Dates: April 2017 – December 2019
Lead researchers: Professor Eerke Boiten, De Montfort University, Professor David Wall, University of Leeds, Dr Stephen McGough, University of Newcastle, Professor Thomas Chen, City, University of London, Professor Julio Hernandez-Castro and Dr Budi Arief, University of Kent, Dr Anna Cartwright, Coventry University
This project investigated why ransomware (a type of malware which restricts access to a victim’s computing resources and demands a ransom in order to restore access) is so effective as a crime and why so many people fall victim to it. It investigated who is carrying out the attacks, how to assist police agencies, and what interventions are required to mitigate the impact of these attacks. The project’s main goal was to strengthen society’s resistance to ransomware to make it less effective, protect and prepare potential victims – whether organisations or citizens, and help law enforcement pursue the criminals.
The project identified novel ways to detect a ransomware attack. The typical approach for detecting ransomware is by measuring statistical values of files in a target system or device but the researchers found that relying on this approach is not sufficient. This project combined typical detection methods with others in order to provide a better confidence that a ransomware attack is taking place, while minimising the false positives. They also considered using machine learning techniques for identifying new strains of ransomware through analysis of activity within a computer system. As with all forms of protection, access to information is a vital tool.
Although ransomware criminals are often keen to provide contact to themselves, for the purpose of facilitating the payment of ransom, there is a strong reluctance for victims to seek information from other channels, including those that may provide information about how to avoid payment. Providing mechanisms to help victims access pertinent information in this context is therefore essential.
The insight gained into this project informed policy development and discussions regarding information security management and cybercrime
Meetings with law enforcement organisations, evidence for policy review, and membership of advisory boards.
Find out more
One of the team was a member of the HMIC-FRS external reference group cyber-dependent crime which produced the report: “Cyber: Keep the light on – An inspection of the police response to cyber-dependent crime”. The report recommended that by 1 November 2020, the current police structure for the response to cyber-dependent crime should be revised. In doing so they should consider: the creation of a national police cyber-dependent crime network; the remit of any such network, how the network engages with other law enforcement agencies; and the tasking and co-ordinating responsibilities that will be required for the network to be effective.
External collaborators: National Crime Agency, Dun Laoghaire Institute of Art, Design & Technology, British Telecommunications Plc, University of Melbourne.
Follow on work: Connecting delayed pre-commitment with cyber awareness in order to address the perception gap and present bias.