Ransomware? Evaluating Law Enforcement Interventions'. Together they form a unique fingerprint.

Cite this