On the Economics of Ransomware

Lászka, Áron; Farhang, Sadegh; Großklags, Jens

doi:10.1007/978-3-319-68711-7_21

Cited by 42 publications

(26 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Since significant financial gain continuously drives the creation and spread of ransomware [3], one of the most effective methods of combating this type of malware is cutting off the supply of funds obtained through the ransom paid by the victims. Hence, a deeper understanding of the typical victims of ransomware attacks can be very helpful in coming up with solutions that prevent or mitigate the current fastgrowing ransomware problem.…”

Section: Ransomware Victimsmentioning

confidence: 99%

“…The user can only regain access if and when a sometimes-hefty "ransom" is paid, and in many instances, the access to the data is never returned to the user even if the ransom is paid in full [2]. Consequently, due to the significant financial gain ransomware can offer the perpetrators [3], considerable resources are often put behind the creation of new and innovative variants, allowing them to bypass state-of-the-art anti-virus and anti-malware software [4].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Volenti non fit injuria: Ransomware and its Victims

Atapour-Abarghouei

Bonner

McGough

2019

2019 IEEE International Conference on Big Data (Big Data)

View full text Add to dashboard Cite

With the recent growth in the number of malicious activities on the internet, cybersecurity research has seen a boost in the past few years. However, as certain variants of malware can provide highly lucrative opportunities for bad actors, significant resources are dedicated to innovations and improvements by vast criminal organisations. Among these forms of malware, ransomware has experienced a significant recent rise as it offers the perpetrators great financial incentive. Ransomware variants operate by removing system access from the user by either locking the system or encrypting some or all of the data, and subsequently demanding payment or ransom in exchange for returning system access or providing a decryption key to the victim. Due to the ubiquity of sensitive data in many aspects of modern life, many victims of such attacks, be they an individual home user or operators of a business, are forced to pay the ransom to regain access to their data, which in many cases does not happen as renormalisation of system operations is never guaranteed. As the problem of ransomware does not seem to be subsiding, it is very important to investigate the underlying forces driving and facilitating such attacks in order to create preventative measures. As such, in this paper, we discuss and provide further insight into variants of ransomware and their victims in order to understand how and why they have been targeted and what can be done to prevent or mitigate the effects of such attacks.

show abstract

Section: Ransomware Victimsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Volenti non fit injuria: Ransomware and its Victims

Atapour-Abarghouei

Bonner

McGough

2019

2019 IEEE International Conference on Big Data (Big Data)

View full text Add to dashboard Cite

show abstract

“…An obvious recovery-based countermeasure against malware/ransomware is to make offline backup of important data regularly (on media disconnected from the computer or with device-enforced write protection, as ransomware also attempts to erase accessible backups). Although simple in theory, effective deployment/use of backup tools could be non-trivial, e.g., determining frequency of backups, checking integrity of backups regularly (see Laszka et al [35] for an economic analysis of paying ransom vs. backup strategies). More problematically, the disconnected/write-protected media must be connected/unlocked (online) during backup, at which point, malware/ransomware can encrypt/delete the files (see [24], [41]).…”

Section: Related Workmentioning

confidence: 99%

TEE-aided Write Protection Against Privileged Data Tampering

Zhao

Mannan²

2019

Proceedings 2019 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Unauthorized data alteration has been a longstanding threat since the emergence of malware. System and application software can be reinstalled and hardware can be replaced, but user data is priceless in many cases. Especially in recent years, ransomware has become high-impact due to its direct monetization model. State-of-the-art defenses are mostly based on known signature or behavior analysis, and more importantly, require an uncompromised OS kernel. However, malware with the highest software privileges has shown its obvious existence.We propose to move from current detection/recovery based mechanisms to data loss prevention, where the focus is on armoring data instead of counteracting malware. Our solution, Inuksuk, relies on today's Trusted Execution Environments (TEEs), as available both on the CPU and storage device, to achieve programmable write protection. We back up a copy of user-selected files as write-protected at all times, and subsequent updates are written as new versions securely through TEE. We implement Inuksuk on Windows 7 and 10, and Linux (Ubuntu); our core design is OS and application agnostic, and incurs no run-time performance penalty for applications. File transfer disruption can be eliminated or alleviated through access modes and customizable update policies (e.g., interval, granularity). For Inuksuk's adoptability in modern OSes, we have also ported Flicker (EuroSys 2008), a defacto standard tool for in-OS privileged TEE management, to the latest 64-bit Windows.

show abstract

“…From the perspective of consumers, the game is more complex. Laszka et al (2017) explore security investments in risk mitigation (e.g, backups) and the strategic decision of whether to pay ransom. They abstract away any preventive effort investments by consumers (patching, firewalls, etc).…”

Section: Literature Reviewmentioning

confidence: 99%