‘There was a bit of PTSD every time I walked through the office door’: Ransomware harms and the factors that influence the victim organization’s experience

IF 2.9 Q1 SOCIAL SCIENCES, INTERDISCIPLINARY

Journal of Cybersecurity Pub Date : 2024-07-30 DOI:10.1093/cybsec/tyae013

Gareth Mott, Sarah Turner, Jason R C Nurse, Nandita Pattnaik, Jamie MacColl, Pia Huesch, James Sullivan

{"title":"‘There was a bit of PTSD every time I walked through the office door’: Ransomware harms and the factors that influence the victim organization’s experience","authors":"Gareth Mott, Sarah Turner, Jason R C Nurse, Nandita Pattnaik, Jamie MacColl, Pia Huesch, James Sullivan","doi":"10.1093/cybsec/tyae013","DOIUrl":null,"url":null,"abstract":"Ransomware is a pernicious contemporary cyber threat for organizations, with ransomware operators intentionally leveraging a range of harms against their victims in order to solicit increasingly significant ransom payments. This article advances current research by engaging in a topical analysis into the depth and breadth of harms experienced by victim organizations and their members of staff. We, therefore, enhance the understanding of the negative experiences from ransomware attacks, particularly looking beyond the financial impact which dominates current narratives. Having conducted an interview or workshop with 83 professionals including ransomware victims, incident responders, ransom negotiators, law enforcement, and government, we identify a wide array of severe harms. For organizations, the risk of business interruption and/or data exposure presents potentially highly impactful financial and reputational harm(s). The victim organization’s staff can also experience a range of under-reported harms, which include physiological and physical harms that may be acute. We also identify factors that can either alleviate or aggravate the experiencing of harms at the organizational and employee level; including ransomware preparedness, leadership culture, and crisis communication. Given the scale and scope of the identified harms, the paper provides significant new empirical evidence to emphasize ransomware’s positioning as a whole-of-organization crisis phenomenon, as opposed to an ‘IT problem’. We argue that the wider discourse surrounding ransomware harms and impacts should be reflective of the nature of the real-term experience(s) of victims. This, in turn, could help guide efforts to alleviate ransomware harms, through improved organizational ransomware preparedness and tailored post-ransomware mitigation.","PeriodicalId":44310,"journal":{"name":"Journal of Cybersecurity","volume":null,"pages":null},"PeriodicalIF":2.9000,"publicationDate":"2024-07-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Cybersecurity","FirstCategoryId":"1093","ListUrlMain":"https://doi.org/10.1093/cybsec/tyae013","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"SOCIAL SCIENCES, INTERDISCIPLINARY","Score":null,"Total":0}

引用次数: 0

Abstract

Ransomware is a pernicious contemporary cyber threat for organizations, with ransomware operators intentionally leveraging a range of harms against their victims in order to solicit increasingly significant ransom payments. This article advances current research by engaging in a topical analysis into the depth and breadth of harms experienced by victim organizations and their members of staff. We, therefore, enhance the understanding of the negative experiences from ransomware attacks, particularly looking beyond the financial impact which dominates current narratives. Having conducted an interview or workshop with 83 professionals including ransomware victims, incident responders, ransom negotiators, law enforcement, and government, we identify a wide array of severe harms. For organizations, the risk of business interruption and/or data exposure presents potentially highly impactful financial and reputational harm(s). The victim organization’s staff can also experience a range of under-reported harms, which include physiological and physical harms that may be acute. We also identify factors that can either alleviate or aggravate the experiencing of harms at the organizational and employee level; including ransomware preparedness, leadership culture, and crisis communication. Given the scale and scope of the identified harms, the paper provides significant new empirical evidence to emphasize ransomware’s positioning as a whole-of-organization crisis phenomenon, as opposed to an ‘IT problem’. We argue that the wider discourse surrounding ransomware harms and impacts should be reflective of the nature of the real-term experience(s) of victims. This, in turn, could help guide efforts to alleviate ransomware harms, through improved organizational ransomware preparedness and tailored post-ransomware mitigation.

查看原文本刊更多论文

每次走进办公室的门，我都有点创伤后应激障碍"：勒索软件的危害和影响受害组织经历的因素

勒索软件是当代组织面临的一种有害的网络威胁，勒索软件的操作者有意利用一系列对受害者的伤害来索取越来越多的赎金。本文通过对受害组织及其员工所经历的伤害的深度和广度进行专题分析，推进了当前的研究。因此，我们加深了对勒索软件攻击带来的负面体验的理解，尤其是超越了目前主要叙述的财务影响。在与包括勒索软件受害者、事件响应者、赎金谈判者、执法部门和政府在内的 83 位专业人士进行访谈或举办研讨会后，我们发现了一系列严重的危害。对组织而言，业务中断和/或数据暴露的风险可能会造成严重的财务和声誉损害。受害组织的员工也可能经历一系列未被充分报告的伤害，其中包括可能很严重的生理和身体伤害。我们还确定了可减轻或加重组织和员工层面伤害的因素，包括勒索软件的准备工作、领导文化和危机沟通。鉴于所发现的危害的规模和范围，本文提供了重要的新经验证据，强调了勒索软件作为整个组织危机现象的定位，而非 "IT 问题"。我们认为，围绕勒索软件危害和影响的更广泛讨论应反映受害者实际经历的性质。反过来，这也有助于通过改善组织对勒索软件的准备工作和量身定制的勒索软件后缓解措施来指导减轻勒索软件危害的工作。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Cybersecurity SOCIAL SCIENCES, INTERDISCIPLINARY-

CiteScore

6.20

自引率

2.60%

发文量

审稿时长

18 weeks

期刊介绍： Journal of Cybersecurity provides a hub around which the interdisciplinary cybersecurity community can form. The journal is committed to providing quality empirical research, as well as scholarship, that is grounded in real-world implications and solutions. Journal of Cybersecurity solicits articles adhering to the following, broadly constructed and interpreted, aspects of cybersecurity: anthropological and cultural studies; computer science and security; security and crime science; cryptography and associated topics; security economics; human factors and psychology; legal aspects of information security; political and policy perspectives; strategy and international relations; and privacy.