Visualizing Bitcoin Flows of Ransomware: WannaCry One Week Later

Because of its pseudo-anonimity and decentralisation characteristics, bitcoin payments are often a tool utilised by ransomware: this kind of malware infects a victim computer by encrypting some/all its data and/or denying the access to it. Then, the victim has to pay a given amount of bitcoins to see all the blocked functionalities restored. The goal of this paper is to visualise these bitcoin transactions, and in particular we focus on the effects of one of such ransomware, i.e., WannaCry, one/two weeks after its diffusion. We exploit BlockChainVis, a tool for visualising flows of bitcoins through the use of Visual Analytics.

[1]  Daniel A. Keim,et al.  Visual Analytics , 2009, Encyclopedia of Database Systems.

[2]  Leyla Bilge,et al.  Cutting the Gordian Knot: A Look Under the Hood of Ransomware Attacks , 2015, DIMVA.

[3]  Pak Chung Wong,et al.  Visual Analytics , 2004, IEEE Computer Graphics and Applications.

[4]  Jean-Daniel Fekete,et al.  BitConduite: Visualizing and Analyzing Activity on the Bitcoin Network , 2017, EuroVis.

[5]  Alfred Menezes,et al.  The Elliptic Curve Digital Signature Algorithm (ECDSA) , 2001, International Journal of Information Security.

[6]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[7]  Stefano Bistarelli,et al.  Go with the -Bitcoin- Flow, with Visual Analytics , 2017, ARES.