"Crime Time" | Rethinking Ransomware and How to Disrupt It
SANS Ransomware Summit 2022
Speakers:
Diana Selck-Paulsson, Lead Security Researcher, Orange Cyberdefense Charl van der Walt, Global Head of Security Research, Orange Cyberdefense
It seems to us that we're losing ground against the ransomware problem, and so fresh and diverse perspectives are needed. In this presentation we step away from purely technical perspectives to explore how the discipline of criminology can help us understand the current ransomware threat as what it really is, a crime, and through this lens develop fresh ideas on how we can disrupt the ongoing threat. We employ a classical criminological framework called "Routine Activity Theory" (yes: RAT) that has been successfully applied to online crimes in the past. The framework describes three pillars (motivated offender, suitable target & the absence of a capable guardian) that increase the likelihood for a crime to take place. To make this examination "real," we have collected ransomware leak site data from the dark web and have identified, classified, and documented over 4,200 victims posted on these sites between January 2020 and February 2022. Combined with the over 200,000 messages disclosed through ContiLeaks, and over 200 unique contextual data points collected from negotiation chats, press releases and ransomware leak sites within a period of 12 months, we have a rich set of powerful data through which the formal theory can be refined and tested. By applying the Routine Activity Theory framework, we argue that if only one of the three pillars is disrupted, the likelihood for a crime to occur decreases significantly. With this knowledge, we then look at each pillar, developing strategies to disrupt one or several crime components to disrupt ransomware as a whole. We also propose the term "cyber extortion" be used instead of "ransomware" to cater for the development and nuances of the crime, and to help us avoid the trap of seeing it through a purely technical filter.
View upcoming Summits: http://www.sans.org/u/DuS
Download the presentation slides (SANS account required) at https://www.sans.org/u/1iaE