The Anatomy of Ransomware Attacks
A new class of malware known as ransomware has emerged and gained popular among cybercriminals over the last decade. Ransomware works by restricting an individual’s access to their computer (e.g., by encrypting their data), and then demanding payment to restore functionality. The first known case of a ransomware attack occurred almost 10 years ago. This attack has since been professionalized and is thought to now be highly profitable, with some estimates placing the damage at hundreds of millions of dollars per year. Despite the harm ransomware can inflict, relatively little is known about the prevalence, characteristics, and circumstances of such attacks. Which segments of the population are most at risk of a ransomware attack? How do users become infected with ransomware? How much ransom is typically demanded, and what proportion of users pay? The aim of this project is twofold: (1) to estimate the prevalence and characteristics of ransomware attacks; and (2) to identify online behaviors that place individuals at risk of experiencing such attacks. To meet these objectives, we will design a comprehensive survey on ransomware experiences and administer it to a representative sample of approximately 1,000 individuals. Through an existing collaboration with th e polling company YouGov, we will be able to pair survey responses with browsing history data for each participant. Aside from questions detailing the attack, the survey will also include questions about general security habits, the technology used (e.g., operating system, web browser, and plug-ins installed), and a test to estimate levels of web-savviness. We will use machine learning techniques to identify online behaviours that are predictive of ransomware attacks.