A Mechanism Design Approach to Solve Ransomware Dilemmas

Authors

Iman Vakilinia, University of North FloridaFollow
Mohammad Mahdi Khalili, University of Delaware
Ming Li, The University of Texas at Arlington

Document Type

Conference Proceeding

Publication Date

1-1-2021

Abstract

Recently ransomware attacks have caused tremendous costs for businesses and society. Although cybersecurity researchers have developed best practices to protect computer systems from hackers, it is not expected that ransomware attacks will be prohibited in a near future mainly due to their complexity and profitability. Despite the wide research studies for developing the proactive approaches to protect the systems from ransomware attacks, facilitating the negotiation between attacker and victim after a successful attack has not been well investigated yet. As the attacker does not know the victim’s true valuation for the data and the victim does not know the minimum ransom value that can satisfy the attacker, bargaining for ransom value can be time-consuming causing extra interruption cost for the victim. On the other hand, as there is no guarantee that the attacker will in turn release the decryption key after the payment of ransom, many victims are reluctant to pay the ransom and they accept the cost of data loss. Therefore, it is important to facilitate the negotiation between the attacker and victim to accelerate the release of data. To this end, first, we propose a mechanism to assist the negotiation for ransom value without a Trusted Third Party (TTP). We study the fair ransom value and investigate the development of a double-sided-blind auction mechanism to achieve the incentive-compatibility. In the second part, we propose a mechanism enforcing the victim and attacker to make the payment and release of decryption key without a TTP. To achieve this goal, we create a dynamic game and set incentives such that the subgame perfect equilibrium matches our design goal. We utilize smart-contract for the implementation of our proposed mechanisms to alleviate the TTP requirement.

Publication Title

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volume

13061 LNCS

First Page

181

Last Page

194

Digital Object Identifier (DOI)

10.1007/978-3-030-90370-1_10

ISSN

03029743

E-ISSN

16113349

ISBN

9783030903695

Citation Information

Iman Vakilinia, Mohammad Mahdi Khalili, and Ming Li. 2021. A Mechanism Design Approach to Solve Ransomware Dilemmas. In Decision and Game Theory for Security: 12th International Conference, GameSec 2021, Virtual Event, October 25–27, 2021, Proceedings. Springer-Verlag, Berlin, Heidelberg, 181–194. https://doi.org/10.1007/978-3-030-90370-1_10