Deception in double extortion ransomware attacks: An analysis of profitability and credibility

Tom Meurs*, Edward Cartwright, Anna Cartwright, Marianne Junger, Abhishta Abhishta

*Corresponding author for this work

Research output: Contribution to journalArticleAcademicpeer-review

46 Downloads (Pure)

Abstract

Ransomware attacks have evolved with criminals using double extortion schemes, where they signal data exfiltration to inflate ransom demands. This development is further complicated by information asymmetry, where victims are compelled to respond to ambiguous and often deceptive signals from attackers. This study explores the complex interactions between criminals and victims during ransomware attacks, especially focusing on how data exfiltration is communicated. We use a signaling game to understand the strategies both parties use when dealing with uncertain information. We identify five distinct equilibria, each characterized by the criminals' varied approaches to signaling data exfiltration, influenced by the strategic parameters inherent in each attack scenario. Calibrating the game parameters with real-world like values, we identify the most probable equilibrium, offering insights into anticipated ransom amounts and corresponding payoffs for both victims and criminals. Our findings suggest criminals are likely to claim data exfiltration, true or not, highlighting a strategic advantage for intensifying attack efforts. The study underscores the need for victims' caution towards criminals' claims and highlights the unintended consequences of policies making false claims costlier for criminals.

Original languageEnglish
Article number103670
JournalComputers and Security
Volume138
DOIs
Publication statusPublished - Mar 2024

Keywords

  • Cybercrime
  • Data exfiltration
  • Game theory
  • Information asymmetry
  • Ransomware
  • Signaling game
  • UT-Hybrid-D

Fingerprint

Dive into the research topics of 'Deception in double extortion ransomware attacks: An analysis of profitability and credibility'. Together they form a unique fingerprint.

Cite this