|![[Search]](http://talks.cam.ac.uk/images/search.gif?1209136071)
|![[A-Z Index]](http://talks.cam.ac.uk/images/az.gif?1209136071)
|![[Contact]](http://talks.cam.ac.uk/images/contact.gif?1209136071)
||![[University of Cambridge]](http://talks.cam.ac.uk/images/identifier2.gif?1209136071){kind=small} |
COOKIES: By using this website you agree that we can place Google Analytics Cookies on your device for performance monitoring. | ![[Talks.cam]](http://talks.cam.ac.uk/images/talkslogosmall.gif?1209136071) |
University of Cambridge > Talks.cam > Computer Laboratory Security Seminar > Examining Shocks to Ransomware Groups: The Effects of Law Enforcement Interventions and Internal Disputes on Leak Site Uptime
Examining Shocks to Ransomware Groups: The Effects of Law Enforcement Interventions and Internal Disputes on Leak Site UptimeAdd to your list(s) Download to your calendar using vCal
If you have a question about this talk, please contact Alexandre Pauwels. Recording link: https://www.cl.cam.ac.uk/research/security/seminars/archive/video/2025-11-18-t240760.html Double-extortion ransomware has evolved into a complex ecosystem where public leak sites are critical for coercion and reputation building. In this study, we examine the factors influencing the uptime of leak sites of 176 ransomware groups between December 2019 and March 2025, treating leak site uptime as a proxy for group survival. We investigate how external shocks, such as law enforcement interventions like arrests, takedowns, financial seizures, and internal shocks, such as affiliate disputes or leaks, affect shutdown risks. Beyond shocks, we analyze the role of organizational structure (e.g., tight-knit Eastern European crews versus decentralized RaaS models) and visibility/exposure (url count, non-TOR presence) in shaping the likelihood of interventions and disputes. Using a two-stage modeling framework, we first estimate the probability of external and internal shocks and then apply a Cox proportional hazards model to evaluate their impact on leak site uptime. Our findings show that both external and internal shocks shorten uptime, with the combined presence of both having the strongest effect. We further show that it is hard to predict groups which might be prone to internal dispute, while highly visible groups attract earlier law enforcement attention. These findings highlight the value of combining situational disruption with strategies that exploit internal ransomware group vulnerabilities. This talk is part of the Computer Laboratory Security Seminar series. This talk is included in these lists:
Note that ex-directory lists are not shown. |
Other listsMolecules and genes in Alzheimer's afrobeat221 Innovation ForumOther talksFireside Chat with Yashish Dahiya – Founder of Policybazaar CSAR Lecture: Biopharmaceutical Development - The Journey from Molecule to Medicine Talk by Tim Vincent Smith, Pianodrome Title TBC Gong Show |
Tuesday 18 November 2025, 14:00-15:00