Skip to main content
Kent Academic Repository

The Social and Technological Incentives for Cybercriminals to Engage in Ransomware Activities

Wang, Yichao, Roscoe, Sophia, Arief, Budi, Connolly, Lena, Borrion, Hervé, Kaddoura, Sanaa (2023) The Social and Technological Incentives for Cybercriminals to Engage in Ransomware Activities. In: 9th International Symposium on Security and Privacy in Social Networks and Big Data (SocialSec 2023). Lecture Notes in Computer Science (LNCS) . pp. 149-163. Springer Singapore ISBN 978-981-9951-76-5. E-ISBN 978-981-9951-77-2. (doi:10.1007/978-981-99-5177-2_9) (KAR id:102144)

Abstract

Ransomware attacks and the use of the dark web forums are two serious contemporary cyber-problems. These two areas have been investigated separately in the past, but there is currently a gap in our understanding with regard to the interactions between them – i.e., dark web forums that can potentially lead to ransomware activities. The rise of Ransomware-as-a-Service (RaaS) exacerbates these problems even further. The aim of this paper is therefore to investigate the social and technological discourse within the dark web forums that may foster or initiate some of the users’ pathway towards ransomware-related criminal activities. To this aim, we carried out data collection (crawling) of pertinent posts from the “Dread” dark web forum, based on sixteen keywords commonly associated with ransomware. Our data collection and manual screening processes resulted in the identification of 1,279 posts related to ransomware, with the posting dates between 25 March 2018 and 30 September 2022. Our dataset confirms that ransomware-related posts exist on the Dread dark web forum. We found that these posts can generally be grouped into eight categories: Hacker, Potential Hacker, RaaS Provider, Education, Information, News, Debate and Other. Furthermore, the contents of these posts shed some light on the social and technological incentives that may encourage some actors to get involved in ransomware crimes. In conclusion, such posts pose a threat to cyber security, because they might provide a pathway for wannabe ransomware operators to get in on the act. The findings from our research can serve as a starting point for devising practical countermeasures, for instance by considering how such posts should be handled in the future, or how some follow-up intervention actions can be prepared in anticipation of certain actors getting involved in ransomware as a result of reading posts in such forums.

Item Type: Conference or workshop item (Proceeding)
DOI/Identification number: 10.1007/978-981-99-5177-2_9
Uncontrolled keywords: Ransomware, dark web, dark web forum, social interaction, data collection and analysis, crawler
Subjects: Q Science > QA Mathematics (inc Computing science)
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
University-wide institutes > Institute of Cyber Security for Society
Depositing User: Budi Arief
Date Deposited: 19 Jul 2023 08:17 UTC
Last Modified: 21 Sep 2023 14:28 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/102144 (The current URI for this page, for reference purposes)

University of Kent Author Information

  • Depositors only (login required):

Total unique views for this document in KAR since July 2020. For more details click on the image.