A target-centric intelligence approach to WannaCry 2.0-Reference-Cited by-同舟云学术

A target-centric intelligence approach to WannaCry 2.0

Published:2019-10-07 Issue:4 Volume:22 Page:646-665
ISSN:1368-5201
Container-title:Journal of Money Laundering Control
language:en
Short-container-title:JMLC

Author:

Turner Adam B.,McCombie Stephen,Uhlmann Allon J.

Abstract

Purpose This paper aims to demonstrate the utility of a target-centric approach to intelligence collection and analysis in the prevention and investigation of ransomware attacks that involve cryptocurrencies. The paper uses the May 2017 WannaCry ransomware usage of the Bitcoin ecosystem as a case study. The approach proves particularly beneficial in facilitating information sharing and an integrated analysis across intelligence domains. Design/methodology/approach This study conducted data collection and analysis of the component Bitcoin elements of the WannaCry ransomware attack. A note of both technicalities of Bitcoin operations and current models for sharing cyber intelligence was made. Our analysis builds on and further develops current definitions and strategies for sharing cyber threat intelligence. It uses the problem definition model (PDM) and generic target network model (TNM) to create an analytic framework for the WannaCry ransomware attack scenario, allowing analysts the ability to test their hypotheses and integrate and share data for collaborative investigation. Findings Using a target-centric intelligence approach to WannaCry 2.0 shows that it is possible to model the intelligence problem of collecting and analysing data related to inflows and outflows of Bitcoin-related ransomware transactions. Bitcoin transactions form graph networks and allow to build a target network model for collecting, analysing and sharing intelligence with multiple stakeholders. Although attribution and anonymity prevail under cryptocurrency usage, there is a means for developing transaction walks using this method to target nefarious cryptocurrency exchanges where criminals are inclined to cash out their proceeds of crime. Originality/value The application of a target-centric intelligence approach to the cryptocurrency components of a ransomware attack provides a framework for intelligence units to break down the problem in the financial domain and model the network behaviour of illicit Bitcoin transactions relating to ransomware.

Publisher

Emerald

Subject

Law,General Economics, Econometrics and Finance,Public Administration

Reference63 articles.

1. Ransomware 7 and cryptocurrency;Cybercrime through an Interdisciplinary Lens,2016

2. Albert, E. (2018), “What to know about the sanctions on North Korea”, Council on Foreign Relations. Last updated January 3, available at: www.cfr.org/backgrounder/what-know-about-sanctions-north-korea (accessed 15 November 2018).

3. Visualizing bitcoin flows of ransomware: WannaCry one week later,2018

Cited by 12 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Disaster Preparation and Effects on Inpatient Psychiatric Care;Issues in Clinical Child Psychology;2024

2. Research on Intelligent Vulnerability Identification Method for Power Information System;2023 IEEE 11th Joint International Information Technology and Artificial Intelligence Conference (ITAIC);2023-12-08

3. Assessing nation‐state‐sponsored cyberattacks using aspects of Situational Crime Prevention;Criminology & Public Policy;2023-10-04

4. A comprehensive forensic preservation methodology for crypto wallets;Forensic Science International: Digital Investigation;2022-10

5. Accountable Monero System with Privacy Protection;Security and Communication Networks;2022-04-23