Economics of Ransomware Attacks

August T, Dao D, Laube S, Niculescu M

Abstract

Over the last few years, both the development of ransomware strains as well as changes in the marketplace for malware have allowed attackers to conduct large-scale ransomware attacks. The increased prevalence of these attacks have led government entities and software vendors to advise victims on how best to respond if hit by ransomware. In this paper, we examine how this new mode of attack impacts consumer behavior in order to understand how it indirectly affects software vendors. We demonstrate that when victims face a decision of whether to pay ransom, the vendor’s incentives are fundamentally altered. In particular, we show that both the equilibrium market size and the vendor’s profit under optimal pricing can actually increase in the ransom demand. Furthermore, recent attacks have called into question what motives these attackers may have: are they purely profit-motivated or are they instead politically-motivated attackers who care more about causing as much damage as possible? We find that ransomware enables attackers to achieve both goals simultaneously.