{"title":"驯服勒索软件威胁:利用前景理论做出理性支付决策","authors":"Pranjal Sharma","doi":"arxiv-2409.09744","DOIUrl":null,"url":null,"abstract":"Day by day, the frequency of ransomware attacks on organizations is\nexperiencing a significant surge. High-profile incidents involving major\nentities like Las Vegas giants MGM Resorts, Caesar Entertainment, and Boeing\nunderscore the profound impact, posing substantial business barriers. When a\nsudden cyberattack occurs, organizations often find themselves at a loss, with\na looming countdown to pay the ransom, leading to a cascade of impromptu and\nunfavourable decisions. This paper adopts a novel approach, leveraging Prospect\nTheory, to elucidate the tactics employed by cyber attackers to entice\norganizations into paying the ransom. Furthermore, it introduces an algorithm\nbased on Prospect Theory and an Attack Recovery Plan, enabling organizations to\nmake informed decisions on whether to consent to the ransom demands or resist.\nThis algorithm Ransomware Risk Analysis and Decision Support (RADS) uses\nProspect Theory to re-instantiate the shifted reference manipulated as\nperceived gains by attackers and adjusts for the framing effect created due to\ntime urgency. Additionally, leveraging application criticality and\nincorporating Prospect Theory's insights into under/over weighing\nprobabilities, RADS facilitates informed decision-making that transcends the\nsimplistic framework of \"consent\" or \"resistance,\" enabling organizations to\nachieve optimal decisions.","PeriodicalId":501332,"journal":{"name":"arXiv - CS - Cryptography and Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2024-09-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Taming the Ransomware Threats: Leveraging Prospect Theory for Rational Payment Decisions\",\"authors\":\"Pranjal Sharma\",\"doi\":\"arxiv-2409.09744\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Day by day, the frequency of ransomware attacks on organizations is\\nexperiencing a significant surge. High-profile incidents involving major\\nentities like Las Vegas giants MGM Resorts, Caesar Entertainment, and Boeing\\nunderscore the profound impact, posing substantial business barriers. When a\\nsudden cyberattack occurs, organizations often find themselves at a loss, with\\na looming countdown to pay the ransom, leading to a cascade of impromptu and\\nunfavourable decisions. This paper adopts a novel approach, leveraging Prospect\\nTheory, to elucidate the tactics employed by cyber attackers to entice\\norganizations into paying the ransom. Furthermore, it introduces an algorithm\\nbased on Prospect Theory and an Attack Recovery Plan, enabling organizations to\\nmake informed decisions on whether to consent to the ransom demands or resist.\\nThis algorithm Ransomware Risk Analysis and Decision Support (RADS) uses\\nProspect Theory to re-instantiate the shifted reference manipulated as\\nperceived gains by attackers and adjusts for the framing effect created due to\\ntime urgency. Additionally, leveraging application criticality and\\nincorporating Prospect Theory's insights into under/over weighing\\nprobabilities, RADS facilitates informed decision-making that transcends the\\nsimplistic framework of \\\"consent\\\" or \\\"resistance,\\\" enabling organizations to\\nachieve optimal decisions.\",\"PeriodicalId\":501332,\"journal\":{\"name\":\"arXiv - CS - Cryptography and Security\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-09-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"arXiv - CS - Cryptography and Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/arxiv-2409.09744\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - CS - Cryptography and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2409.09744","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Taming the Ransomware Threats: Leveraging Prospect Theory for Rational Payment Decisions
Day by day, the frequency of ransomware attacks on organizations is
experiencing a significant surge. High-profile incidents involving major
entities like Las Vegas giants MGM Resorts, Caesar Entertainment, and Boeing
underscore the profound impact, posing substantial business barriers. When a
sudden cyberattack occurs, organizations often find themselves at a loss, with
a looming countdown to pay the ransom, leading to a cascade of impromptu and
unfavourable decisions. This paper adopts a novel approach, leveraging Prospect
Theory, to elucidate the tactics employed by cyber attackers to entice
organizations into paying the ransom. Furthermore, it introduces an algorithm
based on Prospect Theory and an Attack Recovery Plan, enabling organizations to
make informed decisions on whether to consent to the ransom demands or resist.
This algorithm Ransomware Risk Analysis and Decision Support (RADS) uses
Prospect Theory to re-instantiate the shifted reference manipulated as
perceived gains by attackers and adjusts for the framing effect created due to
time urgency. Additionally, leveraging application criticality and
incorporating Prospect Theory's insights into under/over weighing
probabilities, RADS facilitates informed decision-making that transcends the
simplistic framework of "consent" or "resistance," enabling organizations to
achieve optimal decisions.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
