IDEAS home Printed from https://ideas.repec.org/p/tin/wpaper/20250052.html

The Ransomware Pricing Paradox: An Empirical Study of the Six Stages of Ransomware Negotiations

Author

Listed:
  • Tom Meurs

    (Dutch Police)

  • Anna Cartwright

    (Independent researcher)

  • Edward Cartwright

    (De Montfort University)

  • Harold Houba

    (Vrije Universiteit Amsterdam and Tinbergen Institute)

  • Daniel Woods

    (University of Edinburgh)

Abstract

Ransomware has become the most common cyber risk for businesses. The rise is not driven by attackers using innovative attacks, but instead by deteriorating negotiation outcomes. The average payment grew by almost 20,000% since 2018. However, it remains unclear why attackers can demand ever higher ransoms. Our study explores potential explanations: lack of backups, cyber insurance, access to incident response (IR) firms, data exfiltration, and negotiating style. We model negotiation as a six-stage model: attacker intent, victim engagement, discount offer, discount magnitude, payment decision, and re-extortion. We test hypothetical explanations for ransom outcomes using two datasets: (1) 481 police-reported incidents (2019–2023); and (2) 237 negotiation transcripts from 23 ransomware groups.

Suggested Citation

  • Tom Meurs & Anna Cartwright & Edward Cartwright & Harold Houba & Daniel Woods, 2025. "The Ransomware Pricing Paradox: An Empirical Study of the Six Stages of Ransomware Negotiations," Tinbergen Institute Discussion Papers 25-052/VII, Tinbergen Institute.
    • Handle: RePEc:tin:wpaper:20250052
    as

    Download full text from publisher

    File URL: https://papers.tinbergen.nl/25052.pdf
    Download Restriction: no
    ---><---

    More about this item

    JEL classification:

    • C7 - Mathematical and Quantitative Methods - - Game Theory and Bargaining Theory
    • D9 - Microeconomics - - Micro-Based Behavioral Economics
    • D22 - Microeconomics - - Production and Organizations - - - Firm Behavior: Empirical Analysis

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:tin:wpaper:20250052. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Tinbergen Office +31 (0)10-4088900 (email available below). General contact details of provider: https://edirc.repec.org/data/tinbenl.html .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.