Paper Number
ECIS2026-1740
Paper Type
CRP
Abstract
Ransomware has become one of the most prominent forms of digital extortion, causing organizational disruptions and forcing victims to decide whether to pay the ransom under substantial transactional uncertainty. Prior research acknowledges that attackers may increase their payoff by withholding decryption after payment, yet little is known about the broader set of uncertainties. To address this gap, we conduct a qualitative field study based on 107 real ransomware negotiation chats to inductively explore how both victims and attackers articulate and negotiate transactional uncertainties. Our analysis reveals multiple uncertainties on each side (e.g., attackers’ uncertainty about the victims’ data value or the victims’ uncertainty about repeated extortion), which we organize into three overarching dimensions: digital control, digital recovery, and digital visibility uncertainty. We summarize our findings in a theoretical framework that conceptualizes transactional uncertainty in ransomware. Our study provides a theoretical foundation for guiding future research on digital extortion.
Recommended Citation
Hoevel, Gilbert Georg, "Understanding Transactional Uncertainty In Ransomware: A Qualitative Field Study Of Attacker-Victim Negotiation Chats" (2026). ECIS 2026 Proceedings. 8.
https://aisel.aisnet.org/ecis2026/security/security/8
Understanding Transactional Uncertainty In Ransomware: A Qualitative Field Study Of Attacker-Victim Negotiation Chats
Ransomware has become one of the most prominent forms of digital extortion, causing organizational disruptions and forcing victims to decide whether to pay the ransom under substantial transactional uncertainty. Prior research acknowledges that attackers may increase their payoff by withholding decryption after payment, yet little is known about the broader set of uncertainties. To address this gap, we conduct a qualitative field study based on 107 real ransomware negotiation chats to inductively explore how both victims and attackers articulate and negotiate transactional uncertainties. Our analysis reveals multiple uncertainties on each side (e.g., attackers’ uncertainty about the victims’ data value or the victims’ uncertainty about repeated extortion), which we organize into three overarching dimensions: digital control, digital recovery, and digital visibility uncertainty. We summarize our findings in a theoretical framework that conceptualizes transactional uncertainty in ransomware. Our study provides a theoretical foundation for guiding future research on digital extortion.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.