Courtesy Duy Dao
Ransomware spreads among unprotected populations but product pricing may help prevent proliferation
In the time that it takes to read this paragraph, there will be a ransomware attack upon a business somewhere. Ransomware can be any type of virus that infects a computer system and holds it hostage, preventing access to the system, files or data until the user pays a ransom to restore access. Ransomware is now the most common malware partially due to the increase in usage of cryptocurrency for payments.
In 2016 there was one ransomware attack every 40 seconds. In 2019 that rate was one attack every 14 seconds. Motivations behind attacks vary widely including curiosity, financial gain and cyberwarfare. The ransomware attacks, WannaCry and NotPetya, have been attributed to Russia and North Korea. With political instability, we can anticipate these attacks to threaten at even more frequency. In 2020, the overall damage from ransomware for businesses, including downtime, payments and remediation, was estimated to be over $74 billion.
This startling landscape is noted by Dr. Duy Dao, PhD, assistant professor in Business Technology Management at the Haskayne School of Business and his co-authors Dr. Terrence August, PhD and Dr. Marius Florin Niculescu, PhD in Economics of Ransomware: Risk Interdependence and Large-Scale Attacks. They explore the relationship between ransom amount and risk and how these factors influence decision making for both vendors and consumers.
Ransomware has increased the risk landscape
Many cyber-attacks happen through vulnerable software. Software companies are constantly watching the landscape and improving – often offering patches to fix these vulnerabilities. Although effective, sometimes these patches are inconvenient as they may hinder compatibility with other software or slow down systems. Individuals and businesses have a strong incentive to protect themselves with traditional malware. Ransomware adds a different dimension to the decision process as there is the option to pay a financial penalty, the ransom, to retrieve your data and restore your work environment.
“Similar to infectious diseases like COVID-19, malware spreads primarily through unprotected populations,” says Dao. “Continuing with this analogy, a software patch acts much like a vaccine for the community using the software. It helps prevent infection. Being aware of phishing strategies helps to reduce risk much like masking, limiting exposure to possible dangerous viruses.”
With ransomware, there becomes three groups of consumers: those that implement security measures like patching vulnerable software, and two classes that do not take such measures - those that can afford to pay the ransom and those that cannot. These groups are linked because all unpatched hosts have the potential to continue the spread of ransomware. As the number of users in each of these groups increase or decrease, it impacts the risk faced by the other groups.
Software pricing can influence cybersecurity risk
Software pricing is complex and reaches beyond recouping costs and making a profit. The pricing strategy a firm makes can influence the cybersecurity landscape that the software will operate in. Dao and his co-authors model this relationship to help inform vendors how they can strike a balance between gaining consumers and mitigating the risk environment.
“The vendor already has in mind the risk environment. They are thinking about where I should price the software at. They also have a sense of what people will do once they release the software,” says Dao. “They know that some people aren't going to patch if a patch is released. The ones who really have a lot to lose, they will be the ones to patch right away. They also know that there are people who really don't care and that they'll likely remain unpatched.”
In a mid-range risk environment vendors may increase software pricing. The expected result will be for lower-valuation consumers to not purchase software, leaving a landscape where the remaining purchasers are either motivated to patch or able to pay ransom.
Protecting beyond patching
Ransomware is not only spread by software vulnerabilities. Attacks can also be caused by consumers opening attachments containing malware or clicking on links that invite in viruses.
Beyond the strategies vendors put in place, the big impacts of ransomware can be avoided with some simple prevention by consumers:
- Stay up to date – Install software updates in a timely fashion to receive the patches for vulnerabilities.
- Be aware of phishing strategies – Watch for emails that are trying to lure a person into opening an attachment or a link.
- Report phishing – If you suspect an e-mail is deceitful, report it. Know the ways to report to email services or IT providers. This step can help prevent others from being lured.
- Be cautious when clicking – Only open links that you are expecting from trusted sources. Be wary of opening links in banner ads or ads in social media. Search for the vendor site directly.