@inproceedings{ae67c0abec4c44919af61ee5f057f861,
title = "On the Economics of Ransomware",
abstract = "While recognized as a theoretical and practical concept for over 20 years, only now ransomware has taken centerstage as one of the most prevalent cybercrimes. Various reports demonstrate the enormous burden placed on companies, which have to grapple with the ongoing attack waves. At the same time, our strategic understanding of the threat and the adversarial interaction between organizations and cybercriminals perpetrating ransomware attacks is lacking. In this paper, we develop, to the best of our knowledge, the first game-theoretic model of the ransomware ecosystem. Our model captures a multi-stage scenario involving organizations from different industry sectors facing a sophisticated ransomware attacker. We place particular emphasis on the decision of companies to invest in backup technologies as part of a contingency plan, and the economic incentives to pay a ransom if impacted by an attack. We further study to which degree comprehensive industry-wide backup investments can serve as a deterrent for ongoing attacks.",
keywords = "Backups, Game theory, Ransomware, Security economics",
author = "Aron Laszka and Sadegh Farhang and Jens Grossklags",
note = "Publisher Copyright: {\textcopyright} 2017, Springer International Publishing AG.; 8th International Conference on Decision and Game Theory for Security, GameSec 2017 ; Conference date: 23-10-2017 Through 25-10-2017",
year = "2017",
doi = "10.1007/978-3-319-68711-7_21",
language = "English",
isbn = "9783319687100",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "397--417",
editor = "Christopher Kiekintveld and Stefan Schauer and Bo An and Stefan Rass and Fei Fang",
booktitle = "Decision and Game Theory for Security - 8th International Conference, GameSec 2017, Proceedings",
}