Abstract
Recently, ransomware attacks have become widespread and are causing unprecedented damage to cyber-physical systems. Although there are various types of ransomware, this paper focuses on a generic version and analyzes it using game theory. When attacked, victims are often faced with the dilemma of deciding whether or not to pay a ransom. To assist victims in making this decision, we develop a game-theoretic model that examines the attack environment and determines the conditions under which the defender has an advantage in neutralizing the attack. We introduce two new parameters to the game model to aid in decision-making when confronted with a ransomware attack. Additionally, we present game models that depict both rational and irrational attacker behavior. We perform a sensitivity analysis on the game model in cases where the attacker behaves rationally, and demonstrate the impact of the parameters on the decision-making process and equilibrium strategies. Ultimately, we explore how the model’s outcomes can assist defenders in designing an effective defense system to prevent and mitigate future attacks of a similar nature. This also, prepares the ground for analysis of more advanced form of malware.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ahaskar, A.: Indian healthcare sector suffers 1.9 million cyberattacks in 2022. MINT (12 2022). https://shorturl.at/msDET
Auty, M.: Anatomy of an advanced persistent threat. Netw. Secur. 2015(4), 13–16 (2015)
Baize, E.: Develo** secure products in the age of advanced persistent threats. IEEE Secur. Priv. 10(3), 88–92 (2012). https://doi.org/10.1109/MSP.2012.65
Baksi, R.P., Upadhyaya, S.J.: Decepticon: a theoretical framework to counter advanced persistent threats. Inf. Syst. Front., 1–17 (2020)
Baksi, R.P.: Pay or not pay? a game-theoretical analysis of ransomware interactions considering a defender’s deception architecture. In: 2022 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks-Supplemental Volume (DSN-S), pp. 53–54. IEEE (2022)
Baksi, R.P., Upadhyaya, S.J.: Kidemonas: the silent guardian. Secure Knowl. Manage. (SKM ‘17), Tampa, FL (10 2017)
Baksi, R.P., Upadhyaya, S.J.: A comprehensive model for elucidating advanced persistent threats (APT). In: Proceedings of the International Conference on Security and Management (SAM), pp. 245–251. The Steering Committee of The World Congress in Computer Science, Computer Enigineering (2018)
Baksi, R.P., Upadhyaya, S.J.: Game theoretic analysis of ransomware: a preliminary study. In: ICISSP, pp. 242–251 (2022)
BBC: Colonial pipeline boss confirms \$4.4M ransom payment. The British Broadcasting Corporation (05 2021). https://www.bbc.com/news/business-57178503
Cartwright, E., Hernandez Castro, J., Cartwright, A.: To pay or not: game theoretic models of ransomware. J. Cybersecur. 5(1), tyz009 (2019)
Çeker, H., Zhuang, J., Upadhyaya, S., La, Q.D., Soong, B.-H.: Deception-based game theoretical approach to mitigate dos attacks. In: Zhu, Q., Alpcan, T., Panaousis, E., Tambe, M., Casey, W. (eds.) GameSec 2016. LNCS, vol. 9996, pp. 18–38. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-47413-7_2
Chinchani, R., Iyer, A., Ngo, H., Upadhyaya, S.: Towards a theory of insider threat assessment. In: 2005 International Conference on Dependable Systems and Networks (DSN’05), pp. 108–117 (2005). https://doi.org/10.1109/DSN.2005.94
Davis, H.L.: How ECMC got hacked by cyber extortionists – and how it’s recovering. The Buffalo News (05 2017). https://buffalonews.com/business/local/how-ecmc-got-hacked-by-cyber-extortionists-and-how-its-recovering/article_bfdd8b2e-d3e3-5750-9329-2c20e8634a70.html
Deere, S.: Confidential report: Atlanta’s cyber attack could cost taxpayers \$17 million. The Atlanta Journal Constitution (08 2018). https://www.wired.com/story/atlanta-spent-26m-recover-from-ransomware-scare/
Gintis, H.: Game Theory Evolving. Princeton University Press, Princeton (2009)
Goud, N.: ECMC spends \$10 million to recover from a cyber attack! Cyber Security Insider (2017). https://www.cybersecurity-insiders.com/ecmc-spends-10-million-to-recover-from-a-cyber-attack/
Harsanyi, J.C.: Games with incomplete information. In: Evolution and Progress in Democracies, pp. 43–55. Springer (1994). https://doi.org/10.1007/978-94-017-1504-1_2
Hutchins, E.M., Cloppert, M.J., Amin, R.M.: Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Leading Issues Inf. Warfare Secur. Res. 1(1), 80 (2011)
Khouzani, M., Sarkar, S., Altman, E.: A dynamic game solution to malware attack. In: 2011 Proceedings IEEE INFOCOM, pp. 2138–2146. IEEE (2011)
Kim, Y.K., Lee, J.J., Go, M.H., Lee, K.: Analysis of the asymmetrical relationships between state actors and apt threat groups. In: 2020 International Conference on Information and Communication Technology Convergence (ICTC), pp. 695–700 (2020). https://doi.org/10.1109/ICTC49870.2020.9289506
Krishnan, S., Wei, M.: Scada testbed for vulnerability assessments, penetration testing and incident forensics. In: 2019 7th International Symposium on Digital Forensics and Security (ISDFS), pp. 1–6. IEEE (2019)
LogRhythm: the apt lifecycle and its log trail. Tech. Rep. (July 2013)
Milosevic, J., Sklavos, N., Koutsikou, K.: Malware in IoT software and hardware. Workshop on Trustworthy Manufacturing and Utilization of Secure Devices (TRUDEVICE’16), Barcelona, Spain (2016)
Pauna, A.: Improved self adaptive honeypots capable of detecting rootkit malware. In: 2012 9th International Conference on Communications (COMM), pp. 281–284. IEEE (2012)
Rashid, A., et al.: Detecting and preventing data exfiltration (2014)
Romine, T., Sanchez, R., Razek, R.: Cybercriminals behind Los Angeles unified school district ransomware attack release hacked data, superintendent says. CNN (10 2022). https://www.cnn.com/2022/10/01/us/los-angeles-unified-school-district-ransomware-attack/index.html
Selten, R.: A simple game model of kidnap**. In: Mathematical Economics and Game Theory, pp. 139–155. Springer (1977). https://doi.org/10.1007/978-3-642-45494-3_11
Selten, R.: A simple game model of kidnap**. In: Models of strategic rationality, pp. 77–93. Springer (1988). https://doi.org/10.1007/978-94-015-7774-8_4
Sen, S.R., Pradhan, B.: Hackers cripple prestigious Indian hospital’s it systems. Bloomberg (11 2022). https://www.bloomberg.com/news/articles/2022-11-29/hackers-cripple-prestigious-indian-hospital-s-internet-systems?leadSource=uverify%20wall
Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.: Automated generation and analysis of attack graphs. In: Proceedings 2002 IEEE Symposium on Security and Privacy, pp. 273–284 (2002). https://doi.org/10.1109/SECPRI.2002.1004377
Sheyner, O., Wing, J.: Tools for Generating and Analyzing Attack Graphs, vol. 3188, pp. 344–372 (11 2003). https://doi.org/10.1007/978-3-540-30101-1_17
Sood, A.K., Enbody, R.J.: Targeted cyberattacks: a superset of advanced persistent threats. IEEE Secur. Priv. 11(1), 54–61 (2013). https://doi.org/10.1109/MSP.2012.90
Spyridopoulos, T., Oikonomou, G., Tryfonas, T., Ge, M.: Game theoretic approach for cost-benefit analysis of malware proliferation prevention. In: Janczewski, L.J., Wolfe, H.B., Shenoi, S. (eds.) SEC 2013. IAICT, vol. 405, pp. 28–41. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39218-4_3
Zakaria, W.Z.A., Abdollah, M.F., Mohd, O., Ariffin, A.F.M.: The rise of ransomware. In: Proceedings of the 2017 International Conference on Software and e-Business, pp. 66–70 (2017)
Zantua, M.A., Popovsky, V., Endicott-Popovsky, B., Holt, F.B.: Discovering a profile for protect and defend: penetration testing. In: Zaphiris, P., Ioannou, A. (eds.) LCT 2018. LNCS, vol. 10925, pp. 530–540. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-91152-6_41
Acknowledgment
This research is supported in part by the National Science Foundation under Grant No. DGE –1754085. Usual disclaimers apply.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Baksi, R.P., Upadhyaya, S. (2023). A Game Theoretic Approach to the Design of Mitigation Strategies for Generic Ransomware. In: Mori, P., Lenzini, G., Furnell, S. (eds) Information Systems Security and Privacy. ICISSP ICISSP 2021 2022. Communications in Computer and Information Science, vol 1851. Springer, Cham. https://doi.org/10.1007/978-3-031-37807-2_6
Download citation
DOI: https://doi.org/10.1007/978-3-031-37807-2_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-37806-5
Online ISBN: 978-3-031-37807-2
eBook Packages: Computer ScienceComputer Science (R0)