A pair of College of Business professors and their doctoral student at The University of Texas at Arlington are exploring how ransomware attacks sometimes pit organizations against the law enforcement agencies trying to protect them.
Kay-Yut Chen, Jingguo Wang and Yan Lang are authors of a new study in the journal Management Science titled “Coping with Digital Extortion: An Experimental Study on Benefit Appeals and Normative Appeals.” Chen and Wang are professors of information systems and operations management at UTA. Lang is a doctoral student in the department.
A ransomware attack is like a cyber hijacking, with criminals infiltrating and seizing an organization’s data or computer systems and demanding a payment or ransom to restore access.
In its study, the UTA trio explains that companies are finding that it makes sense to negotiate with their attackers to drive down the cost of the ransom. But such behavior in turn incentivizes attackers to continue their illegal activities and runs counter to FBI guidance.
“From a policy perspective, the FBI is telling businesses not to give in,” Wang said. “But we’ve found that when you’re trying to run a business, there is almost always a ransom that becomes similar to a break-even point.”
This study investigates in part how to nudge companies toward adopting strategies that decrease the risk of digital extortion. The researchers used behavioral game theory to study tactics such as investing in cybersecurity or refusing to pay ransoms and used human subject experiments to analyze strategic decisions made by interacting players.
“We reason that when companies are hit with ransomware attacks, even if they pay the ransom, they still must pay for added security,” Chen said.
National data shows these ransomware attacks are spiking, with experts saying an organization is attacked by ransomware every 40 seconds. Earlier this year, one of the nation’s largest pipelines, carrying gasoline and jet fuel from Texas to the East Coast, shut down after a ransomware attack.
“We must convince companies that just because the bad actors come down on the ransom, it doesn’t make it right to pay them—and you’ll probably continue to have problems,” Wang said. “We need to encourage firms to do the right thing in security investing. Recognizing the long-term benefits of this approach could help other companies come to the right decision.”
NCCoE preliminary draft report on ransomware risk management
Citation:
Professors study ideal responses to ransomware attacks (2021, June 30)
retrieved 30 June 2021
from https://techxplore.com/news/2021-06-professors-ideal-responses-ransomware.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no
part may be reproduced without the written permission. The content is provided for information purposes only.
Stay connected with us on social media platform for instant update click here to join our Twitter, & Facebook
We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
Denial of responsibility! NewsAzi is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.
