Start Date

16-8-2018 12:00 AM

Description

Ransomware became the face of cyber-crime in 2017 when waves of attacks breached business information systems, locking critical information. At first it appeared the perfect crime where whole organizations had lost access to their vital information and the only way out was to pay the attackers in Bitcoin for the key to the lock. However, the Ransomware business model requires the formation of a trust relationship between the attacker and the victim; and the potential for the formation and maintenance of a trust relationship became rapidly eroded by identifiable points of failure. In order to better understand the phenomena we spent 12 months of immersion in an exploratory study observing the business processes and technologies associated with Ransomware. We conclude that negative risk is still apparent for unprepared organizations, but within a period of time the erosion of trust will render the Ransomware crime uneconomical and the model ineffective.

Share

COinS
 
Aug 16th, 12:00 AM

Points of Failure in the Ransomware Electronic Business Model

Ransomware became the face of cyber-crime in 2017 when waves of attacks breached business information systems, locking critical information. At first it appeared the perfect crime where whole organizations had lost access to their vital information and the only way out was to pay the attackers in Bitcoin for the key to the lock. However, the Ransomware business model requires the formation of a trust relationship between the attacker and the victim; and the potential for the formation and maintenance of a trust relationship became rapidly eroded by identifiable points of failure. In order to better understand the phenomena we spent 12 months of immersion in an exploratory study observing the business processes and technologies associated with Ransomware. We conclude that negative risk is still apparent for unprepared organizations, but within a period of time the erosion of trust will render the Ransomware crime uneconomical and the model ineffective.