Off the Rails, On the Chain: Fingerprinting Ransomware's On-Chain Behavior

Seth DuBois

Ransomware groups don't just leave malware signatures; they leave financial signatures. Every ransom collection and blockchain transaction encodes operational habits that help distinguish one group from another. Using Qilin as a primary case study, this talk demonstrates how on-chain behavioral fingerprinting can attribute campaigns, expose shared laundering infrastructure, and reveal affiliate relationships across ransomware families.