Deterrence, Backup, or Insurance: Game-Theoretic Modeling of Ransomware

Yin, Tongxin; Sarabi, Armin; Liu, Mingyan

doi:10.3390/g14020020

Cited by 5 publications

(11 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Developing customizable, dynamic decoys indistinguishable from genuine data at scale is an open problem [28,58]. Moreover, data exfiltration prior to encryption leaves minimal time between decoy-based detection and actual data loss [59,16]. Hence decoys should focus on disrupting this initial exfiltration stage [60,52].…”

Section: Current Decoy File Techniquesmentioning

confidence: 99%

See 1 more Smart Citation

Mitigating Data Exfiltration Ransomware through Advanced Decoy File Strategies

Liu,

Chen

2023

Preprint

View full text Add to dashboard Cite

This study introduces an advanced decoy file strategy utilizing Generative Adversarial Networks (GANs) to combat data exfiltration ransomware threats. Focused on creating highly realistic decoy documents, the system embeds these across enterprise networks, engaging ransomware threats effectively. It includes real-time monitoring for abnormal interactions and proactive response mechanisms for threat containment. Rigorous testing against various ransomware samples demonstrated high engagement rates and rapid response times, confirming the system's effectiveness. Integration across diverse network types was achieved with minimal operational overhead. This study highlights the system's adaptability in the face of evolving ransomware tactics and underscores the balance between decoy realism and deployability.

show abstract

Section: Current Decoy File Techniquesmentioning

confidence: 99%

“…Early decoy-based defenses against ransomware involved basic "honeyfiles" -fake files left as bait across networks [49,50]. Access attempts would trigger alerts to indicate malicious activity [51].…”

Section: Current Decoy File Techniquesmentioning

confidence: 99%

Mitigating Data Exfiltration Ransomware through Advanced Decoy File Strategies

Liu,

Chen

2023

Preprint

View full text Add to dashboard Cite

show abstract

“…The game-theoretic analysis of ransomware in this paper assumes that the defender can invest in two types of ransomware protection: (1) general protection due to deterrence effort, which reduces the probability of infection, and (2) a backup plan that enables the user to recover from the infection [74]. Based on the general consensus among security experts [71] that "96% of those whose data were encrypted obtained their data back in the most significant ransomware attack," and that "only 8% (of those who paid) obtained all their data back," we constructed a payoff matrix, as seen Figure 2.…”

Section: Modeling Virlock With Game Theorymentioning

confidence: 99%

A Comparative Analysis of VirLock and Bacteriophage ϕ6 through the Lens of Game Theory

Kostadimas,

Kastampolidou,

Andronikos

2023

Analytics

View full text Add to dashboard Cite

The novelty of this paper lies in its perspective, which underscores the fruitful correlation between biological and computer viruses. In the realm of computer science, the study of theoretical concepts often intersects with practical applications. Computer viruses have many common traits with their biological counterparts. Studying their correlation may enhance our perspective and, ultimately, augment our ability to successfully protect our computer systems and data against viruses. Game theory may be an appropriate tool for establishing the link between biological and computer viruses. In this work, we establish correlations between a well-known computer virus, VirLock, with an equally well-studied biological virus, the bacteriophage ϕ6. VirLock is a formidable ransomware that encrypts user files and demands a ransom for data restoration. Drawing a parallel with the biological virus bacteriophage ϕ6, we uncover conceptual links like shared attributes and behaviors, as well as useful insights. Following this line of thought, we suggest efficient strategies based on a game theory perspective, which have the potential to address the infections caused by VirLock, and other viruses with analogous behavior. Moreover, we propose mathematical formulations that integrate real-world variables, providing a means to gauge virus severity and design robust defensive strategies and analytics. This interdisciplinary inquiry, fusing game theory, biology, and computer science, advances our understanding of virus behavior, paving the way for the development of effective countermeasures while presenting an alternative viewpoint. Throughout this theoretical exploration, we contribute to the ongoing discourse on computer virus behavior and stimulate new avenues for addressing digital threats. In particular, the formulas and framework developed in this work can facilitate better risk analysis and assessment, and become useful tools in penetration testing analysis, helping companies and organizations enhance their security.

show abstract

“…We remark that our paper adds to a growing literature using game theory to analyse the ransomware decision process [4,5,9,13]. Prior game-theoretical studies have focused on the interaction of ransomware and victim's decision to invest in security measures like backups or insurance [2,32,36,38]. For instance, Laszka, Farhang and Grossklags [17] focused on modeling the ransomware ecosystem as a whole and how backup decisions affect the ransomware ecosystem.…”

Section: Introductionmentioning

confidence: 97%

Double-sided Information Asymmetry in Double Extortion Ransomware

Meurs,

Cartwright,

Cartwright

2024

Preprint

View full text Add to dashboard Cite

Double extortion ransomware attacks are a form of cyber attack where the victims files are both encrypted and exfiltrated for extortion purposes. There is empirical evidence that double extortion leads to an increased willingness to pay a ransom, and higher ransoms, compared to encryption-only attacks. In this paper we model two important sources of assymetric information between victim and attacker: (a) Victims are typically uncertain whether data is exfiltrated, due to for example misconfigured monitoring systems. (b) It is hard for attackers to estimate the value of compromised files. We use game theory to analyse the payoff consequences of such private information. Specifically, we analyse a signaling game with double-sided information asymmetry: (1) attackers know whether data is exfiltrated and victims do not, and (2) victims know the value of data if it is exfiltrated, but the attackers do not. Our analysis indicates that private information substantially lowers the payoff of attackers. In interpretation, this suggests that private information is valuable to victims and a means to reduce incentives for criminals to pursue ransomware.

show abstract

Deterrence, Backup, or Insurance: Game-Theoretic Modeling of Ransomware

Cited by 5 publications

References 13 publications

Mitigating Data Exfiltration Ransomware through Advanced Decoy File Strategies

Mitigating Data Exfiltration Ransomware through Advanced Decoy File Strategies

A Comparative Analysis of VirLock and Bacteriophage ϕ6 through the Lens of Game Theory

Double-sided Information Asymmetry in Double Extortion Ransomware

Contact Info

Product

Resources

About