Preventive portfolio against data-selling ransomware—A game theory of encryption and deception

Zhen Li, Qi Liao

Research output: Contribution to journalArticlepeer-review

3 Scopus citations


Ransomware has risen to be among the top cyber threats in recent years. There is an alarming trend of ransomware stealing data in addition to locking files. Compared to traditional ransomware, this new data-selling ransomware can be more harmful to the victims facing the data leakage threat. Traditional wisdom of defensive measures such as data backup is less effective in preventing the attacker from making money by selling data. We propose two preventive measures designed to defend against the data-selling ransomware, i.e., preventive data encryption and preventive data deception. Users may form a preventive portfolio made up of the two preventive measures. We contribute a novel game theoretical model of the data-selling ransomware to study the equilibrium strategies of the attacker and victims. The equilibrium solution of the portfolio and tradeoff analysis of both data encryption and deception are particularly useful for the users to optimize their system to defend against ransomware attacks. Simulation studies demonstrate the effectiveness of the preventive portfolio, which maximizes user utility while significantly reducing the profit of the attacker.

Original languageEnglish
Article number102644
JournalComputers and Security
StatePublished - May 2022


  • Computer and network security
  • Cybersecurity
  • Data-selling ransomware
  • Deception
  • Economics
  • Encryption
  • Game theory
  • Preventive portfolio


Dive into the research topics of 'Preventive portfolio against data-selling ransomware—A game theory of encryption and deception'. Together they form a unique fingerprint.

Cite this