DESCRIPTION
Ransomware attacks have become a significant threat in the contemporary digital era, impacting individuals, businesses, and governments worldwide. The percentage of affected organisations rose sharply from 37% in 2020 to 66% in 2021, a trend that continued in 2022 (Sophos, 2022; Sophos, 2023). This increased victimization of organisations is very alarming.
Ransomware is a type of malware that locks the victim’s computer or encrypts the victim’s data and payment is demanded to regain access (van der Wagen & Pieters, 2018). When organizations fall victim to a ransomware attack, they are subsequently presented with a ransom note demand from the cybercriminals (Hull et al., 2019). This note not only informs the victim about their inaccessible files but also specifies the ransom amount and provides a digital communication channel with the perpetrators (Falco et al., 2019). Via this channel, the potential for a negotiation arises between the attackers and the victim.
In this bachelor thesis project, we will have a closer look on real case negotiation logs. The project is part of the PhD project of Michalis Georgiou that focuses on ransomware negotiations and aims to gain an understanding on the influence strategies (Giebels & Taylor, 2010; see also Giebels & Euwema, 2024) being used by the threat actors and the victim’s negotiators. This research aims to uncover the underlying dynamics of these negotiations, hoping to contribute valuable knowledge to the fields of psychology and cybersecurity.
RESEARCH QUESTIONS
There are some examples of potential research questions:
1. What patterns of influence tactics emerge during ransomware negotiations?
2. Can key factors be identified when comparing the outcome of a successful and an unsuccessful negotiation?
3. How do influence tactics correlate with ransom amount and negotiation outcome?
4. Are there identifiable stages in ransomware negotiations, and how do these stages influence the overall process and outcome?
TYPE OF RESEARCH
Coding of authentic negotiation interactions
Analysis of those codings in a qualitative and quantitative way
KEY WORDS
Ransomware, negotiations, influence strategies.
INFORMATION
Please contact Lynn Weiher (l.weiher@utwente.nl) when you are interested in this assignment. The assignment is open to two students.
literature
Beaman, C., Barkworth, A., Akande, T. D., Hakak, S., & Khan, M. K. (2021). Ransomware: Recent advances, analysis, challenges and future research directions. Computers & Security, 111, 102490. https://doi.org/10.1016/j.cose.2021.102490
Euwema, M.C. & Giebels, E. (2024; chapter 5). Conflictmanagement & mediation. Edgar Elgar Publishing. ISBN 978 1 0353 3154 3.
Falco, G., Noriega, A., & Susskind, L. (2019). Cyber negotiation: a cyber risk management approach to defend urban critical infrastructure from cyberattacks. Journal of Cyber Policy, 4(1), 90-116. doi:10.1080/23738871.2019.1586969
Giebels, E. & Taylor, P.J. (2010). Communication predictors and social influence in crisis negotiations. In R.G. Rogan & F. J. Lanceley (Eds.) Contemporary Theory, Research, and Practice of Crisis and Hostage Negotiation, pp 59-77. Cresskill, New Jersey: Hampton press.
Hull, G., John, H., & Arief, B. (2019). Ransomware deployment methods and analysis: views from a predictive model and human responses. Crime Science, 8(1). doi:10.1186/s40163-019-0097-9
Sophos. (2022). The State of Ransomware 2022. Sophos Ltd. Retrieved from https://assets.sophos.com/X24WTUEQ/at/4zpw59pnkpxxnhfhgj9bxgj9/sophos-state-of-ransomware-2022-wp.pdf
Sophos. (2023). The State of Ransomware 2023. Sophos Ltd. Retrieved from https://assets.sophos.com/X24WTUEQ/at/c949g7693gsnjh9rb9gr8/sophos-state-of-ransomware-2023-wp.pdf
Van Der Wagen, W., & Pieters, W. (2018). The hybrid victim: Re-conceptualizing high-tech cyber victimization through actor-network theory. European Journal of Criminology, 17(4), 480–497. https://doi.org/10.1177/1477370818812016