To pay or not: game theoretic models of ransomware

Ransomware is a form of malware that encrypts files and demands a ransom from victims. It can be viewed as a form of kidnapping in which the criminal takes control of the victim’s files with the objective of financial gain. In this paper we review and develop the game theoretic literature on kidnapping in order to gain insight on ransomware. The prior literature on kidnapping has largely focused on political or terrorist hostage taking. We will, however, see that there are important lessons that can be drawn on the likely evolution of ransomware and ways in which it can be tackled. ∗Department of Strategic Management and Marketing, De Montfort University, Leicester, LE1 9BH UK. Corresponding author, email ejcartwright1@gmail.com. †This project has received funding from the Engineering and Physical Sciences Research Council (EPSRC) for project EP/P011772/1 on the EconoMical, PsycHologicAl and Societal Impact of RanSomware (EMPHASIS). The authors also want to thank the European Union’s Horizon 2020 research and innovation programme, under grant agreement No.700326 (RAMSES project), which also supported this work. ‡School of Computing, University of Kent, UK. §School of Economics, Finance and Accounting, Coventry University, UK.