Anna Cartwright scite author profile

Hernández-Castro

2019

Ransomware is a type of malware that encrypts files and demands a ransom from victims. It can be viewed as a form of kidnapping in which the criminal takes control of the victim’s files with the objective of financial gain. In this article, we review and develop the game theoretic literature on kidnapping in order to gain insight on ransomware. The prior literature on kidnapping has largely focused on political or terrorist hostage taking. We demonstrate, however, that key models within the literature can be adapted to give critical new insight on ransomware. We primarily focus on two models. The first gives insight on the optimal ransom that criminals should charge. The second gives insight on the role of deterrence through preventative measures. A key insight from both models will be the importance of spillover effects across victims. We will argue that such spillovers point to the need for some level of outside intervention, by governments or otherwise, to tackle ransomware.

An economic analysis of ransomware and its welfare consequences

Hernández-Castro

2020

R. Soc. open sci.

We present in this work an economic analysis of ransomware, a relatively new form of cyber-enabled extortion. We look at how the illegal gains of the criminals will depend on the strategies they use, examining uniform pricing and price discrimination. We also explore the welfare costs to society of such strategies. In addition, we present the results of a pilot survey which demonstrate proof of concept in evaluating the costs of ransomware attacks. We discuss at each stage whether the different strategies we analyse have been encountered already in existing malware, and the likelihood of them being implemented in the future. We hope this work will provide some useful insights for predicting how ransomware may evolve in the future.

Ransomware and Reputation

2019

Games

Ransomware is a particular form of cyber-attack in which a victim loses access to either his electronic device or files unless he pays a ransom to criminals. A criminal's ability to make money from ransomware critically depends on victims believing that the criminal will honour ransom payments. In this paper we explore the extent to which a criminal can build trust through reputation. We demonstrate that there are situations in which it is optimal for the criminal to always return the files and situations in which it is not. We argue that the ability to build reputation will depend on how victims distinguish between different ransomware strands. If ransomware is to survive as a long term revenue source for criminals then they need to find ways of building a good reputation.

Between a rock and a hard(ening) place: Cyber insurance in the ransomware era

Mott

Turner

Nurse

et al. 2023

Computers & Security

How cyber insurance influences the ransomware payment decision: theory and evidence

Geneva Pap Risk Insur Issues Pract

MacColl

et al. 2023

In this paper we analyse how cyber-insurance influences the cost-benefit decision making process of a ransomware victim. Specifically, we ask whether organizations with cyber-insurance are more likely to pay a ransom than non-insureds. We propose a game-theoretic framework with which to categorize and distinguish different channels through which insurance may influence victim decision making. This allows us to identify ways in which insurance may incentivize or disincentivize payment of the ransom. Our framework is informed by data from semi-structured interviews with 65 professionals with expertise in cyber-insurance, cybersecurity and/or ransomware, as well as data from the UK Cyber Security Breaches Survey. We find that perceptions are very divided on whether victims with insurance are more (or less) likely to pay a ransom. Our model can reconcile these views once we take into account context specifics, such as the severity of the attack as measured by business interruption and restoration and/or the exfiltration of sensitive data.