Double-Extortion Ransomware: A Study of Cybercriminal Profit, Effort, and Risk
Tom Meurs is an external Ph.D. candidate within the Section Industrial Engineering and Business Information Systems (IEBIS), Department of High-tech Business and Entrepreneurship (HBE), Faculty of Behavioural, Management, and Social Sciences (BMS) at the University of Twente. His promotor is Prof. dr. Marianne Junger (BMS), with dr. Abhishta (BMS) and dr. Ir. Erik Tews (EEMCS), as copromotors and daily supervisors. Outside of his Ph.D. studies, Tom works at the Police, Cybercrime Unit East-Netherlands, focusing on ransomware.
In the rapidly evolving world of cybercrime, law enforcement agencies are increasingly challenged to adapt their strategies and tools to effectively combat digital threats. This Ph.D. dissertation investigates the criminal decision-making processes behind ransomware attacks, including the human factors, economic incentives, and risks involved. The dissertation combines empirical analysis of ransomware incidents, the effectiveness of police interventions, and behavioral insights from offenders to offer a deeper understanding of how interventions can influence ransomware attacks.
A key finding of the research is the importance of understanding offenders' economic calculations, including profits, effort, and risk, which are central to Rational Choice Theory. Additionally, the study explores the role of law enforcement interventions, such as sanctions, arrest strategies, and the use of decryptors, in disrupting ransomware activities. By applying data-driven models, including capture-recapture methodology and hurdle model estimation, the dissertation provides a comprehensive approach to estimating the prevalence of ransomware attacks and understanding the effectiveness of law enforcement measures. This research aims to improve the capacity of law enforcement to design more effective, evidence-based strategies to combat ransomware, ultimately contributing to a safer digital environment.