An economic analysis of ransomware and its welfare consequences
Source: The Royal Soceity (London)
We present in this work an economic analysis of ransomware, a relatively new form of cyber-enabled extortion. We look at how the illegal gains of the criminals will depend on the strategies they use, examining uniform pricing and price discrimination. We also explore the welfare costs to society of such strategies. In addition, we present the results of a pilot survey which demonstrate proof of concept in evaluating the costs of ransomware attacks. We discuss at each stage whether the different strategies we analyse have been encountered already in existing malware, and the likelihood of them being implemented in the future. We hope this work will provide some useful insights for predicting how ransomware may evolve in the future.
Ransomware refers to the branch of malware that, after infecting a computer, asks for a ransom. The term can be used generally to denote all kinds of extortion. For instance, it includes malware that puts compromising or illegal material on to a computer and then asks for a ransom not to report the victim to the police. In our work, we are interested in a more subtle kind of malware, originally called cryptovirus but later also referred to as crypto-ransomware or simply ransomware. In this case, the malware encrypts and then deletes the original data files and asks for a ransom to hand them back to the victim [1,2].
The original concept of cryptovirus was first presented in the academic literature by Adam Young and Moti Yung around 1996 . It was probably inspired by previous unsuccessful attempts to extort money out of infected computers by, among others, the AIDS malware. The key development in the Young and Yung approach was to employ public-key cryptography for performing this extortion in a cryptographically sound and robust manner. Robust here means that the scheme is not vulnerable to key compromise by reverse-engineering, as so frequently occurred with substandard malware using a symmetric key . In other words, a victim has no choice if they want to recover their files other than to interact with the criminals (and potentially pay the ransom) in order to recover the relevant key.