Game Theory of Data-selling Ransomware

Li, Zhen; Liao, Qi

doi:10.13052/jcsm2245-1439.1013

Cited by 17 publications

(28 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Recent research has further explored the financial motivations and economic factors driving ransomware innovation [42]. Threat actors continuously refine tactics and tools to maximize profits, targeting victims based on perceived willingness-to-pay [3,43]. Groups are also professionalizing, with some even providing "customer service" to aid ransom payment and data recovery [31,1].…”

Section: Ransomware Evolutionmentioning

confidence: 99%

Mitigating Data Exfiltration Ransomware through Advanced Decoy File Strategies

Liu,

Chen

2023

Preprint

View full text Add to dashboard Cite

This study introduces an advanced decoy file strategy utilizing Generative Adversarial Networks (GANs) to combat data exfiltration ransomware threats. Focused on creating highly realistic decoy documents, the system embeds these across enterprise networks, engaging ransomware threats effectively. It includes real-time monitoring for abnormal interactions and proactive response mechanisms for threat containment. Rigorous testing against various ransomware samples demonstrated high engagement rates and rapid response times, confirming the system's effectiveness. Integration across diverse network types was achieved with minimal operational overhead. This study highlights the system's adaptability in the face of evolving ransomware tactics and underscores the balance between decoy realism and deployability.

show abstract

Section: Ransomware Evolutionmentioning

confidence: 99%

Mitigating Data Exfiltration Ransomware through Advanced Decoy File Strategies

Liu,

Chen

2023

Preprint

View full text Add to dashboard Cite

show abstract

“…Not only is phishing used to facilitate the installation of ransomware, also ransomware is increasingly used to indirectly steal credentials, which sometimes lead to more phishing [50,51]. Another way ransomware leads to phishing is in which the content of the phishing email seems more credible by addressing a recent or on going ransomware attack.…”

Section: Coordinating Ddos Phishing and Ransomware Attacksmentioning

confidence: 99%

“…A third way for ransomware to possibly lead to phishing was described by [50]. [50] studied different factors contributing to maximizing profit of a ransomware attack.…”

Section: Coordinating Ddos Phishing and Ransomware Attacksmentioning

confidence: 99%

“…A third way for ransomware to possibly lead to phishing was described by [50]. [50] studied different factors contributing to maximizing profit of a ransomware attack. Their conclusion was that combining ransomware with data-stealing is in general more profitable than ransomware without stealing the data, and that selling the stolen data is always more profitable than threatening to leak the data.…”

Section: Coordinating Ddos Phishing and Ransomware Attacksmentioning

confidence: 99%

See 1 more Smart Citation

Untitled

2022

JISIS

View full text Add to dashboard Cite

Recent leaks (such as Conti) have provided greater insights on the working of cybercriminal organisations. Just like any other business, these malicious actors strategically manage their processes in order to maximise their revenues. Coordinating different types of cybercrimes as part of a single attack campaign provides another opportunity to these criminal groups to improve the efficiency of their attacks. To investigate the promise of this "coordination" between cybercrimes in improving the financial gains realised by cybercriminals, we take a two-step approach. First, we perform a bibliometric analysis of past scientific literature discussing the concept of "coordination" w.r.t to cybercrime. Second, as a case study, analysing the attack chains of DDoS, phishing and ransomware attacks, we identify vantage points for potential coordination from an attacker's perspective. Based on our findings, we propose a model (COORDINATE) to identify the types of potential cybercrime "coordinations". COORDINATE considers three relevant types of coordination: direct collaborated coordination, indirect collaborated coordination, and opportunistic coordination. Given the advantages of coordinated attacks, our results suggest that one crime may provide opportunities for the next one. Coordinated attacks will become more prevalent, and that we may witness the development of a dynamic that leads to more online crime.

show abstract

“…Very recently, ideas from game theory have been found to be useful in the study of ransomware. While all ransomware follows the same fundamental principles, there is sufficient variety in observed phenomena to merit a variety of models, such as defence and deterrence [17]- [21], iterative negotiations [22], price discrimination [23], incentive to return encrypted data data [24], and sale of stolen data [25]. In this paper, we examine how game theory can be applied to the growing threat of targeted ransomware.…”

mentioning

confidence: 99%

Dynamics of Targeted Ransomware Negotiation

Ryan

Fokker²,

Sorcha

et al. 2022

IEEE Access

View full text Add to dashboard Cite

In this paper, we consider how the development of targeted ransomware has affected the dynamics of ransomware negotiations to better understand how to respond to ransomware attacks. We construct a model of ransomware negotiations as an asymmetric non-cooperative two-player game. In particular, our model considers the investments that a malicious actor must make in order to conduct a successful targeted ransomware attack. We demonstrate how imperfect information is a crucial feature for replicating observed real-world behaviour. Furthermore, we present optimal strategies for both the malicious actor and the target, and demonstrate how imperfect information results in a non-trivial optimal strategy for the malicious actor.INDEX TERMS Cybersecurity, game theory, ransomware, threat analysis. I. INTRODUCTIONComputer security is a rapidly developing field, with new threats emerging and evolving constantly. As computer security providers develop their methods for detecting malware (malicious software), the malicious actors behind the various strains of malware are forced to refine their techniques for avoiding detection, prompting further development from the computer security industry. As a result of the interaction between these competing agendas, problems in computer security can give rise to rich dynamical behaviour. By analysing these dynamics, we can provide insights that assist in understanding phenomena observed in computer security. The current paper seeks to provide insight on recent developments in ransomware by using game theory to explore the dynamics they have introduced.Ransomware is a type of malware designed to extort a ransom from the victim [1], [2], usually by denying the victim access to their computer or data until the ransom has been paid. In the past, ransomware relied on extorting a small amount of money from a large number of victims. The ransom itself would be fixed at a price low enough that nearly anyone could pay, but was typically non-negotiable, as negotiating a small ransom with many victims would not be worth the The associate editor coordinating the review of this manuscript and approving it for publication was Wen Chen .

show abstract

Game Theory of Data-selling Ransomware

Cited by 17 publications

References 18 publications

Mitigating Data Exfiltration Ransomware through Advanced Decoy File Strategies

Mitigating Data Exfiltration Ransomware through Advanced Decoy File Strategies

Untitled

Dynamics of Targeted Ransomware Negotiation

Contact Info

Product

Resources

About