IDEAS home Printed from https://ideas.repec.org/a/gam/jgames/v14y2023i2p20-d1078416.html
   My bibliography  Save this article

Deterrence, Backup, or Insurance: Game-Theoretic Modeling of Ransomware

Author

Listed:
  • Tongxin Yin

    (Department of Electrical Engineering and Computer Science, University of Michigan-Ann Arbor, Ann Arbor, MI 48105, USA)

  • Armin Sarabi

    (Department of Electrical Engineering and Computer Science, University of Michigan-Ann Arbor, Ann Arbor, MI 48105, USA)

  • Mingyan Liu

    (Department of Electrical Engineering and Computer Science, University of Michigan-Ann Arbor, Ann Arbor, MI 48105, USA)

Abstract

In this paper, we present a game-theoretic analysis of ransomware. To this end, we provide theoretical and empirical analysis of a two-player Attacker-Defender (A-D) game, as well as a Defender-Insurer (D-I) game; in the latter, the attacker is assumed to be a non-strategic third party. Our model assumes that the defender can invest in two types of protection against ransomware attacks: (1) general protection through a deterrence effort, making attacks less likely to succeed, and (2) a backup effort serving the purpose of recourse , allowing the defender to recover from successful attacks. The attacker then decides on a ransom amount in the event of a successful attack, with the defender choosing to pay ransom immediately, or to try to recover their data first while bearing a recovery cost for this recovery attempt. Note that recovery is not guaranteed to be successful, which may eventually lead to the defender paying the demanded ransom. Our analysis of the A-D game shows that the equilibrium falls into one of three scenarios: (1) the defender will pay the ransom immediately without having invested any effort in backup, (2) the defender will pay the ransom while leveraging backups as a credible threat to force a lower ransom demand, and (3) the defender will try to recover data, only paying the ransom when recovery fails. We observe that the backup effort will be entirely abandoned when recovery is too expensive, leading to the (worst-case) first scenario which rules out recovery. Furthermore, our analysis of the D-I game suggests that the introduction of insurance leads to moral hazard as expected, with the defender reducing their efforts; less obvious is the interesting observation that this reduction is mostly in their backup effort.

Suggested Citation

  • Tongxin Yin & Armin Sarabi & Mingyan Liu, 2023. "Deterrence, Backup, or Insurance: Game-Theoretic Modeling of Ransomware," Games, MDPI, vol. 14(2), pages 1-19, February.
    • Handle: RePEc:gam:jgames:v:14:y:2023:i:2:p:20-:d:1078416
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/2073-4336/14/2/20/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/2073-4336/14/2/20/
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Moore, John & Repullo, Rafael, 1988. "Subgame Perfect Implementation," Econometrica, Econometric Society, vol. 56(5), pages 1191-1220, September.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Lombardi, Michele & Yoshihara, Naoki, 2016. "Partially-honest Nash Implementation with Non-connected Honesty Standards," Discussion Paper Series 633, Institute of Economic Research, Hitotsubashi University.
    2. Oliver Hart, 2013. "Noncontractible Investments and Reference Points," Games, MDPI, vol. 4(3), pages 1-20, August.
    3. Hitoshi Matsushima & Shunya Noda, 2020. "Mechanism Design with Blockchain Enforcement," DSSR Discussion Papers 111, Graduate School of Economics and Management, Tohoku University.
    4. Murat R. Sertel & M. Remzi Sanver, 2004. "Strong equilibrium outcomes of voting games ¶are the generalized Condorcet winners," Social Choice and Welfare, Springer;The Society for Social Choice and Welfare, vol. 22(2), pages 331-347, April.
    5. Müller, Christoph, 2020. "Robust implementation in weakly perfect Bayesian strategies," Journal of Economic Theory, Elsevier, vol. 189(C).
    6. Göller, Daniel, 2015. "Contract, Renegotiation, and Holdup: When Should Messages be Sent?," VfS Annual Conference 2015 (Muenster): Economic Development - Theory and Policy 113166, Verein für Socialpolitik / German Economic Association.
    7. Schmitz, Patrick W., 2002. "On Monopolistic Licensing Strategies under Asymmetric Information," Journal of Economic Theory, Elsevier, vol. 106(1), pages 177-189, September.
    8. Ronen Gradwohl, 2018. "Privacy in implementation," Social Choice and Welfare, Springer;The Society for Social Choice and Welfare, vol. 50(3), pages 547-580, March.
    9. Josué Ortega & Erel Segal-Halevi, 2022. "Obvious manipulations in cake-cutting," Social Choice and Welfare, Springer;The Society for Social Choice and Welfare, vol. 59(4), pages 969-988, November.
    10. Philippe Aghion & Ernst Fehr & Richard Holden & Tom Wilkening, 2018. "The Role of Bounded Rationality and Imperfect Information in Subgame Perfect Implementation—An Empirical Investigation," Journal of the European Economic Association, European Economic Association, vol. 16(1), pages 232-274.
    11. Kilenthong, Weerachart T. & Qin, Cheng-Zhong, 2014. "Trade through endogenous intermediaries," Journal of Mathematical Economics, Elsevier, vol. 50(C), pages 262-268.
    12. Matthew J. Baker & Joyce P. Jacobsen, 2007. "A Human Capital-Based Theory of Postmarital Residence Rules," The Journal of Law, Economics, and Organization, Oxford University Press, vol. 23(1), pages 208-241, April.
    13. Watson, Joel, 2006. "Contract and Mechanism Design in Settings with Multi-Period Trade," University of California at San Diego, Economics Working Paper Series qt63s1s3j6, Department of Economics, UC San Diego.
    14. Ernst Fehr & Michael Powell & Tom Wilkening, 2014. "Handing Out Guns at a Knife Fight: Behavioral Limitations of Subgame-Perfect Implementation," CESifo Working Paper Series 4948, CESifo.
    15. John Duggan & Joanne Roberts, 2002. "Implementing the Efficient Allocation of Pollution," American Economic Review, American Economic Association, vol. 92(4), pages 1070-1078, September.
    16. Bester, Helmut & Krähmer, Daniel, 2012. "Exit options in incomplete contracts with asymmetric information," Journal of Economic Theory, Elsevier, vol. 147(5), pages 1947-1968.
    17. Brusco, Sandro & Jackson, Matthew O., 1999. "The Optimal Design of a Market," Journal of Economic Theory, Elsevier, vol. 88(1), pages 1-39, September.
    18. Antonio Cabrales & Giovanni Ponti, 2000. "Implementation, Elimination of Weakly Dominated Strategies and Evolutionary Dynamics," Review of Economic Dynamics, Elsevier for the Society for Economic Dynamics, vol. 3(2), pages 247-282, April.
    19. Arribillaga, R. Pablo & Massó, Jordi & Neme, Alejandro, 2023. "All sequential allotment rules are obviously strategy-proof," Theoretical Economics, Econometric Society, vol. 18(3), July.
    20. Tomoeda, Kentaro, 2019. "Efficient investments in the implementation problem," Journal of Economic Theory, Elsevier, vol. 182(C), pages 247-278.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jgames:v:14:y:2023:i:2:p:20-:d:1078416. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.