Ransomware Economics: A Two-Step Approach To Model Ransom Paid

Tom Meurs, Edward Cartwright, Anna Cartwright, Marianne Junger, Raphael Hoheisel, Erik Tews, Abhishta Abhishta

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

1 Citation (Scopus)
2398 Downloads (Pure)

Abstract

Ransomware poses a significant and pressing challenge in today's society. Mitigation efforts aim to reduce the profitability of ransomware attacks. Nevertheless, limited research has analysed factors that influence the size of ransom and willingness of businesses to pay a ransom. This study aims to address this existing gap by conducting an empirical investigation that focuses on the ransom paid by victims. Extending on past research, we analyse 382 ransomware attacks reported to the Dutch Police and/or handled by an Incident Response (IR) company. One challenge of modeling ransom payments is the large proportion of victims who did not pay, which leads to zero-inflation. We tackled this problem by employing a hurdle model, which effectively deals with zero-inflation by capturing ransom paid as a two-step decision-making process: first, victims decide whether to comply with the ransom demands, and if they choose to do so, they then need to determine the acceptable ransom amount. The results indicate that the presence of backups and the decision to go to an IR company play a pivotal role in the decision whether to pay the ransom or not. In addition, our findings identify insurance coverage, data exfiltration, and annual revenue of the victim as key determinants affecting the ransom amounts. Specifically, having insurance results in ransoms that are 2.8 times larger, data exfiltration corresponds to a 5.5 times increase in the ransom, and each 1% increase in a victim's yearly revenue causes a 0.12% rise in the ransom paid. In concluding our paper, we present practical policy recommendations that take into account the two crucial decision-making steps outlined in our study, focusing on data exfiltration and insurance.
Original languageEnglish
Title of host publication2023 APWG Symposium on Electronic Crime Research (eCrime)
PublisherIEEE
Number of pages13
ISBN (Electronic)979-8-3503-6027-1
ISBN (Print)979-8-3503-6028-8
DOIs
Publication statusPublished - 1 Apr 2024
Event18th Symposium on Electronic Crime Research, eCrime 2023 - Barcelona, Spain
Duration: 15 Nov 202317 Nov 2023
Conference number: 18

Publication series

NameeCrime Researchers Summit, eCrime
ISSN (Print)2159-1237
ISSN (Electronic)2159-1245

Conference

Conference18th Symposium on Electronic Crime Research, eCrime 2023
Abbreviated titleeCrime 2023
Country/TerritorySpain
CityBarcelona
Period15/11/2317/11/23

Fingerprint

Dive into the research topics of 'Ransomware Economics: A Two-Step Approach To Model Ransom Paid'. Together they form a unique fingerprint.

Cite this