Ransomware as a Predator: Modelling the Systemic Risk to Prey
Digital Threats: Research and Practice, ISSN: 2576-5337, Vol: 4, Issue: 4, Page: 1-38
2023
- 2Citations
- 33Captures
Metric Options: CountsSelecting the 1-year or 3-year option will change the metrics count to percentiles, illustrating how an article or review compares to other articles or reviews within the selected time period in the same journal. Selecting the 1-year option compares the metrics against other articles/reviews that were also published in the same calendar year. Selecting the 3-year option compares the metrics against other articles/reviews that were also published in the same calendar year plus the two years prior.
Example: if you select the 1-year option for an article published in 2019 and a metric category shows 90%, that means that the article or review is performing better than 90% of the other articles/reviews published in that journal in 2019. If you select the 3-year option for the same article published in 2019 and the metric category shows 90%, that means that the article or review is performing better than 90% of the other articles/reviews published in that journal in 2019, 2018 and 2017.
Citation Benchmarking is provided by Scopus and SciVal and is different from the metrics context provided by PlumX Metrics.
Example: if you select the 1-year option for an article published in 2019 and a metric category shows 90%, that means that the article or review is performing better than 90% of the other articles/reviews published in that journal in 2019. If you select the 3-year option for the same article published in 2019 and the metric category shows 90%, that means that the article or review is performing better than 90% of the other articles/reviews published in that journal in 2019, 2018 and 2017.
Citation Benchmarking is provided by Scopus and SciVal and is different from the metrics context provided by PlumX Metrics.
Article Description
The accelerated pace with which companies, governments, and institutions embrace digital transformation is creating opportunities for economic prosperity, but also increases the threat landscape. Recent orchestrated cyber-attacks have revealed the unpredictability of the harm they can cause in our society, rendering the creation of new models that capture systemic risk more critical than ever. In this article, we model the behaviour of one of the most prominent cyber-attacks: ransomware; in particular, ransomware that propagates between organisations via the Internet. We draw concepts from epidemiological models of viral propagation to reason about policies that can reduce the systemic cyber-risk to the community. To achieve this, we present a compartment-based epidemiological model of predator-prey interactions and run simulations to validate the importance of defensive controls that reduce the propagation of ransomware. Our model suggests that with specific defensive controls in place, other response policies may also become more effective. A prey policy to not pay the ransom may improve the ability of the victim population to recover; while information-sharing may reduce the number of organisations compromised if certain conditions on the speed of threat-intelligence sharing practices are met. These results indicate the validity of the approach, which we believe could be extended to explore the impacts of a broad range of attacker and defender behaviours and characteristics of the digital environment on systemic risk.
Bibliographic Details
Provide Feedback
Have ideas for a new metric? Would you like to see something else here?Let us know