IDEAS home Printed from https://ideas.repec.org/p/arx/papers/2010.06700.html
   My bibliography  Save this paper

Should the Ransomware be Paid?

Author

Listed:
  • Rui Fang
  • Maochao Xu
  • Peng Zhao

Abstract

Ransomware has emerged as one of the most concerned cyber risks in recent years, which has caused millions of dollars monetary loss over the world. It typically demands a certain amount of ransom payment within a limited timeframe to decrypt the encrypted victim's files. This paper explores whether the ransomware should be paid in a novel game-theoretic model from the perspective of Bayesian game. In particular, the new model analyzes the ransom payment strategies within the framework of incomplete information for both hacker and victim. Our results show that there exist pure and randomized Bayesian Nash equilibria under some mild conditions for the hacker and victim. The sufficient conditions that when the ransom should be paid are presented when an organization is compromised by the ransomware attack. We further study how the costs and probabilities of cracking or recovering affect the expected payoffs of the hacker and the victim in the equilibria. In particular, it is found that the backup option for computer files is not always beneficial, which actually depends on the related cost. Moreover, it is discovered that fake ransomware may be more than expected because of the potential high payoffs. Numerical examples are also presented for illustration.

Suggested Citation

  • Rui Fang & Maochao Xu & Peng Zhao, 2020. "Should the Ransomware be Paid?," Papers 2010.06700, arXiv.org.
    • Handle: RePEc:arx:papers:2010.06700
    as

    Download full text from publisher

    File URL: http://arxiv.org/pdf/2010.06700
    File Function: Latest version
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. John C. Harsanyi, 1968. "Games with Incomplete Information Played by "Bayesian" Players Part II. Bayesian Equilibrium Points," Management Science, INFORMS, vol. 14(5), pages 320-334, January.
    2. John C. Harsanyi, 1967. "Games with Incomplete Information Played by "Bayesian" Players, I-III Part I. The Basic Model," Management Science, INFORMS, vol. 14(3), pages 159-182, November.
    3. Martin J. Osborne & Ariel Rubinstein, 1994. "A Course in Game Theory," MIT Press Books, The MIT Press, edition 1, volume 1, number 0262650401, December.
    4. Martin Eling, 2018. "Cyber Risk and Cyber Risk Insurance: Status Quo and Future Research," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 43(2), pages 175-179, April.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Giovanni Paolo Crespi & Davide Radi & Matteo Rocca, 2017. "Robust games: theory and application to a Cournot duopoly model," Decisions in Economics and Finance, Springer;Associazione per la Matematica, vol. 40(1), pages 177-198, November.
    2. Zonderland, Maartje E. & Timmer, Judith, 2012. "Optimal allocation of MRI scan capacity among competing hospital departments," European Journal of Operational Research, Elsevier, vol. 219(3), pages 630-637.
    3. Garrouste, Christelle & Loi, Massimo, 2009. "Applications De La Theorie Des Jeux A L'Education: Pour Quels Types Et Niveaux D'Education, Quels Modeles, Quels Resultats? [Applications of Game Theory in Education - What Types and At What Levels," MPRA Paper 31825, University Library of Munich, Germany.
    4. Arnaud Wolff, 2019. "On the Function of Beliefs in Strategic Social Interactions," Working Papers of BETA 2019-41, Bureau d'Economie Théorique et Appliquée, UDS, Strasbourg.
    5. Martin Meier & Burkhard Schipper, 2014. "Bayesian games with unawareness and unawareness perfection," Economic Theory, Springer;Society for the Advancement of Economic Theory (SAET), vol. 56(2), pages 219-249, June.
    6. Huseyin Cavusoglu & Srinivasan Raghunathan, 2004. "Configuration of Detection Software: A Comparison of Decision and Game Theory Approaches," Decision Analysis, INFORMS, vol. 1(3), pages 131-148, September.
    7. Andrew M. Colman & Briony D. Pulford, 2015. "Psychology of Game Playing: Introduction to a Special Issue," Games, MDPI, vol. 6(4), pages 1-8, December.
    8. Benjamin Patrick Evans & Mikhail Prokopenko, 2021. "Bounded rationality for relaxing best response and mutual consistency: The Quantal Hierarchy model of decision-making," Papers 2106.15844, arXiv.org, revised Mar 2023.
    9. Sundström, David, 2016. "On Specification and Inference in the Econometrics of Public Procurement," Umeå Economic Studies 931, Umeå University, Department of Economics.
    10. Scandizzo, Pasquale L. & Ventura, Marco, 2010. "Sharing risk through concession contracts," European Journal of Operational Research, Elsevier, vol. 207(1), pages 363-370, November.
    11. Fernando Ordóñez & Nicolás E. Stier-Moses, 2010. "Wardrop Equilibria with Risk-Averse Users," Transportation Science, INFORMS, vol. 44(1), pages 63-86, February.
    12. Waśniewski, Krzysztof, 2012. "Local governments’ fiscal policy as a factor of urban development – evidence from Poland," MPRA Paper 39176, University Library of Munich, Germany.
    13. Estrella Alonso & Joaquin Sanchez-Soriano & Juan Tejada, 2015. "A parametric family of two ranked objects auctions: equilibria and associated risk," Annals of Operations Research, Springer, vol. 225(1), pages 141-160, February.
    14. Matata Ponyo Mapon & Jean-Paul K. Tsasa, 2019. "The artefact of the Natural Resources Curse," Papers 1911.09681, arXiv.org.
    15. Estrella Alonso & Joaquín Sánchez-Soriano & Juan Tejada, 2020. "Mixed Mechanisms for Auctioning Ranked Items," Mathematics, MDPI, vol. 8(12), pages 1-26, December.
    16. Karthik N. Kannan, 2012. "Effects of Information Revelation Policies Under Cost Uncertainty," Information Systems Research, INFORMS, vol. 23(1), pages 75-92, March.
    17. Owen Q. Wu & Volodymyr Babich, 2012. "Unit-Contingent Power Purchase Agreement and Asymmetric Information About Plant Outage," Manufacturing & Service Operations Management, INFORMS, vol. 14(2), pages 245-261, April.
    18. Heifetz, Aviad & Meier, Martin & Schipper, Burkhard C., 2013. "Dynamic unawareness and rationalizable behavior," Games and Economic Behavior, Elsevier, vol. 81(C), pages 50-68.
    19. Dirk Bergemann & Stephen Morris & Satoru Takahashi, 2012. "Efficient Auctions and Interdependent Types," American Economic Review, American Economic Association, vol. 102(3), pages 319-324, May.
    20. Robert J. Aumann, 2005. "Musings on Information and Knowledge," Econ Journal Watch, Econ Journal Watch, vol. 2(1), pages 88-96, April.

    More about this item

    NEP fields

    This paper has been announced in the following NEP Reports:

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:arx:papers:2010.06700. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: arXiv administrators (email available below). General contact details of provider: http://arxiv.org/ .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.