Skip to main content
SpringerLink
Log in

A Game Theoretic Approach to the Design of Mitigation Strategies for Generic Ransomware

  • Conference paper
  • First Online:
Information Systems Security and Privacy (ICISSP 2021, ICISSP 2022)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1851))

  • 95 Accesses

Abstract

Recently, ransomware attacks have become widespread and are causing unprecedented damage to cyber-physical systems. Although there are various types of ransomware, this paper focuses on a generic version and analyzes it using game theory. When attacked, victims are often faced with the dilemma of deciding whether or not to pay a ransom. To assist victims in making this decision, we develop a game-theoretic model that examines the attack environment and determines the conditions under which the defender has an advantage in neutralizing the attack. We introduce two new parameters to the game model to aid in decision-making when confronted with a ransomware attack. Additionally, we present game models that depict both rational and irrational attacker behavior. We perform a sensitivity analysis on the game model in cases where the attacker behaves rationally, and demonstrate the impact of the parameters on the decision-making process and equilibrium strategies. Ultimately, we explore how the model’s outcomes can assist defenders in designing an effective defense system to prevent and mitigate future attacks of a similar nature. This also, prepares the ground for analysis of more advanced form of malware.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Ahaskar, A.: Indian healthcare sector suffers 1.9 million cyberattacks in 2022. MINT (12 2022). https://shorturl.at/msDET

  2. Auty, M.: Anatomy of an advanced persistent threat. Netw. Secur. 2015(4), 13–16 (2015)

    Article  Google Scholar 

  3. Baize, E.: Developing secure products in the age of advanced persistent threats. IEEE Secur. Priv. 10(3), 88–92 (2012). https://doi.org/10.1109/MSP.2012.65

    Article  Google Scholar 

  4. Baksi, R.P., Upadhyaya, S.J.: Decepticon: a theoretical framework to counter advanced persistent threats. Inf. Syst. Front., 1–17 (2020)

    Google Scholar 

  5. Baksi, R.P.: Pay or not pay? a game-theoretical analysis of ransomware interactions considering a defender’s deception architecture. In: 2022 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks-Supplemental Volume (DSN-S), pp. 53–54. IEEE (2022)

    Google Scholar 

  6. Baksi, R.P., Upadhyaya, S.J.: Kidemonas: the silent guardian. Secure Knowl. Manage. (SKM ‘17), Tampa, FL (10 2017)

    Google Scholar 

  7. Baksi, R.P., Upadhyaya, S.J.: A comprehensive model for elucidating advanced persistent threats (APT). In: Proceedings of the International Conference on Security and Management (SAM), pp. 245–251. The Steering Committee of The World Congress in Computer Science, Computer Enigineering (2018)

    Google Scholar 

  8. Baksi, R.P., Upadhyaya, S.J.: Game theoretic analysis of ransomware: a preliminary study. In: ICISSP, pp. 242–251 (2022)

    Google Scholar 

  9. BBC: Colonial pipeline boss confirms \$4.4M ransom payment. The British Broadcasting Corporation (05 2021). https://www.bbc.com/news/business-57178503

  10. Cartwright, E., Hernandez Castro, J., Cartwright, A.: To pay or not: game theoretic models of ransomware. J. Cybersecur. 5(1), tyz009 (2019)

    Google Scholar 

  11. Çeker, H., Zhuang, J., Upadhyaya, S., La, Q.D., Soong, B.-H.: Deception-based game theoretical approach to mitigate dos attacks. In: Zhu, Q., Alpcan, T., Panaousis, E., Tambe, M., Casey, W. (eds.) GameSec 2016. LNCS, vol. 9996, pp. 18–38. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-47413-7_2

    Chapter  MATH  Google Scholar 

  12. Chinchani, R., Iyer, A., Ngo, H., Upadhyaya, S.: Towards a theory of insider threat assessment. In: 2005 International Conference on Dependable Systems and Networks (DSN’05), pp. 108–117 (2005). https://doi.org/10.1109/DSN.2005.94

  13. Davis, H.L.: How ECMC got hacked by cyber extortionists – and how it’s recovering. The Buffalo News (05 2017). https://buffalonews.com/business/local/how-ecmc-got-hacked-by-cyber-extortionists-and-how-its-recovering/article_bfdd8b2e-d3e3-5750-9329-2c20e8634a70.html

  14. Deere, S.: Confidential report: Atlanta’s cyber attack could cost taxpayers \$17 million. The Atlanta Journal Constitution (08 2018). https://www.wired.com/story/atlanta-spent-26m-recover-from-ransomware-scare/

  15. Gintis, H.: Game Theory Evolving. Princeton University Press, Princeton (2009)

    Google Scholar 

  16. Goud, N.: ECMC spends \$10 million to recover from a cyber attack! Cyber Security Insider (2017). https://www.cybersecurity-insiders.com/ecmc-spends-10-million-to-recover-from-a-cyber-attack/

  17. Harsanyi, J.C.: Games with incomplete information. In: Evolution and Progress in Democracies, pp. 43–55. Springer (1994). https://doi.org/10.1007/978-94-017-1504-1_2

  18. Hutchins, E.M., Cloppert, M.J., Amin, R.M.: Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Leading Issues Inf. Warfare Secur. Res. 1(1), 80 (2011)

    Google Scholar 

  19. Khouzani, M., Sarkar, S., Altman, E.: A dynamic game solution to malware attack. In: 2011 Proceedings IEEE INFOCOM, pp. 2138–2146. IEEE (2011)

    Google Scholar 

  20. Kim, Y.K., Lee, J.J., Go, M.H., Lee, K.: Analysis of the asymmetrical relationships between state actors and apt threat groups. In: 2020 International Conference on Information and Communication Technology Convergence (ICTC), pp. 695–700 (2020). https://doi.org/10.1109/ICTC49870.2020.9289506

  21. Krishnan, S., Wei, M.: Scada testbed for vulnerability assessments, penetration testing and incident forensics. In: 2019 7th International Symposium on Digital Forensics and Security (ISDFS), pp. 1–6. IEEE (2019)

    Google Scholar 

  22. LogRhythm: the apt lifecycle and its log trail. Tech. Rep. (July 2013)

    Google Scholar 

  23. Milosevic, J., Sklavos, N., Koutsikou, K.: Malware in IoT software and hardware. Workshop on Trustworthy Manufacturing and Utilization of Secure Devices (TRUDEVICE’16), Barcelona, Spain (2016)

    Google Scholar 

  24. Pauna, A.: Improved self adaptive honeypots capable of detecting rootkit malware. In: 2012 9th International Conference on Communications (COMM), pp. 281–284. IEEE (2012)

    Google Scholar 

  25. Rashid, A., et al.: Detecting and preventing data exfiltration (2014)

    Google Scholar 

  26. Romine, T., Sanchez, R., Razek, R.: Cybercriminals behind Los Angeles unified school district ransomware attack release hacked data, superintendent says. CNN (10 2022). https://www.cnn.com/2022/10/01/us/los-angeles-unified-school-district-ransomware-attack/index.html

  27. Selten, R.: A simple game model of kidnapping. In: Mathematical Economics and Game Theory, pp. 139–155. Springer (1977). https://doi.org/10.1007/978-3-642-45494-3_11

  28. Selten, R.: A simple game model of kidnapping. In: Models of strategic rationality, pp. 77–93. Springer (1988). https://doi.org/10.1007/978-94-015-7774-8_4

  29. Sen, S.R., Pradhan, B.: Hackers cripple prestigious Indian hospital’s it systems. Bloomberg (11 2022). https://www.bloomberg.com/news/articles/2022-11-29/hackers-cripple-prestigious-indian-hospital-s-internet-systems?leadSource=uverify%20wall

  30. Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.: Automated generation and analysis of attack graphs. In: Proceedings 2002 IEEE Symposium on Security and Privacy, pp. 273–284 (2002). https://doi.org/10.1109/SECPRI.2002.1004377

  31. Sheyner, O., Wing, J.: Tools for Generating and Analyzing Attack Graphs, vol. 3188, pp. 344–372 (11 2003). https://doi.org/10.1007/978-3-540-30101-1_17

  32. Sood, A.K., Enbody, R.J.: Targeted cyberattacks: a superset of advanced persistent threats. IEEE Secur. Priv. 11(1), 54–61 (2013). https://doi.org/10.1109/MSP.2012.90

    Article  Google Scholar 

  33. Spyridopoulos, T., Oikonomou, G., Tryfonas, T., Ge, M.: Game theoretic approach for cost-benefit analysis of malware proliferation prevention. In: Janczewski, L.J., Wolfe, H.B., Shenoi, S. (eds.) SEC 2013. IAICT, vol. 405, pp. 28–41. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39218-4_3

    Chapter  Google Scholar 

  34. Zakaria, W.Z.A., Abdollah, M.F., Mohd, O., Ariffin, A.F.M.: The rise of ransomware. In: Proceedings of the 2017 International Conference on Software and e-Business, pp. 66–70 (2017)

    Google Scholar 

  35. Zantua, M.A., Popovsky, V., Endicott-Popovsky, B., Holt, F.B.: Discovering a profile for protect and defend: penetration testing. In: Zaphiris, P., Ioannou, A. (eds.) LCT 2018. LNCS, vol. 10925, pp. 530–540. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-91152-6_41

    Chapter  Google Scholar 

Download references

Acknowledgment

This research is supported in part by the National Science Foundation under Grant No. DGE –1754085. Usual disclaimers apply.

Author information

Authors and Affiliations

  1. Illinois State University, Normal, IL, 61761, USA

    Rudra Prasad Baksi

  2. University at Buffalo, SUNY, Buffalo, NY, 14260, USA

    Shambhu Upadhyaya

Authors
  1. Rudra Prasad Baksi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shambhu Upadhyaya
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rudra Prasad Baksi .

Editor information

Editors and Affiliations

  1. Consiglio Nazionale delle Ricerche, Pisa, Italy

    Paolo Mori

  2. University of Luxembourg, Esch-sur-Alzette, Luxembourg

    Gabriele Lenzini

  3. University of Nottingham, Nottingham, UK

    Steven Furnell

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Baksi, R.P., Upadhyaya, S. (2023). A Game Theoretic Approach to the Design of Mitigation Strategies for Generic Ransomware. In: Mori, P., Lenzini, G., Furnell, S. (eds) Information Systems Security and Privacy. ICISSP ICISSP 2021 2022. Communications in Computer and Information Science, vol 1851. Springer, Cham. https://doi.org/10.1007/978-3-031-37807-2_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-37807-2_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-37806-5

  • Online ISBN: 978-3-031-37807-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation