Ransomware as a Service using Smart Contracts and IPFS
This work highlights a security vulnerability in decentralized systems that could facilitate illegal activities, posing a threat to users and organizations.
The authors demonstrated how decentralized technologies like Ethereum smart contracts and IPFS can be used to launch ransomware-as-a-service campaigns, enabling criminals to transact anonymously and remain offline with privacy guarantees.
Decentralized systems, such as distributed ledgers and the InterPlanetary File System (IPFS), are designed to offer more open and robust services. However, they also create opportunities for illegal activities. We demonstrate how these technologies can be used to launch a ransomware as a service campaign. We show that criminals can transact with affiliates and victims without having to reveal their identity. Furthermore, by exploiting the robustness and resilience to churn of IPFS, as well as the decentralized computing capabilities of Ethereum, criminals can remain offline during most procedures, with many privacy guarantees.