学术文献库

Ransomware has emerged as one of the most concerned cyber risks in recent years, which has caused millions of dollars monetary loss over the world. It typically demands a certain amount of ransom payment within a limited timeframe to decrypt the encrypted victim's files. This paper explores whether the ransomware should be paid in a novel game-theoretic model from the perspective of Bayesian game. In particular, the new model analyzes the ransom payment strategies within the framework of incomplete information for both hacker and victim. Our results show that there exist pure and randomized Bayesian Nash equilibria under some mild conditions for the hacker and victim. The sufficient conditions that when the ransom should be paid are presented when an organization is compromised by the ransomware attack. We further study how the costs and probabilities of cracking or recovering affect the expected payoffs of the hacker and the victim in the equilibria. In particular, it is found that the backup option for computer files is not always beneficial, which actually depends on the related cost. Moreover, it is discovered that fake ransomware may be more than expected because of the potential high payoffs. Numerical examples are also presented for illustration.