Ransomware Negotiation: Dynamics and Privacy-Preserving Mechanism Design

TL;DR

This paper models ransomware negotiations as a bargaining game, analyzes how incomplete information affects strategies, and proposes a privacy-preserving mechanism to facilitate fair and rapid ransom agreements without revealing private data.

Contribution

It introduces a formal bargaining model for ransomware negotiations and develops a novel privacy-preserving mechanism using secure computation techniques.

Findings

Negotiation dynamics are significantly affected by incomplete information.

The proposed mechanism ensures fair ransom agreements while preserving privacy.

Implementation via secure two-party computation demonstrates practical feasibility.

Abstract

Ransomware attacks have become a pervasive and costly form of cybercrime, causing tens of millions of dollars in losses as organizations increasingly pay ransoms to mitigate operational disruptions and financial risks. While prior research has largely focused on proactive defenses, the post-infection negotiation dynamics between attackers and victims remains underexplored. This paper presents a formal analysis of attacker-victim interactions in modern ransomware incidents using a finite-horizon alternating-offers bargaining game model. Our analysis demonstrates how bargaining alters the optimal strategies of both parties. In practice, incomplete information-attackers lacking knowledge of victims' data valuations and victims lacking knowledge of attackers' reservation ransoms-can prolong negotiations and increase victims' business interruption costs. To address this, we design a Bayesian incentive-compatible mechanism that facilitates rapid agreement on a fair ransom without requiring either party to disclose private valuations. We further implement this mechanism using secure two-party computation based on garbled circuits, thereby eliminating the need for trusted intermediaries and preserving the privacy of both parties throughout the negotiation. To the best of our knowledge, this is the first automated, privacy-preserving negotiation mechanism grounded in a formal analysis of ransomware negotiation dynamics.