Start Date
16-8-2018 12:00 AM
Description
Ransomware became the face of cyber-crime in 2017 when waves of attacks breached business information systems, locking critical information. At first it appeared the perfect crime where whole organizations had lost access to their vital information and the only way out was to pay the attackers in Bitcoin for the key to the lock. However, the Ransomware business model requires the formation of a trust relationship between the attacker and the victim; and the potential for the formation and maintenance of a trust relationship became rapidly eroded by identifiable points of failure. In order to better understand the phenomena we spent 12 months of immersion in an exploratory study observing the business processes and technologies associated with Ransomware. We conclude that negative risk is still apparent for unprepared organizations, but within a period of time the erosion of trust will render the Ransomware crime uneconomical and the model ineffective.
Recommended Citation
Cusack, Brian and Ward, Gerard, "Points of Failure in the Ransomware Electronic Business Model" (2018). AMCIS 2018 Proceedings. 19.
https://aisel.aisnet.org/amcis2018/eBusiness/Presentations/19
Points of Failure in the Ransomware Electronic Business Model
Ransomware became the face of cyber-crime in 2017 when waves of attacks breached business information systems, locking critical information. At first it appeared the perfect crime where whole organizations had lost access to their vital information and the only way out was to pay the attackers in Bitcoin for the key to the lock. However, the Ransomware business model requires the formation of a trust relationship between the attacker and the victim; and the potential for the formation and maintenance of a trust relationship became rapidly eroded by identifiable points of failure. In order to better understand the phenomena we spent 12 months of immersion in an exploratory study observing the business processes and technologies associated with Ransomware. We conclude that negative risk is still apparent for unprepared organizations, but within a period of time the erosion of trust will render the Ransomware crime uneconomical and the model ineffective.