Mitigating Data Exfiltration Ransomware through Advanced Decoy File Strategies

Liu, Shishi; Chen, Xin

doi:10.21203/rs.3.rs-3750416/v1

Search citation statements

Order By: Relevance

Paper Sections

Select...

Discussion1

Citation Types

Supporting

Mentioning

Contrasting

Year Published

2024

Publication Types

Select...

Preprint1

Relationship

Self Cite0

Independent1

Authors

Journals

Cited by 1 publication

(1 citation statement)

References 45 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…These results align with preventive measures suggested by others [18,19,21,24,28]. Lee et al [18] proposes a strategy to hide files from attackers.…”

Section: Discussionsupporting

confidence: 85%

Double-sided Information Asymmetry in Double Extortion Ransomware

Meurs,

Cartwright,

Cartwright

2024

Preprint

View full text Add to dashboard Cite

Double extortion ransomware attacks are a form of cyber attack where the victims files are both encrypted and exfiltrated for extortion purposes. There is empirical evidence that double extortion leads to an increased willingness to pay a ransom, and higher ransoms, compared to encryption-only attacks. In this paper we model two important sources of assymetric information between victim and attacker: (a) Victims are typically uncertain whether data is exfiltrated, due to for example misconfigured monitoring systems. (b) It is hard for attackers to estimate the value of compromised files. We use game theory to analyse the payoff consequences of such private information. Specifically, we analyse a signaling game with double-sided information asymmetry: (1) attackers know whether data is exfiltrated and victims do not, and (2) victims know the value of data if it is exfiltrated, but the attackers do not. Our analysis indicates that private information substantially lowers the payoff of attackers. In interpretation, this suggests that private information is valuable to victims and a means to reduce incentives for criminals to pursue ransomware.

show abstract

“…These results align with preventive measures suggested by others [18,19,21,24,28]. Lee et al [18] proposes a strategy to hide files from attackers.…”

Section: Discussionsupporting

confidence: 85%