NAS-ransomware: hoe ransomware-aanvallen tegen NAS-apparaten verschillen van reguliere ransomware-aanvallen

Meurs, Tom; Junger, Marianne; Tews, Erik; Abhishta, Abhishta

doi:10.5553/tvv/.000044

Cited by 2 publications

(26 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The last decade has seen a rapid rise in crypto-ransomware attacks impacting individuals, businesses, charities and public organisations [7,8,11,26,27,31]. Crypto-ransomware, or ransomware for short, is broadly defined as the use of crypto-techniques to encrypt the files of a victim, after which the attackers ask for a ransom to decrypt the files [23,38].…”

Section: Introductionmentioning

confidence: 99%

“…The criminals can, thus, extort the victim for access to the decryption key and to avoid data leak. Double extortion has been shown to increase the ransom requested and ransom amount paid [24,26]. Specifically, Meurs et al [26] analysed 353 ransomware attacks reported to the Dutch Police and found a significant positive effect of data exfiltration on ransom requested.…”

Section: Introductionmentioning

confidence: 99%

“…Double extortion has been shown to increase the ransom requested and ransom amount paid [24,26]. Specifically, Meurs et al [26] analysed 353 ransomware attacks reported to the Dutch Police and found a significant positive effect of data exfiltration on ransom requested. In a follow-up study, Meurs et al [25] analysed 429 ransomware attacks reported to the Dutch Police and an Incident Response company.…”

Section: Introductionmentioning

confidence: 99%

“…To our knowledge, no previous studies have modelled this two-sided information asymmetry of data exfiltration, and analysed how it impacts the profitability of attacks. Most empirical [26] and game-theoretical modeling [19,20] of double extortion ransomware has focused on the extra profits for attackers by conducting data exfiltration and encryption, compared to only data encryption. We address the relationship between the uncertainty of data exfiltration and profitability by analysing a signaling game.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Double-sided Information Asymmetry in Double Extortion Ransomware

Meurs,

Cartwright,

Cartwright

2024

Preprint

Self Cite

View full text Add to dashboard Cite

Double extortion ransomware attacks are a form of cyber attack where the victims files are both encrypted and exfiltrated for extortion purposes. There is empirical evidence that double extortion leads to an increased willingness to pay a ransom, and higher ransoms, compared to encryption-only attacks. In this paper we model two important sources of assymetric information between victim and attacker: (a) Victims are typically uncertain whether data is exfiltrated, due to for example misconfigured monitoring systems. (b) It is hard for attackers to estimate the value of compromised files. We use game theory to analyse the payoff consequences of such private information. Specifically, we analyse a signaling game with double-sided information asymmetry: (1) attackers know whether data is exfiltrated and victims do not, and (2) victims know the value of data if it is exfiltrated, but the attackers do not. Our analysis indicates that private information substantially lowers the payoff of attackers. In interpretation, this suggests that private information is valuable to victims and a means to reduce incentives for criminals to pursue ransomware.

show abstract

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Double-sided Information Asymmetry in Double Extortion Ransomware

Meurs,

Cartwright,

Cartwright

2024

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…Various sources provide insights into the size of ransomware payments in recent years. An empirical study of ransomware attacks reported to the Dutch Police from 2019 to 2022 indicated an average ransom demand of 720,256 euros, with 21% of victims actually paying the ransom, resulting in financial losses of 433,191 euros [25], as victims have estimated when they reported to the police.…”

Section: Introductionmentioning

confidence: 99%

Ransomware Economics: A Two-Step Approach To Model Ransom Paid

Meurs,

Cartwright,

Cartwright

et al. 2023

2023 APWG Symposium on Electronic Crime Research (eCrime)

Self Cite

View full text Add to dashboard Cite

Ransomware poses a significant and pressing challenge in today's society. Mitigation efforts aim to reduce the profitability of ransomware attacks. Nevertheless, limited research has analysed factors that influence the size of ransom and willingness of businesses to pay a ransom. This study aims to address this existing gap by conducting an empirical investigation that focuses on the ransom paid by victims. Extending on past research, we analyse 382 ransomware attacks reported to the Dutch Police and/or handled by an Incident Response (IR) company. One challenge of modeling ransom payments is the large proportion of victims who did not pay, which leads to zeroinflation. We tackled this problem by employing a hurdle model, which effectively deals with zero-inflation by capturing ransom paid as a two-step decision-making process: first, victims decide whether to comply with the ransom demands, and if they choose to do so, they then need to determine the acceptable ransom amount. The results indicate that the presence of backups and the decision to go to an IR company play a pivotal role in the decision whether to pay the ransom or not. In addition, our findings identify insurance coverage, data exfiltration, and annual revenue of the victim as key determinants affecting the ransom amounts. Specifically, having insurance results in ransoms that are 2.7 times larger, data exfiltration corresponds to a 4.4 times increase in the ransom, and each 1% increase in a victim's yearly revenue causes a 0.12% rise in the ransom paid. In concluding our paper, we present practical policy recommendations that take into account the two crucial decision-making steps outlined in our study, focusing on data exfiltration and insurance.

show abstract

NAS-ransomware: hoe ransomware-aanvallen tegen NAS-apparaten verschillen van reguliere ransomware-aanvallen

Cited by 2 publications

References 18 publications

Double-sided Information Asymmetry in Double Extortion Ransomware

Double-sided Information Asymmetry in Double Extortion Ransomware

Ransomware Economics: A Two-Step Approach To Model Ransom Paid

Contact Info

Product

Resources

About