Paper Number
ICIS2025-1530
Paper Type
Complete
Abstract
Ransomware has emerged as a significant threat to organizations, with perpetrators encrypting data and demanding ransoms to unlock it. While existing studies highlight that trust in the groups is a crucial factor in the ransomware payment-decision, how this trust is established remains unclear. Drawing on the Model of Organizational Trust, this study explores how ransomware groups utilize darknet platforms to establish trust with victims. Through a content analysis of ten prominent ransomware groups' darknet platforms, we identified six major trust-building design mechanisms, e.g., proof-of-decryption tools, communication channels, or ethical policies. Our findings show that ransomware groups use darknet platforms to demonstrate technical competence, disposition to keep promises and signal a willingness to act in the target organization's interest. This study provides new insights for the digital extortion and ransomware literature and offers practical recommendations for target organizations and policymakers to improve negotiation tactics and mitigation strategies against ransomware.
Recommended Citation
Hoevel, Gilbert Georg; Brinkmeier, Tim; and Trang, Simon, "Trust Me If You Can! Examining the Role of Ransomware Darknet Platforms in Building Trust Between Hackers and Victims" (2025). ICIS 2025 Proceedings. 8.
https://aisel.aisnet.org/icis2025/cyb_security/cyb_security/8
Trust Me If You Can! Examining the Role of Ransomware Darknet Platforms in Building Trust Between Hackers and Victims
Ransomware has emerged as a significant threat to organizations, with perpetrators encrypting data and demanding ransoms to unlock it. While existing studies highlight that trust in the groups is a crucial factor in the ransomware payment-decision, how this trust is established remains unclear. Drawing on the Model of Organizational Trust, this study explores how ransomware groups utilize darknet platforms to establish trust with victims. Through a content analysis of ten prominent ransomware groups' darknet platforms, we identified six major trust-building design mechanisms, e.g., proof-of-decryption tools, communication channels, or ethical policies. Our findings show that ransomware groups use darknet platforms to demonstrate technical competence, disposition to keep promises and signal a willingness to act in the target organization's interest. This study provides new insights for the digital extortion and ransomware literature and offers practical recommendations for target organizations and policymakers to improve negotiation tactics and mitigation strategies against ransomware.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.
Comments
09-Cybersecurity