Ransomware is a type of malicious software that locks out its victim from accessing functionality or data on their device, typically by encrypting files. To regain access, victims would typically need to make a ransom payment. Victims get notified that their device has been infected through a ransom note (splash screen) displayed on their device. Ransomware splash screens can be presented in many ways; the most common ones are via a text file or a graphical user interface (GUI). Splash screens may also include additional features, such as a countdown timer, as part of the ransomware operator’s ploy to encourage their victims to pay. The main aim of this study was to gain valuable insights into how ransomware splash screens might affect victims’ responses. Moreover, the study also investigated whether exposure to different splash screens would encourage participants to adopt good security behaviours. A controlled experiment was conducted by randomly assigning 538 participants into one of the three ransomware infection scenarios based on the splash screen type (Text-based, GUI or GUI $+$ Timer). After watching a demonstration of a ransomware scenario, each participant was asked to complete a survey regarding their post-infection behaviour and their cybersecurity habits. The study concluded that ransomware’s user interface elements do not have a notable effect on how victims would react, in terms of their willingness to pay or their reporting rates. Additionally, even though 60% of the participants would like to report a ransomware incident, they were not sure how to do this. This illustrates a lack of public awareness about cybercrime reporting. Lack of trust was the main reason why participants did not want to click on links offering cybersecurity advice after the exposure. This shows that more effective methods for encouraging cybersecurity behaviour are still needed.

勒索软件是一种恶意软件，通常通过加密文件来阻止受害者访问其设备上的功能或数据。为了重新获得访问权限，受害者通常需要支付赎金。受害者通过显示在其设备上的赎金记录（启动画面）收到通知，告知他们的设备已被感染。勒索软件启动画面可以通过多种方式呈现；最常见的是通过文本文件或图形用户界面 (GUI)。启动画面还可能包括其他功能，例如倒数计时器，作为勒索软件运营商鼓励受害者付款的策略的一部分。本研究的主要目的是深入了解勒索软件启动画面可能如何影响受害者的反应。而且，该研究还调查了接触不同的闪屏是否会鼓励参与者采取良好的安全行为。通过根据启动屏幕类型（基于文本、GUI 或 GUI$+$定时器）。在观看了勒索软件场景演示后，每位参与者都被要求完成一项关于他们感染后行为和网络安全习惯的调查。该研究得出的结论是，勒索软件的用户界面元素对受害者的反应（就他们的支付意愿或报告率而言）没有显着影响。此外，尽管 60% 的参与者想报告勒索软件事件，但他们不知道如何做到这一点。这说明公众对网络犯罪报告缺乏认识。缺乏信任是参与者在暴露后不想点击提供网络安全建议的链接的主要原因。这表明仍然需要更有效的方法来鼓励网络安全行为。