| Presentation | 2024-03-21 Analyzing Attackers and Victims Actions via LockBit3.0 Website Data Dynamics Yuji Sekine, Yin Minn Pa Pa, Katsunari Yoshioka, Tsutomu Matsumoto, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | LockBit3.0 is one of the top ransomware groups that has been active since July 2022, targeting over 1,000 companies. In February 2024, Operation Cronos, an international law enforcement operation, took down the servers involved, froze the cryptocurrency accounts, and arrested the people involved, but at the time of writing this research report, the details of the operation are not yet known. LockBit3.0 operates as a RaaS (Ransomware as a Service) model, expose victim information and leaked data on their darkweb website while selling the leaked data to the third parties. The information exposed on their website may change according to the victim's negotiation. However, how these changes are related to the victims' actions such as negotiation, extension of ransomware payment deadline has not been well studied. In this study, we monitor LockBit3.0 website over a 166-days period to analyze how the changes of victim information and ransomware payment deadline relate to the actions of attackers and victims. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | Ransomware / Malware / Threat Intelligence / LockBit |
| Paper # | ICSS2023-70 |
| Date of Issue | 2024-03-14 (ICSS) |
| Conference Information | |
| Committee | ICSS / IPSJ-SPT |
|---|---|
| Conference Date | 2024/3/21(2days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | OIST |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | Security, Trust, etc. |
| Chair | Daisuke Inoue(NICT) |
| Vice Chair | Akira Yamada(Kobe Univ.) / Toshihiro Yamauchi(Okayama Univ.) |
| Secretary | Akira Yamada(Mitsubishi Electric) / Toshihiro Yamauchi(Univ. of Electro-Comm.) |
| Assistant | Yo Kanemoto(NTT) / Masaya Sato(Okayama Prefectural Univ.) |
| Paper Information | |
| Registration To | Technical Committee on Information and Communication System Security / Special Interest Group on Security Psychology and Trust |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Analyzing Attackers and Victims Actions via LockBit3.0 Website Data Dynamics |
| Sub Title (in English) | |
| Keyword(1) | Ransomware |
| Keyword(2) | Malware |
| Keyword(3) | Threat Intelligence |
| Keyword(4) | LockBit |
| 1st Author's Name | Yuji Sekine |
| 1st Author's Affiliation | Yokohama National University(YNU) |
| 2nd Author's Name | Yin Minn Pa Pa |
| 2nd Author's Affiliation | Yokohama National University(YNU) |
| 3rd Author's Name | Katsunari Yoshioka |
| 3rd Author's Affiliation | Yokohama National University(YNU) |
| 4th Author's Name | Tsutomu Matsumoto |
| 4th Author's Affiliation | Yokohama National University(YNU) |
| Date | 2024-03-21 |
| Paper # | ICSS2023-70 |
| Volume (vol) | vol.123 |
| Number (no) | ICSS-448 |
| Page | pp.pp.9-16(ICSS), |
| #Pages | 8 |
| Date of Issue | 2024-03-14 (ICSS) |