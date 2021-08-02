UTA professors, and a Ph.D candidate completed their ransomware attacks research, coming up with solutions to the growing cybersecurity problem.
Ransomware is a cyberattack, said Kay-Yut Chen, information systems and operations management professor and one of the researchers. And the research tackles how victims should respond to these attacks.
The research concluded that ransomware victims should strengthen their computer systems and refuse to negotiate with the hackers, Chen said.
Ransomware caught the media’s attention recently, but these attacks have been a problem for a while, Chen said. The trio started the research about three years ago.
Ransomware has been one of the FBI’s top priorities for cybercriminal investigations, according to an FBI statement. In 2018, there was an attack that impacted victims in nearly every state and major healthcare companies.
On July 2 this year, Kaseya, a company that provides security and information technology management tools to businesses, learned of a security threat that was later discovered to be a ransomware attack.
On average, more than 4,000 attacks have occurred daily since January 2016, according to How to Protect Your Networks from Ransomware, a technical guide from the Department of Justice.
Information systems professor Jingguo Wang, the other researcher, said the goal of the research is to provide solutions on how organizations could cope with a ransomware attack.
“We want to nudge them, or facilitate or motivate the defenders to make more investment, and [make] less [payment] to the hackers,” Wang said.
Refusing hackers’ demands would be good for the rest of society in the long run because then they would have no incentive to attack, Chen said. But from a cost-benefit analysis, individual companies would lose money.
From a business point of view, it is a tempting proposition for companies to give in to hackers’ demands, and a lot of them do actually pay because of that, he said.
Yan Lang, Ph.D. candidate of operations management and one of the researchers, said they conducted online experiments through Amazon Mechanical Turk , a crowdsourcing marketplace to seek individuals to complete virtual tasks.
Participants roleplayed as hackers or defenders in the experiments. During those scenarios, defenders would decide whether to pay the ransom or invest money into security.
Throughout the experiments, the researchers intervened between the attacker and defender by encouraging the defender to either invest into security or refuse to pay the attacker. The results showed defenders responding less to said persuasions, Wang said.
When the defenders put more investment in security or refused to pay, the attackers lowered the ransom amount, Wang said. This is because the attacker’s motive is to secure money, so lowering the price makes the defender more likely to pay.
It's an interesting problem from an economic and business perspective, Chen said. They hope to make a contribution from their research, he said.
