Ethics, Economics, and Ransomware: How Human Decisions Grow the Threat

John Christian Bambenek; Masooda Bashir

doi:10.1007/978-3-030-52581-1_3

Ethics, Economics, and Ransomware: How Human Decisions Grow the Threat

John Christian Bambenek, Masooda Bashir

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

This paper examines the modern history of ransomware and its evolution to the current form of large-scale ransomware attacks (ones that disrupt entire organizations). Within that timeframe, public reporting, articles, and news media reporting on large-scale ransomware attacks is reviewed to create an empirical analysis of ransom payments, conditions that led to those payments, and if data was ultimately recovered. Three factors were discovered that lead to organization to pay the ransom when recovery is impossible or cost-prohibitive: the rise of cyberinsurance companies that dictate responses that lessen their financial exposure, many victim organizations who have to always operate such as hospitals and emergency services, and the fiduciary duty of business executives to act in the best interest of a company. Lastly, we look at the concept of outlawing ransom payments and relate it the policy of outlawing random payments in kidnapping.

Original language	English (US)
Title of host publication	Advances in Human Factors in Cybersecurity - AHFE 2020 Virtual Conference on Human Factors in Cybersecurity
Editors	Isabella Corradini, Enrico Nardelli, Tareq Ahram
Publisher	Springer
Pages	17-22
Number of pages	6
ISBN (Print)	9783030525804
DOIs	https://doi.org/10.1007/978-3-030-52581-1_3
State	Published - 2020
Event	AHFE Virtual Conference on Human Factors in Cybersecurity, 2020 - San Diego, United States Duration: Jul 16 2020 → Jul 20 2020

Publication series

Name	Advances in Intelligent Systems and Computing
Volume	1219 AISC
ISSN (Print)	2194-5357
ISSN (Electronic)	2194-5365

Conference

Conference	AHFE Virtual Conference on Human Factors in Cybersecurity, 2020
Country/Territory	United States
City	San Diego
Period	7/16/20 → 7/20/20

Keywords

Cybersecurity
Human factors
Incident response
Ransomware

ASJC Scopus subject areas

Control and Systems Engineering
General Computer Science

Online availability

10.1007/978-3-030-52581-1_3

Library availability

Discover UIUC Full Text

Cite this

Bambenek, J. C., & Bashir, M. (2020). Ethics, Economics, and Ransomware: How Human Decisions Grow the Threat. In I. Corradini, E. Nardelli, & T. Ahram (Eds.), Advances in Human Factors in Cybersecurity - AHFE 2020 Virtual Conference on Human Factors in Cybersecurity (pp. 17-22). (Advances in Intelligent Systems and Computing; Vol. 1219 AISC). Springer. https://doi.org/10.1007/978-3-030-52581-1_3

Ethics, Economics, and Ransomware: How Human Decisions Grow the Threat. / Bambenek, John Christian; Bashir, Masooda.
Advances in Human Factors in Cybersecurity - AHFE 2020 Virtual Conference on Human Factors in Cybersecurity. ed. / Isabella Corradini; Enrico Nardelli; Tareq Ahram. Springer, 2020. p. 17-22 (Advances in Intelligent Systems and Computing; Vol. 1219 AISC).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Bambenek, JC & Bashir, M 2020, Ethics, Economics, and Ransomware: How Human Decisions Grow the Threat. in I Corradini, E Nardelli & T Ahram (eds), Advances in Human Factors in Cybersecurity - AHFE 2020 Virtual Conference on Human Factors in Cybersecurity. Advances in Intelligent Systems and Computing, vol. 1219 AISC, Springer, pp. 17-22, AHFE Virtual Conference on Human Factors in Cybersecurity, 2020, San Diego, United States, 7/16/20. https://doi.org/10.1007/978-3-030-52581-1_3

@inproceedings{5ddc766f530e4b12b1a1ee1a25104aee,

title = "Ethics, Economics, and Ransomware: How Human Decisions Grow the Threat",

abstract = "This paper examines the modern history of ransomware and its evolution to the current form of large-scale ransomware attacks (ones that disrupt entire organizations). Within that timeframe, public reporting, articles, and news media reporting on large-scale ransomware attacks is reviewed to create an empirical analysis of ransom payments, conditions that led to those payments, and if data was ultimately recovered. Three factors were discovered that lead to organization to pay the ransom when recovery is impossible or cost-prohibitive: the rise of cyberinsurance companies that dictate responses that lessen their financial exposure, many victim organizations who have to always operate such as hospitals and emergency services, and the fiduciary duty of business executives to act in the best interest of a company. Lastly, we look at the concept of outlawing ransom payments and relate it the policy of outlawing random payments in kidnapping.",

keywords = "Cybersecurity, Human factors, Incident response, Ransomware",

author = "Bambenek, {John Christian} and Masooda Bashir",

note = "Publisher Copyright: {\textcopyright} 2020, The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG.; AHFE Virtual Conference on Human Factors in Cybersecurity, 2020 ; Conference date: 16-07-2020 Through 20-07-2020",

year = "2020",

doi = "10.1007/978-3-030-52581-1_3",

language = "English (US)",

isbn = "9783030525804",

series = "Advances in Intelligent Systems and Computing",

publisher = "Springer",

pages = "17--22",

editor = "Isabella Corradini and Enrico Nardelli and Tareq Ahram",

booktitle = "Advances in Human Factors in Cybersecurity - AHFE 2020 Virtual Conference on Human Factors in Cybersecurity",

address = "Germany",

}

TY - GEN

T1 - Ethics, Economics, and Ransomware

T2 - AHFE Virtual Conference on Human Factors in Cybersecurity, 2020

AU - Bambenek, John Christian

AU - Bashir, Masooda

PY - 2020

Y1 - 2020

N2 - This paper examines the modern history of ransomware and its evolution to the current form of large-scale ransomware attacks (ones that disrupt entire organizations). Within that timeframe, public reporting, articles, and news media reporting on large-scale ransomware attacks is reviewed to create an empirical analysis of ransom payments, conditions that led to those payments, and if data was ultimately recovered. Three factors were discovered that lead to organization to pay the ransom when recovery is impossible or cost-prohibitive: the rise of cyberinsurance companies that dictate responses that lessen their financial exposure, many victim organizations who have to always operate such as hospitals and emergency services, and the fiduciary duty of business executives to act in the best interest of a company. Lastly, we look at the concept of outlawing ransom payments and relate it the policy of outlawing random payments in kidnapping.

AB - This paper examines the modern history of ransomware and its evolution to the current form of large-scale ransomware attacks (ones that disrupt entire organizations). Within that timeframe, public reporting, articles, and news media reporting on large-scale ransomware attacks is reviewed to create an empirical analysis of ransom payments, conditions that led to those payments, and if data was ultimately recovered. Three factors were discovered that lead to organization to pay the ransom when recovery is impossible or cost-prohibitive: the rise of cyberinsurance companies that dictate responses that lessen their financial exposure, many victim organizations who have to always operate such as hospitals and emergency services, and the fiduciary duty of business executives to act in the best interest of a company. Lastly, we look at the concept of outlawing ransom payments and relate it the policy of outlawing random payments in kidnapping.

KW - Cybersecurity

KW - Human factors

KW - Incident response

KW - Ransomware

UR - http://www.scopus.com/inward/record.url?scp=85088541563&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85088541563&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-52581-1_3

DO - 10.1007/978-3-030-52581-1_3

M3 - Conference contribution

AN - SCOPUS:85088541563

SN - 9783030525804

T3 - Advances in Intelligent Systems and Computing

SP - 17

EP - 22

BT - Advances in Human Factors in Cybersecurity - AHFE 2020 Virtual Conference on Human Factors in Cybersecurity

A2 - Corradini, Isabella

A2 - Nardelli, Enrico

A2 - Ahram, Tareq

PB - Springer

Y2 - 16 July 2020 through 20 July 2020

ER -

Ethics, Economics, and Ransomware: How Human Decisions Grow the Threat

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this