Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Müller, Lea, Yannikos, York
Format: Preprint
Veröffentlicht: 2026
Schlagworte:
Online-Zugang:https://arxiv.org/abs/2605.24559
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
_version_ 1866910252219236352
author Müller, Lea
Yannikos, York
author_facet Müller, Lea
Yannikos, York
contents Ransomware has grown to become one of the most damaging types of cybercrime, affecting private and public organizations in any sector. While early types of ransomware targeted many victims via automated attacks, ransomware groups have started to specifically target organizations and companies in the expectation of receiving larger ransoms. To increase the pressure on victims, most groups host so-called data leak sites, where information about their victims is made public. The shift towards 'human-operated' ransomware together with easily accessible behavioral traces available from data leak sites makes research investigating operational regularities of ransomware groups of interest. Using leak site posts as behavioral traces of ransomware groups, we created a dataset consisting of over 27,000 posts from 325 groups. Based on this dataset, we analyzed victim concentration, temporal routines and targeting regularities. Our findings suggest that groups do not behave entirely random. Instead, the observable traces found on leak sites show concentration of activity, temporal routines and selective patterns.
format Preprint
id arxiv_https___arxiv_org_abs_2605_24559
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle Analyzing Concentration, Temporal Routines and Targeting in Public Ransomware Leak Site Data
Müller, Lea
Yannikos, York
Cryptography and Security
Ransomware has grown to become one of the most damaging types of cybercrime, affecting private and public organizations in any sector. While early types of ransomware targeted many victims via automated attacks, ransomware groups have started to specifically target organizations and companies in the expectation of receiving larger ransoms. To increase the pressure on victims, most groups host so-called data leak sites, where information about their victims is made public. The shift towards 'human-operated' ransomware together with easily accessible behavioral traces available from data leak sites makes research investigating operational regularities of ransomware groups of interest. Using leak site posts as behavioral traces of ransomware groups, we created a dataset consisting of over 27,000 posts from 325 groups. Based on this dataset, we analyzed victim concentration, temporal routines and targeting regularities. Our findings suggest that groups do not behave entirely random. Instead, the observable traces found on leak sites show concentration of activity, temporal routines and selective patterns.
title Analyzing Concentration, Temporal Routines and Targeting in Public Ransomware Leak Site Data
topic Cryptography and Security
url https://arxiv.org/abs/2605.24559