Introduction

Different forms of digital currency have been proposed and implemented over the decades \cite{Chaum_1983} \cite{mullan_digital_2014} and now the Blockchain technology allows decentralized currencies to exist and reliable transactions to be made, while preventing double-spending using consensus algorithm relying on proof of work \cite{Back2014EnablingBI}. This is the basis of cryptocurrencies, specially Bitcoin, which is often considered the first one and has now gathered a lot of attention \cite{article}, from researchers, to investors, and, due to its lack of regulation, criminals as well \cite{revolt}
Recently the internet has been targeted by a wave of new types of malware, categorized as ransomware. Ransomware is a type of malware that once it successfully infects a target's computer system, it then encrypts files and private data so that the victim cannot access them anymore \cite{richardson2017ransomware}. The victim is then presented with a message explaining the situation and also containing instructions on how to regain full access to their own system and this typically involves paying a sum of money via Bitcoin. There are several groups of hackers and variants, also known as families, of such malware, yet their defining characteristic is requiring payment to release access to the captured data.
On this research I will analyze several transactions gathered from the Bitcoin Blockchain to determine whether it is possible to easily categorize each transaction as being from a specific ransomware family or not pertaining to any of them at all. Relevant research has been conducted on this field in \cite{akcora2019bitcoinheist}\cite{articlea} and \cite{8955554}