Elsevier

Future Generation Computer Systems

Volume 112, November 2020, Pages 589-603
Future Generation Computer Systems

Blockchain-based semi-autonomous ransomware

https://doi.org/10.1016/j.future.2020.02.037Get rights and content

Highlights

  • We present the first blockchain-based ransomware scheme.

  • The use of smart contracts enables new capabilities for ransomware.

  • We demonstrate that this idea is both economically and technically feasible.

  • There are no simple or realistic countermeasures.

Abstract

Blockchain’s benefits and advantages have been extensively studied in literature, but far fewer works can be found on the dishonest uses of them. In this paper, we present the first blockchain-based ransomware schemes, which use smart contracts and simple cryptographic primitives to provide a limited degree of automation and fair exchange. Specifically, the use of smart contracts would enable new capabilities for ransomware, such as the possibility of paying for individual files or the refund of the ransom to the victim if the decryption keys are not received within a specified period of time. To demonstrate their feasibility, both technically and economically, these proposals have been implemented in the Ethereum Ropsten test network. The results show that running a full ransomware campaign similar to WannaCry, with more than 300,000 affected users, would have an additional cost of only 3 cents of a dollar per victim. Finally, we show that there are no feasible countermeasures if these schemes are implemented in public blockchains. Therefore, we firmly believe that it is increasingly urgent to recognize and study this matter, in order to create new policies and technical countermeasures.

Introduction

The blockchain concept, first introduced as an auxiliary technology for Bitcoin in 2009 [1], has experienced a spectacular growth in the last years, with potential uses in almost every area of society [2]. However, every technology can be also used in an evil or criminal way and, blockchain is not an exception. This is compounded by the fact that new platforms, such as Ethereum [3], provide a much richer functionality than Bitcoin, through the support of smart contracts, based in very powerful scripting languages.

These functionalities may enable a plethora of new possibilities for cybercriminals. Juels et al. [4] introduces the concept of criminal smart contracts (CSCs), and warns about their potential to leak confidential information, key theft, or even the facilitation of real-world crimes, such as murder or terrorism.

In this paper, we present and analyze a new possibility: the implementation of a semi-autonomous ransomware infrastructure coded as a smart contract. The benefits of this approach for the criminals would be numerous, specially those regarding reliability, with a platform virtually immune to authorities and shutdown.

In addition, the use of smart contracts would provide to ransomware new ways to interact with victims. For example, victims could pay by the decryption of individual files, with dynamic prices marked by attackers, depending on the type of file or other factors. The victims could also have more guarantees about the ability of the attacker to decrypt their files through a proof-of-life mechanism, in which the victim could chose a small subset of files to be decrypted for free. We believe that all these possibilities would increase the willingness of the victim to pay the ransom and, in turn, finally benefit the attackers.

In order to study the real viability of these ideas, we have implemented a proof-of-concept in the Ethereum platform, including the different possibilities which we foresee could be used by attackers. To keep them as simple as possible, and minimize their associated execution and storage costs, these schemes use only symmetric cryptographic primitives, basic arithmetic operations and data storage in arrays.

Therefore, the key questions we explore in this work are: could a smart contract-based ransomware be fully implemented in a public blockchain? How practical this would be? Which would be the associated costs? And, as a result of the answers to these questions, should this idea be considered a potential threat to blockchain’s future?

Our specific contributions in this work are:

  • We present the first architecture of ransomware based in the use of a public blockchains and smart contracts. In order to minimize its execution costs, the design is kept as simple as possible, and based only in symmetric cryptographic primitives.

  • We demonstrate its feasibility by implementing a simple but functional proof-of-concept in Ethereum, and analyzing its execution costs.

  • We introduce new ransomware payment paradigms, enabled by the use of smart contracts, as pay-per-decrypt or proof-of-life, which provide limited fair-exchange capabilities.

  • We discuss some possible mitigation countermeasures.

The rest of the paper is organized as follows. Section 2 provides a brief introduction to blockchain and ransomware technologies, including some figures about its current prevalence in cyberthreats. Section 3 introduces the concept of blockchain-based ransomware, and its general working principles and characteristics. Section 4 presents three novel protocols, pay-and-pray, pay-per-decrypt and proof-of-life, along with their main characteristics and an analysis of their associated storage and execution costs in Section 5. A discussion about mitigation and countermeasures can be found in Section 6. Finally, the conclusions are presented in Section 7.

Section snippets

Blockchain basics

Despite its enormous potential, the blockchain concept has a modest and recent origin. As defined today, it was firstly described as an auxiliary technology of Bitcoin in 2009 [1], [5], where it is used as a secure mechanism to store economic transactions between participants. Its recent explosion in popularity is due to the possibility of also securely storing any kind of digital data, guaranteeing its integrity.

This automatically enables many new possible uses for the technology:

Exchange fairness and ransomware automation

As stated before, one of the biggest concerns for ransomware victims is the lack of guarantees that, even if ransom is paid, they actually receive the decryption keys. Indeed, this situation has already happened on numerous occasions in the past, and may be due to multiple factors, such as scalability problems (impossibility of manually attending to hundreds of thousands of victims, as in the WannaCry incident), infrastructure shutdown by authorities or, simply, a fake ransomware campaign,

Semi-autonomous blockchain-based ransomware

In this section we present several novel protocols for implementing blockchain-based ransomware schemes. We foresee their use in the wild soon, due to the advantages they provide to cybercriminals over the traditional schemes.

Essentially, these schemes would use smart contracts as a payment escrow service: the smart contract acts as a judge who withholds payment from the victim’s ransom until the attacker reveals a correct decryption key. If a certain amount of time elapses and the attacker has

Experimental results

In this section, the results of the experiments and implementations carried out are presented and analyzed. Specifically, the associated costs to the execution and storage of the involved smart contracts are estimated, in order to determine the viability of the presented protocols. In addition, some possible improvements for the storage model, which could further reduce the associated costs, are also discussed. For last, the performance and timing of execution are evaluated in Section 5.2.

Countermeasures and future work

Unfortunately, the virtually immutable nature of public blockchains makes finding any kind of countermeasures to this threat extremely difficult. Indeed, smart contracts cannot be blocked, deactivated or removed if the author has not explicitly included appropriate mechanisms designed to do so.

Therefore, there are hardly any references in the literature about this possibility. Marino and Juels analyze in [49] the different possibilities for altering or undoing smart contracts, but always from a

Conclusions

In this work, we have shown how cybercriminals could benefit from the use of smart contracts running in public blockchains for carrying out ransomware attacks. We have foresee and presented several proposals for the semi-automation of ransomware schemes, relying only on symmetric cryptographic primitives and simple arithmetic operations.

These novel protocols have been implemented as a proof-of-concept in the Ethereum Ropsten testnet, with the aim of demonstrating its viability. In addition, the

Declaration of Competing Interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

Oscar Delgado-Mohatar is assistant professor of the Department of Computer Engineering at the Universidad Autónoma de Madrid. His main research interests include blockchain, distributed systems and security for IoT. He received the Ph.D. degree in computer science from Carlos III University of Madrid in 2011. He is currently head of the research chair UAM — GrantThornton in blockchain, and the master program “Blockchain and Cryptoeconomics”.

References (50)

  • KimH.M. et al.

    Toward an ontology-driven blockchain design for supply-chain provenance

    Intell. Syst. Account. Financ. Manage.

    (2018)
  • BrewerR.

    Ransomware attacks

    Netw. Secur.

    (2016)
  • KüpçüA. et al.

    Usable optimistic fair exchange

    Comput. Netw.

    (2012)
  • NakamotoS.

    Bitcoin: A peer-to-peer electronic cash system

    (2009)
  • PilkingtonM.

    Blockchain technology: principles and applications

  • DannenC.

    Introducing Ethereum and Solidity: Foundations of Cryptocurrency and Blockchain Programming for Beginners

    (2017)
  • JuelsA. et al.

    The ring of gyges: Investigating the future of criminal smart contracts

    IACR Cryptol. ePrint Arch.

    (2016)
  • EyalI. et al.

    Bitcoin-NG: A scalable blockchain protocol

  • FranzoniA.L. et al.

    Using blockchain to store teachers’ certification in basic education in Mexico

  • ChengJ. et al.

    Blockchain and smart contract for digital certificate

  • NotheisenB. et al.

    Trading real-world assets on blockchain

    Bus. Inf. Syst. Eng.

    (2017)
  • YuanY. et al.

    Towards blockchain-based intelligent transportation systems

  • KhalilR. et al.

    Commit-Chains: Secure, Scalable Off-Chain Payments, Cryptology ePrint ArchiveReport 2018/642

    (2018)
  • KhanK.M. et al.

    Secure digital voting system based on blockchain technology

    Int. J. Electron. Gov. Res.

    (2018)
  • HanifatunnisaR. et al.

    Blockchain based e-voting recording system design

  • TseD. et al.

    Blockchain application in food supply information security

  • KaurH. et al.

    A proposed solution and future direction for blockchain-based heterogeneous medicare data in cloud environment

    J. Med. Syst.

    (2018)
  • YoungA. et al.

    Cryptovirology: extortion-based security threats and countermeasures

  • KalitaE.

    WannaCry Ransomware Attack: Protect Yourself from WannaCry Ransomware Cyber Risk and Cyber War

    (2017)
  • J. Berr, ‘WannaCry’ ransomware attack losses could reach $4 billion, URL cbsn.ws/2rluoXx. [cited...
  • Hernandez-CastroJ. et al.

    Economic analysis of ransomware

    SSRN Electron. J.

    (2017)
  • ContiM. et al.

    On the economic significance of ransomware campaigns: A bitcoin transactions perspective

    (2018)
  • SpreitzenbarthM. et al.

    Mobile-sandbox: Having a deeper look into android applications

  • MercaldoF. et al.

    Ransomware steals your phone. formal methods rescue it

  • ShindeR. et al.

    Ransomware: Studying transfer and mitigation

  • Cited by (0)

    Oscar Delgado-Mohatar is assistant professor of the Department of Computer Engineering at the Universidad Autónoma de Madrid. His main research interests include blockchain, distributed systems and security for IoT. He received the Ph.D. degree in computer science from Carlos III University of Madrid in 2011. He is currently head of the research chair UAM — GrantThornton in blockchain, and the master program “Blockchain and Cryptoeconomics”.

    José María Sierra is a Professor with the Khoury College of Information Sciences, Northeastern University; His research have covered different aspects of Cybersecurity, mostly in providing security for Internet services. He has participated in numerous R&D projects and has authored or co-authored articles in journals related to IT security. He received the Ph.D. degree in computer science from Carlos III University of Madrid and is a Certified Information Security Manager and a Certified Information Systems Security Professional.

    Eloy Anguiano is Professor of the Department of Computer Engineering at the Universidad Autónoma de Madrid. His research interests focus on blockingchain technologies, distributed systems, free software and computer engineering education. He has lead the IBM-UAM Linux Reference Center for 10 years.

    View full text