在暗网上操作的加密货币驱动的勒索软件集团：对阿拉伯世界的集中检查

IF 5 3区计算机科学 Q1 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

Egyptian Informatics Journal Pub Date : 2025-03-24 DOI:10.1016/j.eij.2025.100665

Kyounggon Kim, Seokhee Lee, Sundaresan Ramachandran, Ibrahim Alzahrani

{"title":"在暗网上操作的加密货币驱动的勒索软件集团：对阿拉伯世界的集中检查","authors":"Kyounggon Kim, Seokhee Lee, Sundaresan Ramachandran, Ibrahim Alzahrani","doi":"10.1016/j.eij.2025.100665","DOIUrl":null,"url":null,"abstract":"<div><div>Cybercriminals are employing sophisticated techniques to illegally obtain money from victims, with ransomware, that is the most notorious malware utilized for financial gain. This paper focuses on the Arab world, a prime target region for ransomware gangs. Due to rapid economic growth and digitalization in this region, cybercriminals are increasingly targeting it. However, there is a lack of research on ransomware crime syndication in the Arab region. Data on claimed ransomware victims from 2020 to 2023 was collected from the darknet. Analysis of ransomware gangs in this area revealed significant findings. Based on three years of data collection and analysis, 20 ransomware gangs primarily operating in the Arab region were identified in 2023. Three major ransomware gangs-LockBit, ALPHV/BlackCat, and CL0P-are predominantly targeting the Arab world, with the United Arab Emirates and Saudi Arabia being major targets, along with the manufacturing industry. In addition to identifying the ransomware gangs, the tactics, techniques, and procedures (TTP) used by them were also identified. There was 17 TTPs used by ransomware gangs. This study has also developed a platform to track ransomware gangs and cryptocurrency transactions. Bitcoin’s anonymity and popularity made it the most preferred cryptocurrency by ransomware gangs. This research lays the groundwork for further studies to understand the exact trends and data related to ransomware in the Arab world.</div></div>","PeriodicalId":56010,"journal":{"name":"Egyptian Informatics Journal","volume":"30 ","pages":"Article 100665"},"PeriodicalIF":5.0000,"publicationDate":"2025-03-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Cryptocurrency-driven ransomware syndicates operating on the darknet: A focused examination of the Arab world\",\"authors\":\"Kyounggon Kim, Seokhee Lee, Sundaresan Ramachandran, Ibrahim Alzahrani\",\"doi\":\"10.1016/j.eij.2025.100665\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Cybercriminals are employing sophisticated techniques to illegally obtain money from victims, with ransomware, that is the most notorious malware utilized for financial gain. This paper focuses on the Arab world, a prime target region for ransomware gangs. Due to rapid economic growth and digitalization in this region, cybercriminals are increasingly targeting it. However, there is a lack of research on ransomware crime syndication in the Arab region. Data on claimed ransomware victims from 2020 to 2023 was collected from the darknet. Analysis of ransomware gangs in this area revealed significant findings. Based on three years of data collection and analysis, 20 ransomware gangs primarily operating in the Arab region were identified in 2023. Three major ransomware gangs-LockBit, ALPHV/BlackCat, and CL0P-are predominantly targeting the Arab world, with the United Arab Emirates and Saudi Arabia being major targets, along with the manufacturing industry. In addition to identifying the ransomware gangs, the tactics, techniques, and procedures (TTP) used by them were also identified. There was 17 TTPs used by ransomware gangs. This study has also developed a platform to track ransomware gangs and cryptocurrency transactions. Bitcoin’s anonymity and popularity made it the most preferred cryptocurrency by ransomware gangs. This research lays the groundwork for further studies to understand the exact trends and data related to ransomware in the Arab world.</div></div>\",\"PeriodicalId\":56010,\"journal\":{\"name\":\"Egyptian Informatics Journal\",\"volume\":\"30 \",\"pages\":\"Article 100665\"},\"PeriodicalIF\":5.0000,\"publicationDate\":\"2025-03-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Egyptian Informatics Journal\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S1110866525000581\",\"RegionNum\":3,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Egyptian Informatics Journal","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1110866525000581","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

摘要

网络犯罪分子使用复杂的技术从受害者那里非法获取钱财，勒索软件是最臭名昭著的恶意软件，用于获取经济利益。本文关注的是阿拉伯世界，这是勒索软件团伙的主要目标地区。由于该地区经济的快速增长和数字化，网络犯罪分子越来越多地瞄准该地区。然而，对阿拉伯地区勒索软件犯罪集团的研究缺乏。从2020年到2023年，勒索软件受害者的数据是从暗网收集的。对该地区勒索软件团伙的分析揭示了重要的发现。根据三年的数据收集和分析，2023年确定了主要在阿拉伯地区活动的20个勒索软件团伙。三大勒索软件团伙——lockbit、ALPHV/BlackCat和cl0——主要针对阿拉伯世界，其中阿拉伯联合酋长国和沙特阿拉伯是主要目标，此外还有制造业。除了确定勒索软件团伙外，还确定了他们使用的战术、技术和程序（TTP）。勒索软件团伙使用了17个ttp。这项研究还开发了一个平台来跟踪勒索软件团伙和加密货币交易。比特币的匿名性和受欢迎程度使其成为勒索软件团伙最喜欢的加密货币。这项研究为进一步研究了解阿拉伯世界勒索软件的确切趋势和数据奠定了基础。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Cryptocurrency-driven ransomware syndicates operating on the darknet: A focused examination of the Arab world

Cybercriminals are employing sophisticated techniques to illegally obtain money from victims, with ransomware, that is the most notorious malware utilized for financial gain. This paper focuses on the Arab world, a prime target region for ransomware gangs. Due to rapid economic growth and digitalization in this region, cybercriminals are increasingly targeting it. However, there is a lack of research on ransomware crime syndication in the Arab region. Data on claimed ransomware victims from 2020 to 2023 was collected from the darknet. Analysis of ransomware gangs in this area revealed significant findings. Based on three years of data collection and analysis, 20 ransomware gangs primarily operating in the Arab region were identified in 2023. Three major ransomware gangs-LockBit, ALPHV/BlackCat, and CL0P-are predominantly targeting the Arab world, with the United Arab Emirates and Saudi Arabia being major targets, along with the manufacturing industry. In addition to identifying the ransomware gangs, the tactics, techniques, and procedures (TTP) used by them were also identified. There was 17 TTPs used by ransomware gangs. This study has also developed a platform to track ransomware gangs and cryptocurrency transactions. Bitcoin’s anonymity and popularity made it the most preferred cryptocurrency by ransomware gangs. This research lays the groundwork for further studies to understand the exact trends and data related to ransomware in the Arab world.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Egyptian Informatics Journal Decision Sciences-Management Science and Operations Research

CiteScore

11.10

自引率

1.90%

发文量

审稿时长

110 days

期刊介绍： The Egyptian Informatics Journal is published by the Faculty of Computers and Artificial Intelligence, Cairo University. This Journal provides a forum for the state-of-the-art research and development in the fields of computing, including computer sciences, information technologies, information systems, operations research and decision support. Innovative and not-previously-published work in subjects covered by the Journal is encouraged to be submitted, whether from academic, research or commercial sources.