Economic Analysis of Ransomware
This work provides insights for cybersecurity professionals and policymakers to predict and counter the evolving threat of ransomware, though it is incremental in building on existing economic models.
The paper tackles the problem of understanding ransomware economics by analyzing data from major ransomware families and evaluating different pricing strategies, such as uniform pricing and price discrimination, to determine their impact on success rates.
We present in this work an economic analysis of ransomware, with relevant data from Cryptolocker, CryptoWall, TeslaCrypt and other major strands. We include a detailed study of the impact that different price discrimination strategies can have on the success of a ransomware family, examining uniform pricing, optimal price discrimination and bargaining strategies and analysing their advantages and limitations. In addition, we present results of a preliminary survey that can helps in estimating an optimal ransom value. We discuss at each stage whether the different schemes we analyse have been encountered already in existing malware, and the likelihood of them being implemented and becoming successful. We hope this work will help to gain some useful insights for predicting how ransomware may evolve in the future and be better prepared to counter its current and future threat.