Preventive portfolio against data-selling ransomware—A game theory of encryption and deception

Ransomware has risen to be among the top cyber threats in recent years. There is an alarming trend of ransomware stealing data in addition to locking files. Compared to traditional ransomware, this new data-selling ransomware can be more harmful to the victims facing the data leakage threat. Traditional wisdom of defensive measures such as data backup is less effective in preventing the attacker from making money by selling data. We propose two preventive measures designed to defend against the data-selling ransomware, i.e., preventive data encryption and preventive data deception. Users may form a preventive portfolio made up of the two preventive measures. We contribute a novel game theoretical model of the data-selling ransomware to study the equilibrium strategies of the attacker and victims. The equilibrium solution of the portfolio and tradeoff analysis of both data encryption and deception are particularly useful for the users to optimize their system to defend against ransomware attacks. Simulation studies demonstrate the effectiveness of the preventive portfolio, which maximizes user utility while significantly reducing the profit of the attacker.