Authors:Lea Müller (1 and 2), York Yannikos (1 and 2) ((1) Fraunhofer Institute for Secure Information Technology, (2) National Research Center for Applied Cybersecurity ATHENE)
Abstract:Ransomware has grown to become one of the most damaging types of cybercrime, affecting private and public organizations in any sector. While early types of ransomware targeted many victims via automated attacks, ransomware groups have started to specifically target organizations and companies in the expectation of receiving larger ransoms. To increase the pressure on victims, most groups host so-called data leak sites, where information about their victims is made public. The shift towards 'human-operated' ransomware together with easily accessible behavioral traces available from data leak sites makes research investigating operational regularities of ransomware groups of interest. Using leak site posts as behavioral traces of ransomware groups, we created a dataset consisting of over 27,000 posts from 325 groups. Based on this dataset, we analyzed victim concentration, temporal routines and targeting regularities. Our findings suggest that groups do not behave entirely random. Instead, the observable traces found on leak sites show concentration of activity, temporal routines and selective patterns.
| Comments: | 17 pages, 5 figures |
| Subjects: | Cryptography and Security (cs.CR) |
| Cite as: | arXiv:2605.24559 [cs.CR] |
| (or arXiv:2605.24559v1 [cs.CR] for this version) | |
| https://doi.org/10.48550/arXiv.2605.24559 arXiv-issued DOI via DataCite (pending registration) |
From: Lea Müller [view email]
[v1]
Sat, 23 May 2026 12:50:53 UTC (53 KB)
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。