{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,26]],"date-time":"2026-03-26T11:00:50Z","timestamp":1774522850836,"version":"3.50.1"},"reference-count":42,"publisher":"Association for Computing Machinery (ACM)","issue":"8","license":[{"start":{"date-parts":[[2023,7,25]],"date-time":"2023-07-25T00:00:00Z","timestamp":1690243200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100000781","name":"European Research Council","doi-asserted-by":"publisher","award":["Starting Grant ResolutioNet (ERC-StG-679158)"],"award-info":[{"award-number":["Starting Grant ResolutioNet (ERC-StG-679158)"]}],"id":[{"id":"10.13039\/501100000781","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Commun. ACM"],"published-print":{"date-parts":[[2023,8]]},"abstract":"<jats:p>A data-driven, follow-the-money approach to characterize the ransomware ecosystem uncovers two parallel ransomware criminal markets: commodity ransomware and Ransomware as a Service (RaaS).<\/jats:p>","DOI":"10.1145\/3582489","type":"journal-article","created":{"date-parts":[[2023,7,25]],"date-time":"2023-07-25T15:48:42Z","timestamp":1690300122000},"page":"74-83","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":18,"title":["A Tale of Two Markets: Investigating the Ransomware Payments Economy"],"prefix":"10.1145","volume":"66","author":[{"given":"Kris","family":"Oosthoek","sequence":"first","affiliation":[{"name":"Delft University of Technology (TU Delft), The Netherlands"}]},{"given":"Jack","family":"Cable","sequence":"additional","affiliation":[{"name":"Stanford University, USA"}]},{"given":"Georgios","family":"Smaragdakis","sequence":"additional","affiliation":[{"name":"Delft University of Technology (TU Delft), The Netherlands"}]}],"member":"320","published-online":{"date-parts":[[2023,7,25]]},"reference":[{"key":"e_1_2_1_1_1","unstructured":"2021 Cybersecurity year in review. National Security Agency (2022); https:\/\/bit.ly\/3NdXRj1."},{"key":"e_1_2_1_2_1","unstructured":"Abrams L. Dutch supermarkets run out of cheese after ransomware attack. Bleeping Computer (2021); https:\/\/bit.ly\/42nTrKS."},{"key":"e_1_2_1_3_1","unstructured":"AT&T Alien Labs Open Threat Exchange. AT&T (2021); https:\/\/bit.ly\/3qmsZ6V."},{"key":"e_1_2_1_4_1","volume-title":"Reuters (January 21","author":"Berwick A.","year":"2022","unstructured":"Berwick, A. and Wilson, T. Crypto giant Binance kept weak money-laundering checks even as it promised tougher compliance, documents show. Reuters (January 21, 2022); https:\/\/reut.rs\/3OSHDgD."},{"key":"e_1_2_1_5_1","unstructured":"Blockchain attacks on privacy. Bitcoin Wiki; https:\/\/en.bitcoin.it\/wiki\/Privacy."},{"key":"e_1_2_1_6_1","volume-title":"JBS paid $11 million to resolve ransomware attack. The Wall Street Journal (June 9","author":"Bunge J.","year":"2021","unstructured":"Bunge, J. JBS paid $11 million to resolve ransomware attack. The Wall Street Journal (June 9, 2021); https:\/\/on.wsj.com\/3qp5DOa."},{"key":"e_1_2_1_7_1","unstructured":"Cable J. Ransomwhere: A crowdsourced ransomware payment dataset (2022); https:\/\/bit.ly\/3OSX9Jd."},{"key":"e_1_2_1_8_1","unstructured":"Cimpanu C. BTC-e founder sentenced to five years in prison for laundering ransomware funds. ZDNet (2021); https:\/\/zd.net\/43FwSCq."},{"key":"e_1_2_1_9_1","unstructured":"Crystal Expert. Crystal Blockchain (2021); https:\/\/bit.ly\/42nyjEG."},{"key":"e_1_2_1_10_1","volume-title":"Cybersecurity and Infrastructure Security Agency (CISA)","author":"Cyber Incident Reporting","year":"2022","unstructured":"Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). U.S. Cybersecurity and Infrastructure Security Agency (CISA), (2022); https:\/\/bit.ly\/42nA1pA."},{"key":"e_1_2_1_11_1","unstructured":"Darkmarket: World's largest illegal dark web marketplace taken down. Europol (2021); https:\/\/bit.ly\/3qxoQx1."},{"key":"e_1_2_1_12_1","unstructured":"Dark Web Monitor. CFLW Cyber Strategies; https:\/\/dws.pm\/."},{"key":"e_1_2_1_13_1","unstructured":"Department of Justice launches global action against NetWalker Ransomware. U.S. Department of Justice (2021); https:\/\/bit.ly\/3oWJRAO."},{"key":"e_1_2_1_14_1","unstructured":"Department of Justice seizes $2.3 million in cryptocurrency paid to the ransomware extortionists Darkside. U.S. Department of Justice (2021); https:\/\/bit.ly\/3IZ1s29."},{"key":"e_1_2_1_15_1","volume-title":"Wired (August 22","author":"Greenberg A.","year":"2018","unstructured":"Greenberg, A. The untold story of NotPetya, the most devastating cyberattack in history. Wired (August 22, 2018); https:\/\/bit.ly\/3NdwKEM."},{"key":"e_1_2_1_16_1","volume-title":"The Guardian (December 30","author":"Hern A.","year":"2017","unstructured":"Hern, A. WannaCry, Petya, NotPetya: How ransomware hit the big time in 2017. The Guardian (December 30, 2017); https:\/\/bit.ly\/45L4bG1."},{"key":"e_1_2_1_17_1","volume-title":"Microsoft (October 24","author":"Hogan-Burney A.","year":"2021","unstructured":"Hogan-Burney, A. How cyberattacks are changing according to new Microsoft Digital Defense Report. Microsoft (October 24, 2021); https:\/\/bit.ly\/3Cb5vEL."},{"key":"e_1_2_1_18_1","unstructured":"HSE cyber-attack: Irish health service still recovering months after hack. BBC (2021); https:\/\/bbc.in\/3CcQwtL."},{"key":"e_1_2_1_19_1","volume-title":"2018 IEEE Symposium on Security and Privacy, IEEE, 618--631","author":"Huang D.Y.","unstructured":"Huang, D.Y. et al. Tracking ransomware end-to-end. In 2018 IEEE Symposium on Security and Privacy, IEEE, 618--631."},{"key":"e_1_2_1_20_1","unstructured":"Individual arrested and charged with operating notorious darknet cryptocurrency mixer. U.S. Department of Justice (2021); https:\/\/bit.ly\/43qsCa3."},{"key":"e_1_2_1_21_1","volume-title":"USENIX Security Symposium","author":"Kalodner H.","year":"2020","unstructured":"Kalodner, H. et al. BlockSci: Design and applications of a blockchain analysis platform. In USENIX Security Symposium (2020)."},{"key":"e_1_2_1_22_1","unstructured":"Largent W. Translated: Talos' insights from the recently leaked Conti ransomware playbook. Cisco Talos (2021); https:\/\/bit.ly\/43HWIpr."},{"key":"e_1_2_1_23_1","volume-title":"CARBON SPIDER embraces big game hunting, Part 2. Crowdstrike (November 4","author":"Loui E.","year":"2021","unstructured":"Loui, E. and Reynolds, J. CARBON SPIDER embraces big game hunting, Part 2. Crowdstrike (November 4, 2021); https:\/\/bit.ly\/3NcWO2V."},{"key":"e_1_2_1_24_1","volume-title":"The Wall Street Journal (November 12","author":"McMillan R.","year":"2021","unstructured":"McMillan R. and Poulsen, R. U.S. accuses Russian of money laundering for Ryuk Ransomware Gang. The Wall Street Journal (November 12, 2021); https:\/\/on.wsj.com\/43renSw."},{"key":"e_1_2_1_25_1","unstructured":"Mitigating malware and ransomware attacks. UK National Cyber Security Centre (2021); https:\/\/bit.ly\/45GSiRz."},{"key":"e_1_2_1_26_1","first-page":"2","article-title":"Cyber security threats to Bitcoin exchanges: Adversary exploitation and laundering techniques","volume":"18","author":"Oosthoek K.","year":"2020","unstructured":"Oosthoek, K. and Doerr, C. Cyber security threats to Bitcoin exchanges: Adversary exploitation and laundering techniques. IEEE Transactions on Network and Service Management 18, 2 (2020), 1616--1628.","journal-title":"IEEE Transactions on Network and Service Management"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1093\/cybsec\/tyz003"},{"key":"e_1_2_1_28_1","unstructured":"Ransomware Action Plan. Australian Department of Home Affairs (2021); https:\/\/bit.ly\/3qoQ1dv."},{"key":"e_1_2_1_29_1","unstructured":"Ransomware. Canadian Centre for Cyber Security (2021); https:\/\/bit.ly\/45PqCd0."},{"key":"e_1_2_1_30_1","unstructured":"Ransomware trends in Bank Secrecy Act data between January 2021 and June 2021. U.S. Department of Treasury Financial Crimes Enforcement Network (2021); https:\/\/bit.ly\/43FJTvM."},{"key":"e_1_2_1_31_1","unstructured":"Ransomware. U.S. Federal Bureau of Investigation (2021); https:\/\/bit.ly\/3CdYWRO."},{"key":"e_1_2_1_32_1","unstructured":"Ransomware: What you need to know. Europol (2021); https:\/\/bit.ly\/3OWxpM1."},{"key":"e_1_2_1_33_1","volume-title":"NPR, (May 11","author":"Romo V.","year":"2021","unstructured":"Romo, V. Panic drives gas shortages after Colonial Pipeline ransomware attack. NPR, (May 11, 2021); https:\/\/n.pr\/3qqYMUo."},{"key":"e_1_2_1_34_1","unstructured":"Six charged with crimes related to virtual currency exchange business. U.S. Department of Justice (2021); https:\/\/bit.ly\/3oLzEHB."},{"key":"e_1_2_1_35_1","unstructured":"Swedish Coop supermarkets shut due to US ransomware cyber-attack. BBC (2021); https:\/\/bbc.in\/3Cam4R0."},{"key":"e_1_2_1_36_1","unstructured":"Threat Landscape Report 2021. European Union Agency for Cybersecurity (ENISA); https:\/\/bit.ly\/3qrcoPz."},{"key":"e_1_2_1_37_1","unstructured":"Top routinely exploited vulnerabilities. U.S. Cybersecurity and Infrastructure Security Agency (CISA) Alert (AA21-209A). (2021); https:\/\/bit.ly\/43tllX9."},{"key":"e_1_2_1_38_1","unstructured":"United States files a civil action to forfeit cryptocurrency valued at over one billion U.S. dollars. U.S. Department of Justice (2020); https:\/\/bit.ly\/3MOiNMh."},{"key":"e_1_2_1_39_1","volume-title":"et al. Take a \"NetWalk\" on the wild side. McAfee ATR Operational Intelligence Team (August 3","author":"Seret T.","year":"2020","unstructured":"Seret, T. et al. Take a \"NetWalk\" on the wild side. McAfee ATR Operational Intelligence Team (August 3, 2020); https:\/\/bit.ly\/3MRAIS7."},{"key":"e_1_2_1_40_1","unstructured":"The rise of crypto laundries: How criminals cash out of bitcoin. Financial Times (2022); https:\/\/on.ft.com\/45OpsOZ."},{"key":"e_1_2_1_41_1","volume-title":"et al. A large-scale empirical analysis of ransomware activities in Bitcoin. ACM Transactions on the Web (TWEB) 16, 2","author":"Wang K.","year":"2021","unstructured":"Wang, K. et al. A large-scale empirical analysis of ransomware activities in Bitcoin. ACM Transactions on the Web (TWEB) 16, 2 (2021), 1--29."},{"key":"e_1_2_1_42_1","unstructured":"Wannacry money laundering attempt thwarted. BBC (2017); https:\/\/bbc.in\/42mMN7K."}],"container-title":["Communications of the ACM"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3582489","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3582489","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T18:08:50Z","timestamp":1750183730000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3582489"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,7,25]]},"references-count":42,"journal-issue":{"issue":"8","published-print":{"date-parts":[[2023,8]]}},"alternative-id":["10.1145\/3582489"],"URL":"https:\/\/doi.org\/10.1145\/3582489","relation":{},"ISSN":["0001-0782","1557-7317"],"issn-type":[{"value":"0001-0782","type":"print"},{"value":"1557-7317","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,7,25]]},"assertion":[{"value":"2023-07-25","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}