Economics of Ransomware Attacks

August, Terrence; Dao, Duy; Niculescu, Marius

doi:10.2139/ssrn.3351416

Cited by 6 publications

(6 citation statements)

References 38 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This may create a remit for policymakers to highlight more strongly the social responsibilities around cyber-behaviour. It is also important to consider the incentives for software developers to sell low-cost protection against ransomware [42]. Competing interests.…”

Section: Resultsmentioning

confidence: 99%

An economic analysis of ransomware and its welfare consequences

Hernández-Castro

Cartwright

2020

R. Soc. open sci.

View full text Add to dashboard Cite

We present in this work an economic analysis of ransomware, a relatively new form of cyber-enabled extortion. We look at how the illegal gains of the criminals will depend on the strategies they use, examining uniform pricing and price discrimination. We also explore the welfare costs to society of such strategies. In addition, we present the results of a pilot survey which demonstrate proof of concept in evaluating the costs of ransomware attacks. We discuss at each stage whether the different strategies we analyse have been encountered already in existing malware, and the likelihood of them being implemented in the future. We hope this work will provide some useful insights for predicting how ransomware may evolve in the future.

show abstract

Section: Resultsmentioning

confidence: 99%

An economic analysis of ransomware and its welfare consequences

Hernández-Castro

Cartwright

2020

R. Soc. open sci.

View full text Add to dashboard Cite

show abstract

“…In other words, victims must pay for the decryption key, or else they will face significant data loss and business disruption. 1 Interestingly, victims, although unwilling to admit so publicly, often end up paying substantial amounts as ransom. For example, Travelex, a well-known financial firm, has paid $2.3 million following a breach in the late December of 2019 [12].…”

Section: Introductionmentioning

confidence: 99%

“…Such worries for a much larger loss have created a surreal scenario where city councils, state governments, and even police departments are lining up after a breach to pay the ransom necessary to get their stuff back [8]. The lesson 1 Of course, there is no guarantee that the attacker would honor its word upon receiving the ransom payment. As a result, a victim firm may question in the first place the value of acceding to the ransom demand.…”

Section: Introductionmentioning

confidence: 99%

“…Further, recognizing the importance of ransomware and its broad implications, has emerged a new substream of research that focuses on the economics of ransomware. Among the key works in this substream, August et al [1] consider the perspective of a software vendor, in particular how the underlying economic externalities affect the vendor's pricing strategy. In contrast, Hernandez-Castro et al [6] examine the perspective of the ransomware attackers and how price-discrimination strategies employed by the attackers would impact social welfare.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Should We Outlaw Ransomware Payments?

Dey

Lahiri

2021

Proceedings of the Annual Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

In recent times, there has been an upsurge in ransomware attacks, where an attacker encrypts a user's files and then demands a ransom in exchange for the decryption key. While paying the ransom allows the user to quickly unlock the locked files and avoid potentially larger losses, it also strengthens the hands of the attacker and increases the chance of a future attack. We study this dilemma of the victims and the externality posed by their actions using a game-theoretic model on top of a Markov decision process. The resulting equilibrium leads to several interesting insights such as that legally prohibiting ransom payments may not always have the desired economic effects-in some cases, a ban may be effective in addressing the economic externality but, in others, it could reduce public welfare. Our findings have important implications for policymakers who are currently debating legislation that, if enacted, will outlaw ransom payments to attackers.

show abstract

“…If the encryption is done in a technically sound way then the files are only recoverable by paying the ransom. Crypto-ransomware provides, therefore, a viable business model for criminals and some variants of ransomware have a 'good reputation' for returning files to victims (if the ransom is paid) [8][9][10]. In another, older variant, of ransomware victims are held to ransom for the release of sensitive information [11].…”

Section: Introductionmentioning

confidence: 99%

Investing in Prevention or Paying for Recovery - Attitudes to Cyber Risk

Cartwright

Xue

2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Broadly speaking an individual can invest time and effort to avoid becoming victim to a cyber attack and/or they can invest resource in recovering from any attack. We introduce a new game called the prevention and recovery game to study this trade-off. We report results from the experimental lab that allow us to categorize different approaches to risk taking. We show that many individuals appear relatively risk loving in that they invest in recovery rather than prevention. We find little difference in behavior between a gain and loss framing.

show abstract

Economics of Ransomware Attacks

Cited by 6 publications

References 38 publications

An economic analysis of ransomware and its welfare consequences

An economic analysis of ransomware and its welfare consequences

Should We Outlaw Ransomware Payments?

Investing in Prevention or Paying for Recovery - Attitudes to Cyber Risk

Contact Info

Product

Resources

About