This project, funded by the EPSRC, focuses on the threat of ransomware. Ransomware is a form of malware that encrypts a victims files and then demands a ransom for the key to decrypt the files. This threat has become more prevalent over the last five or so years as cybercriminals realised they could easily and quickly cash-in by holding citizens, SMEs, banks and critical infrastructure organisations (such as utility companies, police and hospitals) to ransom. At the same time ransomware has experienced a significant evolution, with the threat becoming increasingly complex and powerful while at the same time incorporating psychological and sociological tricks to increase the likelihood of victims complying.

We aim to advance the knowledge and understanding of ransomware on a number of different but complementary dimensions. From the economic point of view, we are studying how ransomware works as a business operation, what are the critical parameters for its success, where are the weak points and how we can use them to evaluate their associated risks and threat levels. This will allow us to inform law enforcement on the means to fight against ransomware or at least limit its profitability for criminals.

Our approach recognises that ransomware is, for the most part, a financially motivated crime of extortion. Over time we would, therefore, expect the economic sophistication of the criminals to evolve as they learn, presumably from trial and error, which strategies maximize revenue from victims. Crucially, economic theory allows us to be ahead of the game in predicting the likely evolution of ransomware. It also give us tools to accurately measure the costs, both financial and social, from ransomware.

For more details on the project see