Characterising and Mitigating Exploitation of Security Services by State of the Art Ransomware and Extortion

In today's interconnected digital world, the Internet has revolutionised the way we communicate, conduct business, and access information. However, this remarkable advancement has also exposed us to a new breed of cyber threats that can wreak havoc on individuals, businesses, and even entire nations. One such malicious software (malware) that has gained notoriety in recent history is ransomware. Ransomware encrypts victims' files or locks their systems until a ransom is paid, with attackers promising to provide a decryption key upon payment. This form of digital extortion has evolved into a sophisticated and pervasive threat, impacting individuals, organisations, and governments globally.

This thesis explores the integration of decentralised blockchain technologies with emerging Trusted Execution Environments (TEEs) to understand how attackers could leverage these technologies to enhance their ransomware operations. This understanding will inform the development of security measures against ransomware, providing a coherent perspective on future defences. Initially, we analyse the key management strategies employed by contemporary ransomware. This includes the development and evaluation of RansomClave, a proof-of-concept designed to assess the feasibility of generating cryptographic keys within secure enclaves using TEEs like Intel Software Guard Extensions (SGX). By dissecting this proof-of-concept malware, we aim to preemptively identify vulnerabilities that attackers might exploit and to develop strategies to mitigate these threats.

Transitioning from traditional ransomware attacks to extortion tactics within blockchain environments, the second part of this thesis explores the security dynamics of various Proof-of-Stake (PoS) systems, with a focus on Ethereum. Building on the initial analysis of how blockchain technologies can be leveraged by ransomware, this section examines the implications of ransomware for blockchain users. Using game-theoretic modelling, we evaluate how attackers can perform ransomware attacks on blockchain participants by exploiting compromised validator signing keys. Validators, the entities responsible for verifying transactions and maintaining the blockchain, are particularly vulnerable to such attacks. This approach helps identify the strategic decisions of attackers and victims, providing insights into the economic incentives driving these malicious activities. We examine the impact of slashing penalties, which are punitive measures against validators for malicious behaviour, and explore scenarios where validators might be extorted into paying ransoms to avoid financial and reputational damage.

In the third part of this thesis, based on the vulnerabilities identified earlier, we propose and evaluate a preventive strategy to defend against ransomware and extortion threats in blockchain environments. This strategy includes the development of REVOKE, a decentralised key revocation mechanism designed to mitigate the impact of extortion attacks on Ethereum validators. REVOKE enables validators to change their signing key without withdrawing their stake, thereby reducing their vulnerability to slashing penalties while maintaining the security of the blockchain. Our analysis covers the design, implementation, and evaluation of REVOKE, demonstrating its potential to address the risks posed by compromised signing keys. Additionally, we address the challenge of atomic revocation and propose a revocation reward system to incentivise proposers to prioritise revocation requests over slashing evidence. This comprehensive evaluation highlights the potential of REVOKE to enhance overall blockchain security.

Finally, this thesis demonstrates the practical impact of the proposed mechanisms, including REVOKE and the game-theoretic modelling, on enhancing blockchain security. Our research reveals that validators are more willing to pay ransoms under specific conditions, highlighting the need for more robust security measures tailored to these scenarios. By informing the design of blockchain security implementations that specifically address attack vectors targeting validators, our findings contribute to the development of more resilient and secure digital infrastructures. These insights not only advance the current understanding of ransomware and extortion threats but also lay the groundwork for future research aimed at further strengthening the security and resilience of blockchain systems and other digital environments.