On the Economics of Ransomware
This addresses the economic and security challenges faced by companies dealing with ransomware, though it is incremental as it applies existing game theory to a new domain.
The paper tackles the lack of strategic understanding of ransomware threats by developing the first game-theoretic model of the ransomware ecosystem, focusing on organizations' investment in backup technologies and ransom payment decisions, and finds that comprehensive industry-wide backup investments can deter attacks.
While recognized as a theoretical and practical concept for over 20 years, only now ransomware has taken centerstage as one of the most prevalent cybercrimes. Various reports demonstrate the enormous burden placed on companies, which have to grapple with the ongoing attack waves. At the same time, our strategic understanding of the threat and the adversarial interaction between organizations and cybercriminals perpetrating ransomware attacks is lacking. In this paper, we develop, to the best of our knowledge, the first game-theoretic model of the ransomware ecosystem. Our model captures a multi-stage scenario involving organizations from different industry sectors facing a sophisticated ransomware attacker. We place particular emphasis on the decision of companies to invest in backup technologies as part of a contingency plan, and the economic incentives to pay a ransom if impacted by an attack. We further study to which degree comprehensive industry-wide backup investments can serve as a deterrent for ongoing attacks.