Ransomware is a growing threat to individuals and enterprises alike, constituting a major factor in cyber insurance and in the security planning of every organization. Although the game theoretic lens often frames the game as a competition between equals -- a profit maximizing attacker and a loss minimizing defender -- the reality of many situations is that ransomware organizations are not playing a non-cooperative game, they are playing a lottery. The wanton behavior of attackers creates a situation where many victims are hit more than once by ransomware operators, sometimes even by the same group. If defenders wish to combat malware, they must then seek to remove the incentives of it. In this work, we construct an expected value model based on data from actual ransomware attacks and identify three variables: the value of payments, the cost of an attack, and the probability of payment. Using this model, we consider the potential to manipulate these variables to reduce the profit motive associated with ransomware attack. Based on the model, we present mitigations to encourage an environment that is hostile to ransomware operators. In particular, we find that off-site backups and government incentives for their adoption are the most fruitful avenue for combating ransomware.

中文翻译：

---

赢得勒索软件彩票：减轻勒索软件攻击的博弈论模型

勒索软件对个人和企业的威胁越来越大，是网络保险和每个组织安全规划的主要因素。尽管从博弈论角度来看，游戏通常是平等之间的竞争——利润最大化的攻击者和损失最小的防御者——但许多情况的现实是，勒索软件组织不是在玩非合作游戏，而是在玩彩票. 攻击者的肆意行为造成了许多受害者被勒索软件运营商（有时甚至是同一团体）多次攻击的情况。如果防御者希望对抗恶意软件，他们必须设法消除恶意软件的诱因。在这项工作中，我们基于来自实际勒索软件攻击的数据构建了一个期望值模型，并确定了三个变量：支付的价值、攻击的成本，以及支付的可能性。使用此模型，我们考虑了操纵这些变量以减少与勒索软件攻击相关的利润动机的可能性。基于该模型，我们提出了缓解措施，以鼓励对勒索软件运营商不利的环境。特别是，我们发现异地备份和政府对其采用的激励措施是对抗勒索软件最有效的途径。