Blockchain’s benefits and advantages have been extensively studied in literature, but far fewer works can be found on the dishonest uses of them. In this paper, we present the first blockchain-based ransomware schemes, which use smart contracts and simple cryptographic primitives to provide a limited degree of automation and fair exchange. Specifically, the use of smart contracts would enable new capabilities for ransomware, such as the possibility of paying for individual files or the refund of the ransom to the victim if the decryption keys are not received within a specified period of time. To demonstrate their feasibility, both technically and economically, these proposals have been implemented in the Ethereum Ropsten test network. The results show that running a full ransomware campaign similar to WannaCry, with more than 300,000 affected users, would have an additional cost of only 3 cents of a dollar per victim. Finally, we show that there are no feasible countermeasures if these schemes are implemented in public blockchains. Therefore, we firmly believe that it is increasingly urgent to recognize and study this matter, in order to create new policies and technical countermeasures.

区块链的优缺点已经在文献中进行了广泛的研究，但是在不诚实使用它们的情况下，发现的作品却很少。在本文中，我们提出了第一个基于区块链的勒索软件方案，该方案使用智能合约和简单的加密原语来提供有限程度的自动化和公平交换。具体来说，使用智能合约将启用勒索软件的新功能，例如，如果未在指定的时间段内收到解密密钥，则有可能为单个文件付费或将赎金退还给受害者。为了在技术上和经济上证明其可行性，这些建议已在以太坊Ropsten测试网络中实施。结果表明，运行与WannaCry类似的完整勒索软件活动，有300多个，000名受影响的用户，每位受害者只需多付3美分的费用。最后，我们表明，如果这些方案在公共区块链中实施，则没有可行的对策。因此，我们坚信，为制定新的政策和技术对策，认识和研究这一问题变得越来越紧迫。