Bitcoins are a commonly-used currency among cyber criminals for exchanging goods and services and receiving payments from ransomware. While cryptocurrency claims to promote anonymity, the nature of the blockchain’s public ledger means that criminal activities can be traced and correlated. This presentation will cover a brief high-level overview of how transactions on the blockchain work and will focus on how to apply this knowledge in order to both manually and automatically map out transactions, associate bitcoin addresses, and identify potential cybercriminal-owned bitcoin wallets with the goal of providing context to the scale and duration of a campaign impacting your enterprise. Examples will include identifying a Locky affiliate’s infrastructure, attributing the Shark/Atom ransomware, and identifying “bitcoin exchanges” on the blockchain.
Kevin Perlow, Associate, Booz Allen Hamilton