IDEAS home Printed from https://ideas.repec.org/p/tin/wpaper/20250052.html

The Ransomware Pricing Paradox: An Empirical Study of the Six Stages of Ransomware Negotiations

Author

Listed:
  • Tom Meurs

    (Dutch Police)

  • Anna Cartwright

    (Independent researcher)

  • Edward Cartwright

    (De Montfort University)

  • Harold Houba

    (Vrije Universiteit Amsterdam and Tinbergen Institute)

  • Daniel Woods

    (University of Edinburgh)

Abstract

Ransomware has become the most common cyber risk for businesses. The rise is not driven by attackers using innovative attacks, but instead by deteriorating negotiation outcomes. The average payment grew by almost 20,000% since 2018. However, it remains unclear why attackers can demand ever higher ransoms. Our study explores potential explanations: lack of backups, cyber insurance, access to incident response (IR) firms, data exfiltration, and negotiating style. We model negotiation as a six-stage model: attacker intent, victim engagement, discount offer, discount magnitude, payment decision, and re-extortion. We test hypothetical explanations for ransom outcomes using two datasets: (1) 481 police-reported incidents (2019–2023); and (2) 237 negotiation transcripts from 23 ransomware groups.

Suggested Citation

  • Tom Meurs & Anna Cartwright & Edward Cartwright & Harold Houba & Daniel Woods, 2025. "The Ransomware Pricing Paradox: An Empirical Study of the Six Stages of Ransomware Negotiations," Tinbergen Institute Discussion Papers 25-052/VII, Tinbergen Institute.
    • Handle: RePEc:tin:wpaper:20250052
    as

    Download full text from publisher

    File URL: https://papers.tinbergen.nl/25052.pdf
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Jonathan Lusthaus, 2012. "Trust in the world of cybercrime," Global Crime, Taylor & Francis Journals, vol. 13(2), pages 71-94, May.
    2. Anna Cartwright & Edward Cartwright & Jamie MacColl & Gareth Mott & Sarah Turner & James Sullivan & Jason R. C. Nurse, 2023. "How cyber insurance influences the ransomware payment decision: theory and evidence," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 48(2), pages 300-331, April.
    3. Mischa Hansel & Jantje Silomon, 2024. "Ransomware as a threat to peace and security: understanding and avoiding political worst-case scenarios," Journal of Cyber Policy, Taylor & Francis Journals, vol. 9(2), pages 159-178, May.
    4. Anna Cartwright & Edward Cartwright, 2019. "Ransomware and Reputation," Games, MDPI, vol. 10(2), pages 1-14, June.
    5. Richard H. Thaler, 2008. "Mental Accounting and Consumer Choice," Marketing Science, INFORMS, vol. 27(1), pages 15-25, 01-02.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Lauren Skinner Beitelspacher & Thomas L. Baker & Adam Rapp & Dhruv Grewal, 2018. "Understanding the long-term implications of retailer returns in business-to-business relationships," Journal of the Academy of Marketing Science, Springer, vol. 46(2), pages 252-272, March.
    2. Mengyuan Zhou, 2022. "Does the Source of Inheritance Matter in Bequest Attitudes? Evidence from Japan," Journal of Family and Economic Issues, Springer, vol. 43(4), pages 867-887, December.
    3. David R. Bell & Jeongwen Chiang & V. Padmanabhan, 1999. "The Decomposition of Promotional Response: An Empirical Generalization," Marketing Science, INFORMS, vol. 18(4), pages 504-526.
    4. Martín Egozcue & Sébastien Massoni & Wing-Keung Wong & Ričardas Zitikis, 2012. "Integration-segregation decisions under general value functions : "Create your own bundle -- choose 1, 2, or all 3 !"," Post-Print halshs-00747008, HAL.
    5. Liu, Zhiqiang & Yan, Miao & Fan, Youqing & Chen, Liling, 2021. "Ascribed or achieved? The role of birth order on innovative behaviour in the workplace," Journal of Business Research, Elsevier, vol. 134(C), pages 480-492.
    6. Kim, Joonkyung & Zhao, Min & Soman, Dilip, 2023. "Converging vs diverging: The effect of visual representation of goal structure on financial decisions," International Journal of Research in Marketing, Elsevier, vol. 40(2), pages 362-377.
    7. Kristien Werck & Bruno Heyndels & Benny Geys, 2008. "The impact of ‘central places’ on spatial spending patterns: evidence from Flemish local government cultural expenditures," Journal of Cultural Economics, Springer;The Association for Cultural Economics International, vol. 32(1), pages 35-58, March.
    8. Miguel Godinho de Matos & Pedro Ferreira, 2020. "The Effect of Binge-Watching on the Subscription of Video on Demand: Results from Randomized Experiments," Information Systems Research, INFORMS, vol. 31(4), pages 1337-1360, December.
    9. Yizhao Jiang, 2022. "The Influence of Payment Method: Do Consumers Pay More with Mobile Payment?," Papers 2210.14631, arXiv.org.
    10. Dipankar Chakravarti & Atanu Sinha & Jaewhan Kim, 2005. "Choice Research: A Wealth of Perspectives," Marketing Letters, Springer, vol. 16(3), pages 173-182, December.
    11. Martin Kukuk & Stefan Winter, 2008. "An Alternative Explanation of the Favorite-Longshot Bias," Journal of Gambling Business and Economics, University of Buckingham Press, vol. 2(2), pages 79-96, September.
    12. John Beshears & James J. Choi & David Laibson & Brigitte C. Madrian, 2017. "Does Aggregated Returns Disclosure Increase Portfolio Risk Taking?," The Review of Financial Studies, Society for Financial Studies, vol. 30(6), pages 1971-2005.
    13. Diamond, Peter, 2008. "Behavioral economics," Journal of Public Economics, Elsevier, vol. 92(8-9), pages 1858-1862, August.
    14. Oliveira-Castro, Jorge M., 2003. "Effects of base price upon search behavior of consumers in a supermarket: An operant analysis," Journal of Economic Psychology, Elsevier, vol. 24(5), pages 637-652, October.
    15. White, Tiffany Barnett & Novak, Thomas P. & Hoffman, Donna L., 2014. "No Strings Attached: When Giving It Away Versus Making Them Pay Reduces Consumer Information Disclosure," Journal of Interactive Marketing, Elsevier, vol. 28(3), pages 184-195.
    16. Jae‐Do Song, 2023. "Excessive banking preference in emissions trading," Managerial and Decision Economics, John Wiley & Sons, Ltd., vol. 44(1), pages 448-458, January.
    17. Elias L. Khalil, 2024. "Mental accounting, heuristics, and the second‐best: Solving the calculator‐jacket puzzle," Managerial and Decision Economics, John Wiley & Sons, Ltd., vol. 45(4), pages 2415-2427, June.
    18. Eriksen, Kristoffer W. & Kvaløy, Ola, 2014. "Myopic risk-taking in tournaments," Journal of Economic Behavior & Organization, Elsevier, vol. 97(C), pages 37-46.
    19. Robin Maximilian Stetzka & Stefan Winter, 2023. "How rational is gambling?," Journal of Economic Surveys, Wiley Blackwell, vol. 37(4), pages 1432-1488, September.
    20. Dora Gicheva & Justine Hastings & Sofia Villas-Boas, 2007. "Revisiting the Income Effect: Gasoline Prices and Grocery Purchases," NBER Working Papers 13614, National Bureau of Economic Research, Inc.

    More about this item

    JEL classification:

    • C7 - Mathematical and Quantitative Methods - - Game Theory and Bargaining Theory
    • D9 - Microeconomics - - Micro-Based Behavioral Economics
    • D22 - Microeconomics - - Production and Organizations - - - Firm Behavior: Empirical Analysis

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:tin:wpaper:20250052. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Tinbergen Office +31 (0)10-4088900 (email available below). General contact details of provider: https://edirc.repec.org/data/tinbenl.html .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.