Cyber-security, Privacy, Legal and Ethical Issues in IS

Loading...

Media is loading
 

Paper Type

short

Paper Number

1631

Description

In this paper, we explore decision-making processes of ransomware victims, focusing on organisations. We examine 39 ransomware attacks using qualitative data collected from victims and police officers from cybercrime units in the UK. A basic premise of this paper is that victims make rational decisions to (not) pay ransoms. Their decision-making processes represent a complex infrastructure that consists of several reasons that drive these choices. Our research shows that victims weigh the costs and benefits of the attack outcomes before making final decisions. The aim of this work is to develop an in-depth understanding of these processes and suggest measures to avoid ransom payments, which, in turn, will help reduce ransomware crime.

Download

Share

COinS
 
Dec 14th, 12:00 AM

Your Money or Your Business: Decision-Making Processes in Ransomware Attacks

In this paper, we explore decision-making processes of ransomware victims, focusing on organisations. We examine 39 ransomware attacks using qualitative data collected from victims and police officers from cybercrime units in the UK. A basic premise of this paper is that victims make rational decisions to (not) pay ransoms. Their decision-making processes represent a complex infrastructure that consists of several reasons that drive these choices. Our research shows that victims weigh the costs and benefits of the attack outcomes before making final decisions. The aim of this work is to develop an in-depth understanding of these processes and suggest measures to avoid ransom payments, which, in turn, will help reduce ransomware crime.

When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.