Anna Cartwright scite author profile

Ransomware is a type of malware that encrypts files and demands a ransom from victims. It can be viewed as a form of kidnapping in which the criminal takes control of the victim’s files with the objective of financial gain. In this article, we review and develop the game theoretic literature on kidnapping in order to gain insight on ransomware. The prior literature on kidnapping has largely focused on political or terrorist hostage taking. We demonstrate, however, that key models within the literature can be adapted to give critical new insight on ransomware. We primarily focus on two models. The first gives insight on the optimal ransom that criminals should charge. The second gives insight on the role of deterrence through preventative measures. A key insight from both models will be the importance of spillover effects across victims. We will argue that such spillovers point to the need for some level of outside intervention, by governments or otherwise, to tackle ransomware.

show abstract

An economic analysis of ransomware and its welfare consequences

Hernández-Castro

Cartwright

2020

R. Soc. open sci.

View full text Add to dashboard Cite

We present in this work an economic analysis of ransomware, a relatively new form of cyber-enabled extortion. We look at how the illegal gains of the criminals will depend on the strategies they use, examining uniform pricing and price discrimination. We also explore the welfare costs to society of such strategies. In addition, we present the results of a pilot survey which demonstrate proof of concept in evaluating the costs of ransomware attacks. We discuss at each stage whether the different strategies we analyse have been encountered already in existing malware, and the likelihood of them being implemented in the future. We hope this work will provide some useful insights for predicting how ransomware may evolve in the future.

show abstract

Ransomware and Reputation

Cartwright

2019

Games

View full text Add to dashboard Cite

Ransomware is a particular form of cyber-attack in which a victim loses access to either his electronic device or files unless he pays a ransom to criminals. A criminal's ability to make money from ransomware critically depends on victims believing that the criminal will honour ransom payments. In this paper we explore the extent to which a criminal can build trust through reputation. We demonstrate that there are situations in which it is optimal for the criminal to always return the files and situations in which it is not. We argue that the ability to build reputation will depend on how victims distinguish between different ransomware strands. If ransomware is to survive as a long term revenue source for criminals then they need to find ways of building a good reputation.

show abstract

Between a rock and a hard(ening) place: Cyber insurance in the ransomware era

Mott

Turner

Nurse

et al. 2023

Computers & Security

View full text Add to dashboard Cite

How cyber insurance influences the ransomware payment decision: theory and evidence

Cartwright

MacColl

et al. 2023

Geneva Pap Risk Insur Issues Pract

View full text Add to dashboard Cite

In this paper we analyse how cyber-insurance influences the cost-benefit decision making process of a ransomware victim. Specifically, we ask whether organizations with cyber-insurance are more likely to pay a ransom than non-insureds. We propose a game-theoretic framework with which to categorize and distinguish different channels through which insurance may influence victim decision making. This allows us to identify ways in which insurance may incentivize or disincentivize payment of the ransom. Our framework is informed by data from semi-structured interviews with 65 professionals with expertise in cyber-insurance, cybersecurity and/or ransomware, as well as data from the UK Cyber Security Breaches Survey. We find that perceptions are very divided on whether victims with insurance are more (or less) likely to pay a ransom. Our model can reconcile these views once we take into account context specifics, such as the severity of the attack as measured by business interruption and restoration and/or the exfiltration of sensitive data.

show abstract

An investigation of individual willingness to pay ransomware

Cartwright

Xue

et al. 2022

JFC

View full text Add to dashboard Cite

Purpose Ransomware is a relatively new form of financial extortion that is proving a major cyber-security threat to individuals and organisations. This study aims to investigate factors that may influence an individual's willingness to engage in a ransom payment. Design/methodology/approach This study ran a large survey (n = 1,798) on a representative sample of the UK population. This study elicited willingness to pay (WTP) ransomware and also reasons for not wanting to pay a ransom to criminals. This study then used non-parametric tests and regression analysis to identify factors that influence WTP. Findings This study finds that women and younger age groups are significantly more willing to pay a ransom, as are those who store photos. There is a strong positive relationship between concern for data breach and WTP a ransom. Originality/value To the best of the authors’ knowledge, this is the first large scale study to look at WTP ransomware. This study identifies a range of factors that can help inform law enforcement to target advice about ransomware attacks.

show abstract

The Economics of Ransomware Attacks on Integrated Supply Chain Networks

Cartwright

2023

Digital Threats

View full text Add to dashboard Cite

We explore the economics of ransomware on production supply chains. Integrated supply chains result in a mutual-dependence between firms that can be exploited by cyber-criminals. For instance, we show that by targeting one firm in the network the criminals can potentially hold multiple firms to ransom. Overlapping security systems may also allow the criminals to strike at weak points in the network. For instance, it may be optimal for the attacker to target a supplier in order to ransom a large producer at the heart of the production network. We introduce a game theoretic model of an attack on a supply chain and solve for two types of Nash equilibria. We then study a hub and spoke example before providing simulation results for a general case. We find that the total ransom the criminals can demand is increasing in the average path length of the network. Thus, the ransom is lowest for a hub and spoke network and highest for a line network. Mitigation strategies are discussed.

show abstract

Extortion of a Staking Pool in a Proof-of-Stake Consensus Mechanism

Bhudia

Cartwright

et al. 2022

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Anna Cartwright

To pay or not: game theoretic models of ransomware

An economic analysis of ransomware and its welfare consequences

Ransomware and Reputation

Between a rock and a hard(ening) place: Cyber insurance in the ransomware era

How cyber insurance influences the ransomware payment decision: theory and evidence

An investigation of individual willingness to pay ransomware

The Economics of Ransomware Attacks on Integrated Supply Chain Networks

Extortion of a Staking Pool in a Proof-of-Stake Consensus Mechanism

Contact Info

Product

Resources

About