‘White Rabbit’ Set To Stop Crypto Ransomware In Its Tracks

An upcoming security tool called White Rabbit will utilize machine learning in tandem with a dataset of Bitcoin addresses in order to prevent cybercrime. The platform will detect and predict which addresses are involved in illegal activity and will act as an “early warning system” that detects ransomware campaigns.

This is how it works: White Rabbit begins with a dataset that includes “dirty” Bitcoin addresses that are known to have been used for illegal purposes. The tool tags those addresses and then follows the patterns that those addresses behave according to. White Rabbit then matches those patterns to other Bitcoin addresses and classifies them as “clean” or “dirty”.

In theory, prevention can be more effective than trying to hunt down perpetrators. According to developer Olivia Thet:

“We’re fighting the wrong fight in trying to deanonymize the blockchain – we should be looking at the bigger picture instead…how Bitcoin wallet addresses are correlating with the other [indicators of compromise]…versus who is actually implementing the ransomware campaigns.”

Although prevention is more desirable than dealing with an attack after the fact, there are complications. The use of privacy coins in crypto laundering means that transaction tracking can lead to dead ends early on. Plus, Bitcoin itself does not (and arguably should not) have a built-in blacklisting feature—meaning that it is up to exchanges and other third-parties to implement blacklisting within their own limitations:

“The model can be used by both private and public sectors security professionals, working in the cryptocurrency field, to deny business for certain BTC addresses or, build legal cases to return illegally stolen coins.”

This isn’t the first initiative to attempt to track illegal Bitcoin activity; Elliptic and Chainalysis are services that offer similar tools, but with different approaches. Furthermore, exchanges can blacklist addresses even without this level of technology: Shapeshift, for example, blacklisted addresses during the WannaCry ransomware attacks.

The developers of White Rabbit (Olivia Thet and Nicolas Kseib) will demo the platform at two events in Las Vegas between August 9 and 11. The developers work for TruSTAR, a threat intelligence platform which already offers services focused on threat detection, fraud, and phishing.

The post ‘White Rabbit’ Set To Stop Crypto Ransomware In Its Tracks appeared first on UNHASHED.