Research Article
On Locky Ransomware, Al Capone and Brexit
@INPROCEEDINGS{10.1007/978-3-319-73697-6_3, author={John MacRae and Virginia Franqueira}, title={On Locky Ransomware, Al Capone and Brexit}, proceedings={Digital Forensics and Cyber Crime. 9th International Conference, ICDF2C 2017, Prague, Czech Republic, October 9-11, 2017, Proceedings}, proceedings_a={ICDF2C}, year={2018}, month={1}, keywords={Locky Ransomware Cryptolocker Bitcoin Brexit Digital forensics Money laundering}, doi={10.1007/978-3-319-73697-6_3} }
- John MacRae
Virginia Franqueira
Year: 2018
On Locky Ransomware, Al Capone and Brexit
ICDF2C
Springer
DOI: 10.1007/978-3-319-73697-6_3
Abstract
The highly crafted lines of code which constitute the Locky cryptolocker ransomware are there to see in plain text in an infected machine. Yet, this forensic evidence does not lead investigators to the identity of the extortionists nor to the destination of the ransom payments. Perpetrators of this ransomware remain unknown and unchallenged and so the ransomware cyber crimewave gathers pace. This paper examines what Locky is, how it works, and the mechanics of this malware to understand how ransom payments are made. The financial impact of Locky is found to be substantial. The paper describes methods for “following the money” to assess how effectively such a digital forensic trail can assist ransomware investigators. The legal instruments that are being established by the authorities as they attempt to shut down ransomware attacks and secure prosecutions are evaluated. The technical difficulty of following the money coupled with a lack of registration and disclosure legislation mean that investigators of this cybercrime are struggling to secure prosecutions and halt Locky.