Paper Number
1532
Paper Type
Complete Research Paper
Abstract
Industry reports indicate an alarming increase in ransomware attacks. These attacks mean substantial monetary losses for organizations. Firstly, ransomware attacks disrupt the normal course of business operations as critical organizational data or system access becomes encrypted by ransomware until a ransom is paid. Secondly, monetary losses result from the ransom payment itself. However, there is no assurance that attackers will decrypt the data or refrain from conducting further attacks after the ransom has been paid once. While much research has focused on the attackers, the critical organizational decision of whether to pay the ransom or not has received less attention. In our study, we investigate the ransomware-payment decision by analyzing 249 real-world ransomware attacks from an organizational standpoint. Our findings underscore that ransomware-payment decisions are integral to the spectrum of organizational decision-making. Specifically, we have identified several attack-related, organizational, and environmental factors that influence the ransomware-payment decision.
Recommended Citation
Hoevel, Gilbert Georg; Veynshter, Anton; Schütz, Florian; and Trang, Simon, "Will the Ransom Be Paid? — Examining Influencing Factors of the Ransomware-Payment Decision" (2024). ECIS 2024 Proceedings. 10.
https://aisel.aisnet.org/ecis2024/is_governance/track21_is_govern/10
Will the Ransom Be Paid? — Examining Influencing Factors of the Ransomware-Payment Decision
Industry reports indicate an alarming increase in ransomware attacks. These attacks mean substantial monetary losses for organizations. Firstly, ransomware attacks disrupt the normal course of business operations as critical organizational data or system access becomes encrypted by ransomware until a ransom is paid. Secondly, monetary losses result from the ransom payment itself. However, there is no assurance that attackers will decrypt the data or refrain from conducting further attacks after the ransom has been paid once. While much research has focused on the attackers, the critical organizational decision of whether to pay the ransom or not has received less attention. In our study, we investigate the ransomware-payment decision by analyzing 249 real-world ransomware attacks from an organizational standpoint. Our findings underscore that ransomware-payment decisions are integral to the spectrum of organizational decision-making. Specifically, we have identified several attack-related, organizational, and environmental factors that influence the ransomware-payment decision.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.