Systems and Security Events
CS Colloquium: Budi Arief (Kent)
Location: CS1.01
Title: Ransomware and Us: A Socio-technical Look into Ransomware
Abstract:
Ransomware is a form of malware designed to prevent its victim’s access to their data or to leak victim’s sensitive data, unless the victim pays the ransom demand to the attacker. Ransomware has been around for quite a while now, and it remains one of the most prevalent cyber threats to individuals and, of growing concern, businesses. On top of the the technical elements, there are many human aspects involved in ransomware operations. As such, it is important to understand the socio-technical perspectives involved, in order to devise more effective countermeasures. This talk covers a wide range of socio-technical research we have conducted in combatting ransomware, ranging from investigating ransomware deployment methods to roadmapping potential countermeasures (and why some of them might fail). With the popularity of Internet of Things (IoT) devices, we have also explored the feasibility of ransomware attacks on IoT devices, and the potential consequences that such attacks might bring. Finally, we have been looking to better understand the stakeholders involved, for instance by investigating how attackers might get started in ransomware operations and their justification for taking part in this crime, as well as by exploring various human factors that can contribute to victimisation (including ransom notes designs and victims’ personality types). The talk will wrap up with a quick peek into our ongoing work focusing on the threat of ransomware in the Industrial IoT (IIoT) domain, which is part of the “Countering HArms caused by Ransomware in the Internet Of Things (CHARIOT)” project recently funded by the UK Engineering and Physical Sciences Research Council (EPSRC) and the Research Institute in Trustworthy Inter-Connected Cyber-Physical Systems (RITICS).
Bio:
Dr Budi Arief is a Senior Lecturer at the School of Computing, and the Innovation Lead at the Institute of Cyber Security for Society (iCSS), both at the University of Kent. His main research areas are cybercrime and computer security (most recently, ransomware, Internet of Things security, and combatting child sexual abuse), with a strong overarching element of interdisciplinary research. Budi has also carried out research in the dependability of computer-based systems, the application of wireless sensor networks in the intelligent transport systems domain, distributed systems (including performance modelling and simulation), and software engineering (in particular, open source software). He is currently the University of Kent’s PI of an EPSRC-funded project called “Countering HArms caused by Ransomware in the Internet Of Things (CHARIOT)”. This 3-year project (started in Sep’23) is a collaboration between the Universities of Bristol and Kent. Between Jul’17 and Dec’19, Budi was a Co-I of another EPSRC-funded project investigating ransomware called “EPSRC: EconoMical, PsycHologicAl and Societal Impact of RanSomware (EMPHASIS)”. On top of these ransomware projects, Budi is currently the Kent PI of an EU-funded project “Novel Strategies to Fight Child Sexual Exploitation and Human Trafficking Crimes and Protect their Victims (HEROES, Dec’21-Nov’24)”, and a Co-I of another EU-funded project “Child-protection based strategies to fight against sexual abuse and exploitation crimes (ALUNA, Jun'23-May'25)”. So far, Budi has published more than 70 research papers in the areas of computer security and privacy, human factors, and dependability, at journals including Computers & Security, Journal of Information Security and Applications, and IEEE Security & Privacy, as well as at conferences including ACM Symposium on Computer and Communications Security (CCS), International Conference on Financial Cryptography and Data Security (FC), and IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom).
Abstract:
Ransomware is a form of malware designed to prevent its victim’s access to their data or to leak victim’s sensitive data, unless the victim pays the ransom demand to the attacker. Ransomware has been around for quite a while now, and it remains one of the most prevalent cyber threats to individuals and, of growing concern, businesses. On top of the the technical elements, there are many human aspects involved in ransomware operations. As such, it is important to understand the socio-technical perspectives involved, in order to devise more effective countermeasures. This talk covers a wide range of socio-technical research we have conducted in combatting ransomware, ranging from investigating ransomware deployment methods to roadmapping potential countermeasures (and why some of them might fail). With the popularity of Internet of Things (IoT) devices, we have also explored the feasibility of ransomware attacks on IoT devices, and the potential consequences that such attacks might bring. Finally, we have been looking to better understand the stakeholders involved, for instance by investigating how attackers might get started in ransomware operations and their justification for taking part in this crime, as well as by exploring various human factors that can contribute to victimisation (including ransom notes designs and victims’ personality types). The talk will wrap up with a quick peek into our ongoing work focusing on the threat of ransomware in the Industrial IoT (IIoT) domain, which is part of the “Countering HArms caused by Ransomware in the Internet Of Things (CHARIOT)” project recently funded by the UK Engineering and Physical Sciences Research Council (EPSRC) and the Research Institute in Trustworthy Inter-Connected Cyber-Physical Systems (RITICS).
Bio:
Dr Budi Arief is a Senior Lecturer at the School of Computing, and the Innovation Lead at the Institute of Cyber Security for Society (iCSS), both at the University of Kent. His main research areas are cybercrime and computer security (most recently, ransomware, Internet of Things security, and combatting child sexual abuse), with a strong overarching element of interdisciplinary research. Budi has also carried out research in the dependability of computer-based systems, the application of wireless sensor networks in the intelligent transport systems domain, distributed systems (including performance modelling and simulation), and software engineering (in particular, open source software). He is currently the University of Kent’s PI of an EPSRC-funded project called “Countering HArms caused by Ransomware in the Internet Of Things (CHARIOT)”. This 3-year project (started in Sep’23) is a collaboration between the Universities of Bristol and Kent. Between Jul’17 and Dec’19, Budi was a Co-I of another EPSRC-funded project investigating ransomware called “EPSRC: EconoMical, PsycHologicAl and Societal Impact of RanSomware (EMPHASIS)”. On top of these ransomware projects, Budi is currently the Kent PI of an EU-funded project “Novel Strategies to Fight Child Sexual Exploitation and Human Trafficking Crimes and Protect their Victims (HEROES, Dec’21-Nov’24)”, and a Co-I of another EU-funded project “Child-protection based strategies to fight against sexual abuse and exploitation crimes (ALUNA, Jun'23-May'25)”. So far, Budi has published more than 70 research papers in the areas of computer security and privacy, human factors, and dependability, at journals including Computers & Security, Journal of Information Security and Applications, and IEEE Security & Privacy, as well as at conferences including ACM Symposium on Computer and Communications Security (CCS), International Conference on Financial Cryptography and Data Security (FC), and IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom).