Natural Language Processing and Data Analysis for Cybercriminal Attribution: Conti Ransomware Chats
摘要
Organized cybercrime, predominantly operating through digital communications, presents a unique challenge in attributing actions to real-world actors. This study addresses the gap in effective triage methods for cybercriminal communications, a critical yet under-explored area due to data scarcity. Utilizing a combination of Natural Language Processing (NLP), data visualization, and data analysis techniques, we employed a MiniLM model to generate embeddings and compute cosine similarities, aiming to categorize and attribute chat log messages. Our dataset comprised leaked chats from the Conti ransomware group’s private Jabber server, enabling us to test our approach within a real-world context. The results successfully produced a labeled dataset that identifies broad discussion topics among cybercriminals, offering valuable insights for further detailed analysis. This scalable and computationally efficient model not only enhances our understanding of Cybercrime-as-a-Service and Ransomware-as-a-Service communications but also contributes to the broader field of cybersecurity by providing nuanced criminal intelligence that assists in both qualitative and quantitative evaluations of cybercriminal behavior.