Abstract
Double extortion ransomware attacks consist of an attack where victims files are both encrypted and exfiltrated for extortion purposes. There is empirical evidence this leads to an increased willingness to pay a ransom, and higher ransoms, compared to encryption-only attacks, depending on the value of the exfiltrated files. However, there seem to be two complications: First, victims are uncertain whether data is exfiltrated, due to for example misconfigured monitoring systems. Second, it is hard for attackers to estimate the value of compromised files. Thus, victims have an incentive to hide what they know and attackers an incentive to find out information. The goal of this study is to use game theory to explore the payoff consequences for attackers of victims having private information. We analyse a signaling game with double-sided information asymmetry: (1) attackers know whether data is exfiltrated and victims do not, and (2) victims know the value of data if it is exfiltrated, but the attackers do not. Our analysis of the game indicates that private information substantially lowers the return to attackers. These results imply that victims should be careful to not reveal the value of files during negotiations.
| Original language | English |
|---|---|
| Title of host publication | 14th International Conference on Decision and Game Theory for Security (GameSec) |
| Publication status | Published - 20 Oct 2023 |
| Event | 14th International Conference on Decision and Game Theory for Security, GameSec 2023 - Avignon, France Duration: 18 Oct 2023 → 20 Oct 2023 Conference number: 14 |
Conference
| Conference | 14th International Conference on Decision and Game Theory for Security, GameSec 2023 |
|---|---|
| Abbreviated title | GameSec 2023 |
| Country/Territory | France |
| City | Avignon |
| Period | 18/10/23 → 20/10/23 |
