Following the cyber money trail. Global challenges when investigating ransomware attacks and how regulation can help
| Date | 07 January 2019 |
| Published date | 07 January 2019 |
| DOI | https://doi.org/10.1108/JMLC-08-2017-0041 |
| Pages | 110-131 |
| Author | Angela S.M. Irwin,Caitlin Dawson |
| Subject Matter | Accounting & Finance,Financial risk/company failure,Financial compliance/regulation,Financial crime |
Following the cyber money trail
Global challenges when investigating
ransomware attacks and how
regulation can help
Angela S.M. Irwin and Caitlin Dawson
Macquarie University, Sydney, Australia
Abstract
Purpose –The purpose of this paper is to show how global regulation of cryptocurrencies and other
cybercurrenciescan assist in addressing the challenges of attributionwhen investigating ransomware attacks
and other typesof cybercrime using these payment methods.
Design/methodology/approach –A literature review, looking at current academic research and
discourse on the topic cryptocurrency regulation, is conducted to highlight current thinking and perceived
difficulties in implantinga global regulatory framework.In addition, the research explores how governments
have addressed the risks posedby cryptocurrenciesand how regulation has been implemented. The research
focuses on the regulatoryapproaches of Australia, Europe and the Americasto determine whether they could
feasiblyaddress the risks posed by cryptocurrencies and be implementedon a global scale.
Findings –To date, few sustained efforts have been made to regulate Bitcoin or other cybercurrencies. Where
regulation has been introduced, it has often proven too costly to implement, thereby, stifling Bitcoin industry
growth, or too ad hoc to function effectively. These regulatory pitfalls are substantiated by the continuing
difficulty faced by law enforcement agencies, in identifyingindividual Bitcoin users and separating those that are
using them for nefarious purposes from those that are using them for legitimate ones. These challengesappear to
grow exponentially when it comes to prosecuting criminals for Bitcoin-related offences, due to the enormous lack
of agreement within the justice system of most countries as to the appropriate legal definition for Bitcoin. This
research highlights three characteristics that will be vital to the success of any global regulatory framework.
These are consistency, clarity and cost-effective implementation. A regulatory framework for Bitcoin that lacks
any one of these elements will fail to meet the requirements of every stakeholder in the regulatory process. A
framework that is too costly to implement will stiflefintech innovation, subsequently depriving national
economies of the multitude of potential benefits promised by fostering fintech entrepreneurship. Equally, a
framework that is inconsistent will hamper the global cooperation necessary to combat Bitcoin-related crime.
Originality/value –This research evaluates research,discourse and regulatory responses from academic
and governmental sources and discusses how a global response to cryptocurrency regulation will help
address the growing problem of attributionwhen it comes to ransomware attacks, which has experienced a
considerablespike in recent months.
Keywords Financial crime, Attribution, Cryptocurrency, Ransomware, Bitcoin regulation
Paper type Research paper
1. Introduction
Cybercurrencies have been linked to illicit cyber activity for some time (Ablon et al., 2014;
Martin, 2014;Pflaum and Hateley,2014;Irwin and Milad, 2016). They have become common
bartering tools for illicit goods and services on dark marketplaces such as Silk Road 3,
Alphabay and Valhalla. Theseplatforms allow consumers to purchase items such as drugs,
weapons, Cybercrime-as-a-Service, hacking tools, malware, stolen credit card details and
compromised usernames and password combinations using Bitcoins. As we have seen
recently, cryptocurrencies, such as Bitcoin and Ethereum, are also involved in the
JMLC
22,1
110
Journalof Money Laundering
Control
Vol.22 No. 1, 2019
pp. 110-131
© Emerald Publishing Limited
1368-5201
DOI 10.1108/JMLC-08-2017-0041
The current issue and full text archive of this journal is available on Emerald Insight at:
www.emeraldinsight.com/1368-5201.htm
facilitation of ransomwareattacks, where users are prevented from using their systemsuntil
a ransom is paid.
This paper looks at the challenges in following the money trail when investigating
ransomware attacks and how consistent,global regulation can go some way in helping law
enforcement agencies to identify those who use these currencies to facilitate ransomware
attacks and for other illicit purposes.The paper is structured as follows: Section 2 provides a
background on ransomware and looks at recent prominent ransomware attacks. Section 3
provides a literature review and current discourseon the topic of cryptocurrency regulation.
Section 4 explores the responses to Bitcoin regulation around the world, focussing on
regulatory approaches in Australia, Europe and the Americas. Section 5 looks at the
challenges posed by Bitcoin, and other cryptocurrencies, which make it extremely difficult
to ascertain the identity of offenders and to reduce the frequency of these types of attack.
Section 6 looks at how regulation may help with attribution and assist law enforcement
agencies more effectivelydeal with crimes facilitated by Bitcoin. Finally,Section 7 concludes
the paper.
2. Background
Ransomware is a type of malware that prevents users from accessing their system by
locking the system’s screen, locking the users’files or using cryptographic techniques to
encrypt affected systems. Victims are forced to pay a ransom to obtain the decryption key
and regain access to the files on their device or system. Ransomware can unwittingly be
downloaded onto a system by a user visiting a malicious or compromisedwebsite, it can be
delivered as an attachment on spam or in a phishing email or it can arrive as a payload,
either dropped ontothe system or downloaded by another malware.
Often reported to be the first ransomware attack, a ransomware variant called
TROJ_CRYZIP.A was detected in Russia between 2005 and 2006. TROJ_CRYZIP.A zipped
certain filetypes before overwriting the original files, leaving only the password-protected
zip files in the user’s system (Trend Micro, 2006). A text file was also created that acted as
the ransomware note informing the user that their files could be retrieved in exchange for
US$300. The first known case of ransomware attack, in fact, occurred nearly 30 years ago,
when, in 1989, the AIDS Trojan was initiated by AIDS researcher, Joseph Popp. Popp
distributed twenty thousand floppy disks to AIDS researchers in 90 countries (Mungo and
Glough, 1992) claimingthat, by completing a questionnaire contained on the disk, a program
on the disk could analyse an individual’s risk of contracting AIDS. However, the disk
contained a malware program that sat dormant on the recipient’s computer until the
computer had been powered on 90 times. After this threshold was reached, a message was
displayed demanding payment of $189 and $378 for a software lease (Mungo and Glough,
1992). Forensic investigation of targeted computers showed that sections of the hard disk
were deliberately “scrambled”orencrypted (Wilding, 1990). This attack could be considered
an early form of digital social engineering or scareware[1],where social engineering is used
to cause anxiety or perception of threatto manipulate users into buying unwanted software.
Early ransomware developers wrote their own rudimentary, unsophisticated encryption
code, and typically encrypted .doc, .xls, .jpg, .zip and .pdf files, but today’s attackers
increasingly rely on off-the-shelf cryptography libraries that are much more sophisticated
and much more difficult to crack. These libraries, tools and applications can be easily
accessed and purchasedfrom numerous dark marketplaces.
Since these early cases of ransomware attack, ransomware has become a prominent
threat to organisationsand individuals. Ransomware was becoming such a prominent cyber
threat in 2015 that Trend Micro predicted that 2016would be the “year of online extortion”
Cyber money
trail
111
To continue reading
Request your trial