Virtual Library

Our virtual library is an online repository of all of the reports, papers, and briefings that IST has produced, as well as works that have influenced our thinking.

Submit your Content

Podcasts

TechnologIST Talks: Looking Back and Looking Ahead: Deep Dive on the New Cybersecurity Executive Order

Carole House, Megan Stifel, and Steve Kelly

view

Podcasts

TechnologIST Talks: The Offense-Defense Balance

Philip Reiner and Heather Adkins

view

Reports

The Generative Identity Initiative: Exploring Generative AI’s Impact on Cognition, Society, and the Future

Gabrielle Tran, Eric Davis

viewpdf

Podcasts

TechnologIST Talks: A Transatlantic Perspective on Quantum Tech

Megan Stifel and Markus Pflitsch

view

Podcasts

TechnologIST Talks: The Future is Quantum

Megan Stifel and Stefan Leichenauer

view

Reports

Navigating AI Compliance, Part 1: Tracing Failure Patterns in History

Mariami Tkeshelashvili, Tiffany Saade

viewpdf

Podcasts

TechnologIST Talks: The Cleantech Boom

Steve Kelly and Dr. Alex Gagnon

view

Contribute to our Library!

We also welcome additional suggestions from readers, and will consider adding further resources as so much of our work has come through crowd-sourced collaboration already. If, for any chance you are an author whose work is listed here and you do not wish it to be listed in our repository, please, let us know.

SUBMIT CONTENT

Mapping the Ransomware Payment Ecosystem: A Comprehensive Visualization of the Process and Participants

Zoë Brammer

SUMMARY

The Institute for Security and Technology’s Ransomware Task Force (RTF) is working to further illuminate the ransomware payment ecosystem as part of our efforts to improve the information environment and blunt the ability for criminal and other malign actors to profit from ransomware attacks, and thereby stop engaging in ransomware for profit.

Central to mitigating the threat of ransomware is the development of a common understanding of the actors, stakeholders, processes, and information, both required for and produced during the ransomware payment process. Yet, when we began this work, such a picture did not exist. IST undertook this effort to fill that gap. 

With a clear picture of the ransomware payment ecosystem, a number of opportunities present themselves: first, the ability to identify at what point a particular incident is in the payment process, which can allow counter-ransomware efforts to disrupt that process; second, the identification of entities involved in the process who may have opportunities to gather information and/or take action; and third, the potential to bring together disparate entities to identify additional ways add friction to and potentially disrupt the ransomware payment process, thereby complicating the ability of attackers to successfully collect on ransomware attacks.

This paper takes the first steps into a larger exploration of these opportunities. It presents a novel, comprehensive ransomware payment map and orients the reader to the actors and entities adapting to the ransomware threat. In future work, IST will begin to analyze how each entity could leverage its position to better observe the ransomware payment cycle. Future work will analyze the technical, regulatory and legal, and other requirements for these actors to access this information. IST will also outline ways those entities could add friction to the ongoing use of ransomware. Our goal is to help enable changes in the economic incentive structure around ransomware attacks, thereby reducing the use of ransomware overall.

download pdf