On the Economics of Ransomware

TL;DR

This paper introduces the first game-theoretic model of the ransomware ecosystem, analyzing organizational decisions on backup investments and ransom payments to understand attack deterrence.

Contribution

It develops a multi-stage game-theoretic framework capturing organizational strategies and incentives in ransomware scenarios, emphasizing backup investments as a deterrent.

Findings

Backup investments can reduce attack frequency.

Ransom payments are influenced by backup preparedness.

Industry-wide backup strategies may deter attacks.

Abstract

While recognized as a theoretical and practical concept for over 20 years, only now ransomware has taken centerstage as one of the most prevalent cybercrimes. Various reports demonstrate the enormous burden placed on companies, which have to grapple with the ongoing attack waves. At the same time, our strategic understanding of the threat and the adversarial interaction between organizations and cybercriminals perpetrating ransomware attacks is lacking. In this paper, we develop, to the best of our knowledge, the first game-theoretic model of the ransomware ecosystem. Our model captures a multi-stage scenario involving organizations from different industry sectors facing a sophisticated ransomware attacker. We place particular emphasis on the decision of companies to invest in backup technologies as part of a contingency plan, and the economic incentives to pay a ransom if impacted by an attack. We further study to which degree comprehensive industry-wide backup investments can serve as a deterrent for ongoing attacks.