{"id":9052,"date":"2021-09-16T09:55:02","date_gmt":"2021-09-16T13:55:02","guid":{"rendered":"https:\/\/cointelegraph.com\/magazine\/?p=9052"},"modified":"2021-09-16T09:55:02","modified_gmt":"2021-09-16T13:55:02","slug":"bitcoin-ledger-as-a-secret-weapon-in-war-against-ransomware","status":"publish","type":"post","link":"https:\/\/cointelegraph.com\/magazine\/2021\/09\/16\/bitcoin-ledger-as-a-secret-weapon-in-war-against-ransomware","title":{"rendered":"Bitcoin ledger as a secret weapon in war against ransomware"},"content":{"rendered":"

Ransomware, malicious software that encrypts computers and keeps them \u201clocked\u201d until a ransom is paid, is the world\u2019s fastest-growing cyber threat, according to Coinfirm.<\/strong> Recent attacks on critical national infrastructure, like the Colonial Pipeline incursion that crippled oil and gas deliveries for a week along the U.S. East Coast, have set off alarms. Ransom payments are almost always made in Bitcoin or other cryptocurrencies.\u00a0<\/span><\/p>\n

But while many were shaken by May\u2019s Colonial Pipeline attack \u2014 the Biden administration issued new pipeline regulations in its aftermath \u2014 relatively few are aware of that drama\u2019s final act: Using blockchain analysis, the FBI was was able to <\/span>follow<\/span><\/a> the ransom payments fund flow and recover about 85% of the Bitcoin paid to ransomware group DarkSide.\u00a0<\/span><\/p>\n

In fact, blockchain analysis, which can be further enhanced with machine learning algorithms, is a promising new technique in the battle against ransomware. It takes some of crypto\u2019s core attributes \u2014 e.g., decentralization and transparency \u2014\u00a0 and uses those properties <\/span>against<\/span><\/i> malware miscreants.\u00a0<\/span><\/p>\n

While crypto\u2019s detractors tend to emphasize its pseudonymity \u2014 and attractiveness to criminal elements for that reason \u2014 they tend to overlook the relative visibility of BTC transactions. The Bitcoin ledger is updated and distributed to tens of thousands of computers globally in real time each day, and its transactions are there for all to see. By analyzing flows, forensic specialists can often <\/span>identify<\/span><\/a> suspicious activity. This could prove to be the Achilles\u2019 heel of the ransomware racket.<\/span><\/p>\n

An underused means<\/span><\/h4>\n

\u201cThe blockchain ledger on which Bitcoin transactions are recorded is an underutilized forensic tool that can be used by law enforcement agencies and others to identify and disrupt illicit activities,\u201d<\/span> Michael Morrell, former acting director of the U.S. Central Intelligence Agency, declared in a recent blog, adding:<\/span><\/p>\n

\u201cPut simply, blockchain analysis is a highly effective crime fighting and intelligence gathering tool.[…] One expert on the cryptocurrency ecosystem called blockchain technology a \u2018boon for surveillance.\u2019\u201d\u00a0<\/span><\/p><\/blockquote>\n

Along these lines, three Columbia University researchers recently <\/span>published<\/span><\/a> a paper, \u201cIdentifying Ransomware Actors in the Bitcoin Network,\u201d describing how they were able to use graph machine learning algorithms and blockchain analysis to identify ransomware attackers with \u201c85% prediction accuracy on the test data set.\u201d<\/span><\/p>\n

Those on the frontlines of the ransomware struggle see promise in blockchain analysis. \u201cWhile it may at first seem like cryptocurrency enables ransomware, cryptocurrency is actually instrumental in fighting it,\u201d Gurvais Grigg, global public sector chief technology officer at Chainalysis, tells Magazine, adding:<\/span><\/p>\n

\u201cWith the right tools, law enforcement can follow the money on the blockchain to better understand and disrupt the organization\u2019s operations and supply chain. This is a proven successful approach as we saw in January\u2019s \u2018takedown\u2019 of the NetWalker ransomware strain.\u201d<\/span><\/p><\/blockquote>\n

Whether blockchain analysis alone is enough to thwart ransomware incursions or whether it needs to be joined with other tactics, like bringing political\/economic pressure to bear on foreign countries that tolerate ransomware groups, is another question.<\/span><\/p>\n

Unmasking criminals?<\/span><\/h4>\n

Clifford Neuman, associate professor of computer science practice at the University of Southern California, believes that blockchain analysis is an underutilized forensic tool. \u201cMany people, including criminals, assume Bitcoin is anonymous. In fact, it is far from being so in that the flow of funds is more visible on the \u2018public\u2019 blockchain than it is in almost any other kinds of transactions.\u201d He adds: \u201cThe trick is to tie the endpoints to individuals, and blockchain analysis tools can sometimes be used to do this linking.\u201d<\/span><\/p>\n

A valid means for unmasking ransomware attackers? \u201cYes, absolutely,\u201d Dave Jevans, CEO of crypto intelligence firm CipherTrace, tells Magazine. \u201cUsing effective blockchain analytics, cryptocurrency intelligence software\u201d \u2014 the sort his firm produces \u2014 \u201cto track where ransomware actors are moving their funds can lead investigators to their true identities as they attempt to off-ramp their crypto to fiat.\u201d\u00a0<\/span><\/p>\n

 <\/p>\n

 <\/p>\n

\n
\n
\n\t\t\t\t
\n \n
\n
\"Fan<\/div><\/a>\n <\/div>\n
\n
\n

Fan tokens: Day trading your favorite sports team<\/a><\/h3>\n
<\/i> October 7, 2021<\/a><\/div><\/div>\n <\/div>\n <\/div>\n\t\t\t\t<\/article>\n\t\t\t\t<\/div>
\n\t\t\t\t
\n \n
\n
\"Icelandic<\/div><\/a>\n <\/div>\n
\n
\n

What it\u2019s like when the banks collapse: Iceland 2008 firsthand<\/a><\/h3>\n
<\/i> October 5, 2021<\/a><\/div><\/div>\n <\/div>\n <\/div>\n\t\t\t\t<\/article>\n\t\t\t\t<\/div>
\n\t\t\t\t
\n \n
\n
\"Crypto<\/div><\/a>\n <\/div>\n
\n
\n

Crypto City: Guide to Tokyo<\/a><\/h3>\n
<\/i> October 1, 2021<\/a><\/div><\/div>\n <\/div>\n <\/div>\n\t\t\t\t<\/article>\n\t\t\t\t<\/div>
\n\t\t\t\t
\n \n
\n
\"Before<\/div><\/a>\n <\/div>\n
\n
\n

Before NFTs: Surging interest in pre-CryptoPunk collectibles<\/a><\/h3>\n
<\/i> September 27, 2021<\/a><\/div><\/div>\n <\/div>\n <\/div>\n\t\t\t\t<\/article>\n\t\t\t\t<\/div>
\n\t\t\t\t
\n \n
\n
\"Bitcoin<\/div><\/a>\n <\/div>\n
\n
\n

Bitcoin ledger as a secret weapon in war against ransomware<\/a><\/h3>\n
<\/i> September 16, 2021<\/a><\/div><\/div>\n <\/div>\n <\/div>\n\t\t\t\t<\/article>\n\t\t\t\t<\/div>\n <\/div>\n <\/div><\/span><\/p>\n

 <\/p>\n

 <\/p>\n

David Carlisle, director of policy and regulatory affairs at analytics firm Elliptic, tells Magazine: \u201cBlockchain analysis is already a proven valuable technique for enabling law enforcement to disrupt the activities of these networks, as the Colonial Pipeline case made clear.\u201d<\/span><\/p>\n

Within days of the May 8 ransom payment by Colonial Pipeline, Elliptic was able to identify the Bitcoin wallet that received the payment. Further, \u201cIt [the wallet] had received Bitcoin payments since March totaling $17.5 million,\u201d <\/span>recounts<\/span><\/a> law firm Kelley Drye & Warren LLP. Elliptic was helped by the fact that the malefactors had used no \u201cmixers\u201d to further obscure their trail. Carlisle adds:\u00a0<\/span><\/p>\n

\u201cThe underlying transparency of Bitcoin and other crypto assets means that law enforcement can often glean a level of insight into money laundering activity that would not be possible with fiat currencies.\u201d<\/span><\/p><\/blockquote>\n

A boost from machine learning?<\/span><\/h4>\n

Machine learning (ML) is one of those emerging technologies, like blockchain, for which novel use cases seem to be discovered weekly. Can ML assist too in the war against ransomware?<\/span><\/p>\n

\u201cAbsolutely,\u201d Allan Liska, a senior intelligence analyst at Recorded Future, tells Magazine, adding further: \u201cGiven the large number of malicious transactions occurring at any given time and the increasing sophistication of some ransomware groups, money laundering capabilities <\/span>manual<\/span><\/i> analysis has become <\/span>less <\/span><\/i>effective \u2014 and machine learning is required to effectively track tell-tale signs of malicious transactions.\u201d<\/span><\/p>\n

\u201cMachine Learning is very promising in fighting crimes,\u201d Roman Bieda, head of fraud investigations at Coinfirm, informs Magazine, but it requires a huge amount of data to be effective. It is relatively easy to acquire Bitcoin addresses, which are available in the millions, but a dataset upon which a learning model can be trained and tested also requires a certain number of \u201cfraudulent\u201d Bitcoin addresses \u2014 i.e., confirmed ransomware actors. \u201cOtherwise, the model will either mark a lot of false positives or will omit the fraudulent data as a minor percentage,\u201d says Bieda.<\/span><\/p>\n

Say you want to build a model that will pull out photos of dogs from a trove of cat photos, but you have a training dataset with 1,000 cat photos and only one dog photo. An ML model \u201cwould <\/span>learn<\/span><\/i> that it is okay to treat all photos as cat photos as the error margin is [only] 0.001,\u201d notes Bieda. In other words., the algorithm would just guess \u201ccat\u201d all the time, which would render the model useless, of course, even as it scored high in overall accuracy.\u00a0\u00a0<\/span><\/p>\n

 <\/p>\n

 <\/p>\n