Please use this identifier to cite or link to this item: http://hdl.handle.net/10125/71414

Should We Outlaw Ransomware Payments?

File Size Format  
0646.pdf 384.46 kB Adobe PDF View/Open

Item Summary

Title:Should We Outlaw Ransomware Payments?
Authors:Dey, Debabrata
Lahiri, Atanu
Keywords:Strategy, Information, Technology, Economics, and Society (SITES)
externality
information security
markov decision process
ransomware
show 1 moresocial cost.
show less
Date Issued:05 Jan 2021
Abstract:Recently, there has been an upsurge in ransomware attacks. A ransomware attacker encrypts a user's files and then demands a ransom in exchange for the decryption key. While paying the ransom allows the user to quickly unlock the locked files and avoid potentially larger losses, it also strengthens the hands of the attacker and increases the chance of a future attack. We study this dilemma of the victims using a game-theoretic model and the resulting equilibrium. This leads to several interesting insights such as that legally prohibiting ransom payments may not always have the desired economic effects---in some cases, a ban is effective in addressing the economic externality but, in others, it may reduce overall welfare. We explain when and why a ban may help and when it may not. Our findings have important implications for policymakers who are currently debating laws that, if enacted, will ban payments to attackers.
Pages/Duration:9 pages
URI:http://hdl.handle.net/10125/71414
ISBN:978-0-9981331-4-0
DOI:10.24251/HICSS.2021.794
Rights:Attribution-NonCommercial-NoDerivatives 4.0 International
https://creativecommons.org/licenses/by-nc-nd/4.0/
Appears in Collections: Strategy, Information, Technology, Economics, and Society (SITES)


Please email libraryada-l@lists.hawaii.edu if you need this content in ADA-compliant format.

This item is licensed under a Creative Commons License Creative Commons