Search engine for discovering works of Art, research articles, and books related to Art and Culture
Javascript must be enabled to continue!
Double-sided Information Asymmetry in Double Extortion Ransomware
View through CrossRef
Abstract
Double extortion ransomware attacks are a form of cyber attack where the victims files are both encrypted and exfiltrated for extortion purposes. There is empirical evidence that double extortion leads to an increased willingness to pay a ransom, and higher ransoms, compared to encryption-only attacks. In this paper we model two important sources of assymetric information between victim and attacker: (a) Victims are typically uncertain whether data is exfiltrated, due to for example misconfigured monitoring systems. (b) It is hard for attackers to estimate the value of compromised files. We use game theory to analyse the payoff consequences of such private information. Specifically, we analyse a signaling game with double-sided information asymmetry: (1) attackers know whether data is exfiltrated and victims do not, and (2) victims know the value of data if it is exfiltrated, but the attackers do not. Our analysis indicates that private information substantially lowers the payoff of attackers. In interpretation, this suggests that private information is valuable to victims and a means to reduce incentives for criminals to pursue ransomware.
Title: Double-sided Information Asymmetry in Double Extortion Ransomware
Description:
Abstract
Double extortion ransomware attacks are a form of cyber attack where the victims files are both encrypted and exfiltrated for extortion purposes.
There is empirical evidence that double extortion leads to an increased willingness to pay a ransom, and higher ransoms, compared to encryption-only attacks.
In this paper we model two important sources of assymetric information between victim and attacker: (a) Victims are typically uncertain whether data is exfiltrated, due to for example misconfigured monitoring systems.
(b) It is hard for attackers to estimate the value of compromised files.
We use game theory to analyse the payoff consequences of such private information.
Specifically, we analyse a signaling game with double-sided information asymmetry: (1) attackers know whether data is exfiltrated and victims do not, and (2) victims know the value of data if it is exfiltrated, but the attackers do not.
Our analysis indicates that private information substantially lowers the payoff of attackers.
In interpretation, this suggests that private information is valuable to victims and a means to reduce incentives for criminals to pursue ransomware.
Related Results
Early Detection of Windows Cryptographic Ransomware Based on Pre-Attack API Calls Features and Machine Learning
Early Detection of Windows Cryptographic Ransomware Based on Pre-Attack API Calls Features and Machine Learning
Ransomware attacks are currently one of cybersecurity's greatest and most alluring threats. Antivirus software is frequently ineffective against zero-day malware and ransomware att...
Ransomware Classification with Deep Neural Network and Bi-LSTM
Ransomware Classification with Deep Neural Network and Bi-LSTM
Malicious attacks, malware, and ransomware families present essential risks to cybersecurity and may result in significant harm to computer systems, data clusters, networks, and mo...
KRDroid: Ransomware-Oriented Detector for Mobile Devices Based on Behaviors
KRDroid: Ransomware-Oriented Detector for Mobile Devices Based on Behaviors
Ransomware has become a serious threat on Android and new cases of ransomware are continuously growing. Most existing ransomware detectors use sensitive text or APIs to detect rans...
Cultural Transmission and Extortion
Cultural Transmission and Extortion
This paper explores the role of cultural transmission in extortion. Extortion is modeled as an asymmetric contest where individuals from one group attempt to take from individuals ...
ARMED EXTORTION IN LIGHT OF THE PRINCIPLE OF CRIMINAL LEGALITY
ARMED EXTORTION IN LIGHT OF THE PRINCIPLE OF CRIMINAL LEGALITY
Furthermore, the DRC's military courts and tribunals fail to respect the principle of legality of offenses and penalties, in that they conflate the offense of armed robbery with th...
The Evolution of Ransomware: Legal, Technical, and Policy Responses in the United States
The Evolution of Ransomware: Legal, Technical, and Policy Responses in the United States
Ransomware has emerged as one of the most disruptive forms of cybercrime in the United States, evolving from opportunistic attacks on individual users into highly organized campaig...
Quantification of three-dimensional facial asymmetry for diagnosis and postoperative evaluation of orthognathic surgery
Quantification of three-dimensional facial asymmetry for diagnosis and postoperative evaluation of orthognathic surgery
Abstract
Background
To evaluate the facial asymmetry, three-dimensional computed tomography (3D-CT) has been used widely. This study proposed a method to quantify facial asymmetry ...
Effects of Ransomware: Analysis, Challenges and Future Perspective
Effects of Ransomware: Analysis, Challenges and Future Perspective
This review paper highlights the challenges and best practices in malware analysis, specifically focusing on the age of ransomware. It provides an overview of malware and its impac...