Ransomware 2.0: To sell, or not to sell a game-theoretical model of data-selling Ransomware

Zhen Li, Qi Liao

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

1 Scopus citations

Abstract

Cybercrime such as ransomware denies access to valuable data until a ransom is paid. Recent ransomware attacks on organizations such as hospitals, schools, government agencies and private businesses raise public awareness of the severe impact on the society. In this paper, we propose a hypothetical new revenue model for the ransomware, i.e., selling the stolen data. Through a game-theoretical analysis between attackers and victims, we contribute a novel model to understand the critical decision variables between the traditional ransomware (ransomware 1.0) - demanding ransom only and the new type of ransomware (ransomware 2.0) - selling the data as well as demanding ransom. Both theoretical modeling and simulation studies suggest that in general ransomware 2.0 is more profitable than ransomware 1.0. Common defensive measures that may work to eliminate the financial incentives of ransomware 1.0 may not work on ransomware 2.0, in particular the data backup practice and the never-pay-ransom strategy. Nevertheless, the uncertainties created by this new revenue model may affect attackers' reputation and users' willingness-to-pay. In turn, ransomware 2.0 may not always increase the profitability of attackers. Another finding of the study suggests that reputation maximization is critical in ransomware 1.0 but not in ransomware 2.0, where attackers should seek imperfect reputation for profit maximization.

Original languageEnglish
Title of host publicationProceedings of the 15th International Conference on Availability, Reliability and Security, ARES 2020
PublisherAssociation for Computing Machinery
ISBN (Electronic)9781450388337
DOIs
StatePublished - Aug 25 2020
Event15th International Conference on Availability, Reliability and Security, ARES 2020 - Virtual, Online, Ireland
Duration: Aug 25 2020Aug 28 2020

Publication series

NameACM International Conference Proceeding Series

Conference

Conference15th International Conference on Availability, Reliability and Security, ARES 2020
Country/TerritoryIreland
CityVirtual, Online
Period08/25/2008/28/20

Keywords

  • Cyber-security
  • Economics
  • Game theory
  • Ransomware 2.0
  • data selling

Fingerprint

Dive into the research topics of 'Ransomware 2.0: To sell, or not to sell a game-theoretical model of data-selling Ransomware'. Together they form a unique fingerprint.

Cite this