Multistage Game Theoretical Approach for Ransomware Attack and Defense

Abstract

Ransomware attacks have become a critical threat in human society. This paper proposes a multistage game for the ransomware attacker and the target. The game consists of four subgames, which comprehensively model the decision-making of the attacker and the target in different stages of a ransomware attack event (i.e., the data backup stage, ransomware development stage, compromise stage, and data release stage). A backward induction-based analysis framework is developed to obtain the equilibrium of each subgame. Extensive experiments are conducted to investigate the optimal decisions of the attacker and the target under different game conditions. From the theoretical analysis and experiments, practical strategies are summarized for relevant parties in a ransomware attack event. For example: performing ex-ante data backup, promptly calling the executive branch, and actively negotiating with the attacker are the most effective ways for reducing the loss of the target, while carefully choosing the target for launching the attack and proposing a reasonable ransom amount can effectively increase the attacker's benefits. These analysis and experiment results can provide a useful reference to understand ransomware attacks and take measures to reduce or mitigate their negative impact on human society.