Should We Outlaw Ransomware Payments? Dey, Debabrata Lahiri, Atanu 2020-12-24T20:22:30Z 2020-12-24T20:22:30Z 2021-01-05
dc.description.abstract Recently, there has been an upsurge in ransomware attacks. A ransomware attacker encrypts a user's files and then demands a ransom in exchange for the decryption key. While paying the ransom allows the user to quickly unlock the locked files and avoid potentially larger losses, it also strengthens the hands of the attacker and increases the chance of a future attack. We study this dilemma of the victims using a game-theoretic model and the resulting equilibrium. This leads to several interesting insights such as that legally prohibiting ransom payments may not always have the desired economic effects---in some cases, a ban is effective in addressing the economic externality but, in others, it may reduce overall welfare. We explain when and why a ban may help and when it may not. Our findings have important implications for policymakers who are currently debating laws that, if enacted, will ban payments to attackers.
dc.format.extent 9 pages
dc.identifier.doi 10.24251/HICSS.2021.794
dc.identifier.isbn 978-0-9981331-4-0
dc.language.iso English
dc.relation.ispartof Proceedings of the 54th Hawaii International Conference on System Sciences
dc.rights Attribution-NonCommercial-NoDerivatives 4.0 International
dc.subject Strategy, Information, Technology, Economics, and Society (SITES)
dc.subject externality
dc.subject information security
dc.subject markov decision process
dc.subject ransomware
dc.subject social cost.
dc.title Should We Outlaw Ransomware Payments?
prism.startingpage 6609
Original bundle
Now showing 1 - 1 of 1
No Thumbnail Available
384.46 KB
Adobe Portable Document Format