Cybercrime is a major issue in the digital age, as it can negatively affect individuals, businesses, and even elections and public health initiatives. One type of cybercrime that has gained significant attention in recent years is ransomware, which involves the installation of malicious software that blocks access to a computer system until the victim pays a ransom or meets the attacker’s demands.
Ransomware attacks can have serious consequences, particularly for critical infrastructure such as hospitals and energy companies. One trend in the cybercrime market is the rise of ransomware as a service (RaaS), in which ransomware developers work with affiliates to distribute their malware and profit from the attacks.
These attacks often target small and medium-sized enterprises and take advantage of the ubiquity of personally identifiable information (PII) to gain access to victims’ systems through phishing attacks. The commercial viability of small ransomware attacks is on the rise.
Ransomware gangs are driven by economic incentives and can therefore be studied as economic agents. Behavioural economics can be particularly useful in understanding the ransomware phenomenon in three main ways:
- Attacker decision-maker: Study the decision-making processes of ransomware attackers and how they are influenced by factors such as the perceived likelihood of being caught or the potential payout,
- Victim decision-making: Analyze the behavior of victims, such as whether they are more likely to pay the ransom or invest in preventative measures
- Market dynamics: Model the market dynamics of the ransomware industry, including the supply of ransomware tools and services and the demand for them.
Introduction
Behavioural economics is a field of study that combines insights from psychology and economics to better understand and predict human decision-making. It recognizes that people do not always behave in a fully rational manner and takes into account factors such as emotions, biases, and social influences on decision-making.
Behavioural economics can help to understand the factors that influence the decision of SMEs to pay the ransom or invest in preventative measures. It can also shed light on the decision-making processes of ransomware attackers and how they weigh the potential risks and rewards of different attack strategies. This is particularly relevant as the market for small ransomware attacks appears to be growing and the commercial viability of these attacks is an important factor in driving their proliferation.
In addition, behavioural economics can be applied to the analysis of the market dynamics of the ransomware industry, including the supply of ransomware tools and services and the demand for them. Understanding these factors can inform efforts to disrupt the ransomware economy and discourage would-be attackers from entering the market.
Understanding Ransomware Attackers’ Decision-Making Processes
The decision-making processes of ransomware attackers can be complex and multifaceted, and are influenced by a range of factors that may not be fully rational or consciously considered. Behavioural economics can help to shed light on these processes and better understand how attackers make decisions about which targets to pursue and what tactics to use when conducting ransomware operations.
One factor that may influence the decision-making of ransomware attackers is the perceived likelihood of being caught. This can depend on a variety of factors, including the level of cybersecurity defenses and incident response capabilities of the potential target, the level of law enforcement attention and resources focused on cybercrime, and the attacker’s own skills and resources. Higher perceived risks of being caught may discourage some attackers from pursuing certain targets or using certain tactics, while lower perceived risks may make them more likely to take risks and pursue more lucrative opportunities.
Another factor that may influence the decision-making of ransomware attackers is the potential payout from a successful attack. This can depend on the value of the assets or data that are being held ransom, as well as the willingness and ability of the victim to pay the ransom. Higher potential payouts may attract more attackers or encourage them to use more aggressive tactics, while lower potential payouts may deter them or lead them to focus on other targets.
Behavioural economics can also help to understand how attackers weigh the potential risks and rewards of different attack strategies and how they may be influenced by various biases and heuristics. For example, attackers may exhibit overconfidence in their own abilities or be influenced by availability bias, focusing on targets that are more familiar or easily accessible rather than those that may be more secure but less well known.
Analyzing the Behavior of Ransomware Victims
The behavior of victims of ransomware attacks can be influenced by a range of factors, including the value of the assets or data that are being held ransom, the likelihood of being able to recover the data through other means, and the potential costs and consequences of paying the ransom or not paying it. Behavioural economics can help to understand how victims weigh these factors and how they may be influenced by various biases and heuristics.
One factor that may influence the behavior of victims is the value of the assets or data that are being held ransom. For businesses, this may include the value of customer or financial data, the cost of disruption to business operations, and the potential damage to reputation or legal liabilities. For individuals, this may include the value of personal or sentimental data, such as photos or documents. Higher value assets or data may make victims more likely to pay the ransom or be more willing to consider other options such as investing in preventative measures.
Another factor that may influence the behavior of victims is the likelihood of being able to recover the data through other means. This may include the availability of backups or other data recovery options, as well as the cost and time required to implement these options. If the chances of successful data recovery are high and the costs are low, victims may be less likely to pay the ransom. On the other hand, if the chances of recovery are low or the costs are high, victims may be more likely to consider paying the ransom.
A third factor that may influence the behavior of victims is the potential costs and consequences of paying or not paying the ransom. These may include the direct financial costs of paying the ransom, as well as indirect costs such as the time and resources required to negotiate with the attackers and restore affected systems. There may also be consequences for not paying the ransom, such as the loss of valuable data or the risk of further attacks. Victims may weigh these costs and consequences against each other and make decisions based on their perceived benefits and risks.
Behavioural economics can also help to understand how victims may be influenced by various biases and heuristics, such as framing effects, loss aversion, and the sunk cost fallacy. For example, victims may be more likely to pay the ransom if it is presented as a small, manageable cost rather than a large, uncertain risk, or if they feel that they have already invested significant resources in trying to recover the data.
Examining the Market Dynamics of the Ransomware Industry
The market for ransomware tools and services is influenced by various factors that can shape the supply and demand for these products and services. Behavioural economics can help to understand the market dynamics of the ransomware industry and identify ways to disrupt and discourage this type of cybercrime.
One aspect of the market dynamics of the ransomware industry is the supply of tools and services. This includes the development and distribution of ransomware software and the provision of support and consulting services to would-be attackers. The supply of these tools and services may be influenced by factors such as the perceived demand for them, the competition among suppliers, and the perceived risks and rewards of entering the market. For example, the availability of low-cost or easy-to-use tools may increase the supply of ransomware attacks, while the perceived risks of being caught or the potential rewards of legitimate work may discourage some potential attackers from entering the market.
Another aspect of the market dynamics of the ransomware industry is the demand for tools and services. This includes the demand for ransomware attacks from affiliates and other attackers, as well as the demand for protection and incident response services from victims. The demand for ransomware attacks may be influenced by factors such as the perceived ease of conducting attacks, the potential payouts from successful attacks, and the perceived likelihood of being caught. The demand for protection and incident response services may be influenced by factors such as the perceived value of the assets or data at risk, the perceived likelihood of being attacked, and the costs and benefits of preventative measures.
Tthe availability of low-cost or easy-to-use tools may increase the demand for ransomware attacks, while the perceived risks of being caught or the potential rewards of legitimate work may influence the supply of attacks. Similarly, the perceived value of the assets or data at risk and the perceived likelihood of being attacked may influence the demand for protection and incident response services, while the costs and benefits of these services may influence the supply of them.
Understanding the market dynamics of the ransomware industry and the factors that influence them can inform efforts to disrupt and discourage this type of cybercrime. By identifying the incentives and biases that shape the supply and demand for ransomware tools and services, policymakers and businesses can develop more effective strategies for combating ransomware attacks.
Conclusion
The economics of cybercrime is a complex and evolving field that encompasses a range of threats, including ransomware, disinformation, and other forms of digital exploitation. To combat these threats effectively, it is important to understand the incentives and behaviors that drive them, as well as the market dynamics that shape their proliferation. Behavioural economics can be a valuable tool in this effort, as it helps to shed light on the decision-making processes of cybercriminals and their victims and the market forces that influence them.
One area where behavioural economics can be particularly useful is in analyzing the commercial viability of ransomware attacks against small and medium-sized enterprises (SMEs). These attacks have become more prevalent in recent years and can have devastating consequences for SMEs, which often have fewer resources and less robust cybersecurity defenses than larger organizations. By studying the factors that influence the decision-making of SMEs and attackers in these situations, behavioural economics can help to identify effective strategies for preventing and responding to these attacks.
The analysis of the commercial viability of ransomware attacks against SMEs may differ in some respects from the analysis of attacks against larger organizations. For example, SMEs may be more vulnerable to attacks due to their smaller size and may be more likely to pay ransoms due to their limited resources and lack of backup options. Larger organizations, on the other hand, may have more resources and options for recovering from attacks and may be less likely to pay ransoms. This may influence the incentives of attackers and the tactics they use.
Understanding the economics of ransomware attacks against SMEs and the factors that influence them can inform efforts to educate and protect these organizations from this type of cybercrime. By using tools and insights from fields such as behavioural economics, policymakers, law enforcement and businesses can develop more effective strategies for combating ransomware attacks and protecting against their negative consequences.
But in the light of new forms of ransomware operation, such as state-organized hacktivists ransomware campaign, the same economical factors may evolves or become irrelevant. Further research could consider looking at attacker decision-making factors in the context of hacktivist operation and how they vary from classical cybercrime.
