Should We Outlaw Ransomware Payments?
Files
Date
2021-01-05
Authors
Contributor
Advisor
Department
Instructor
Depositor
Speaker
Researcher
Consultant
Interviewer
Narrator
Transcriber
Annotator
Journal Title
Journal ISSN
Volume Title
Publisher
Volume
Number/Issue
Starting Page
6609
Ending Page
Alternative Title
Abstract
Recently, there has been an upsurge in ransomware attacks. A ransomware attacker encrypts a user's files and then demands a ransom in exchange for the decryption key. While paying the ransom allows the user to quickly unlock the locked files and avoid potentially larger losses, it also strengthens the hands of the attacker and increases the chance of a future attack. We study this dilemma of the victims using a game-theoretic model and the resulting equilibrium. This leads to several interesting insights such as that legally prohibiting ransom payments may not always have the desired economic effects---in some cases, a ban is effective in addressing the economic externality but, in others, it may reduce overall welfare. We explain when and why a ban may help and when it may not. Our findings have important implications for policymakers who are currently debating laws that, if enacted, will ban payments to attackers.
Description
Keywords
Strategy, Information, Technology, Economics, and Society (SITES), externality, information security, markov decision process, ransomware, social cost.
Citation
Extent
9 pages
Format
Geographic Location
Time Period
Related To
Proceedings of the 54th Hawaii International Conference on System Sciences
Related To (URI)
Table of Contents
Rights
Attribution-NonCommercial-NoDerivatives 4.0 International
Rights Holder
Local Contexts
Email libraryada-l@lists.hawaii.edu if you need this content in ADA-compliant format.