When a ransomware attack occurs, the greatest obstacle law enforcement faces often isn’t the criminal, but the victim.
The greatest obstacle law enforcement faces often isn’t the criminal, but the victim
A ransomware attack is like a cyber hijacking, with criminals seizing an organization’s data or computer systems and demanding a payment to restore access. In their new Management Science study, business Professors Kay-Yut Chen and Jingguo Wang, along with doctoral candidate Yan Lang, explain that companies often find that it makes more sense to negotiate directly with their attackers to drive down the cost of the ransom. But such behavior incentivizes attackers to continue their illegal activities and runs counter to FBI guidance.
The study investigates in part how to nudge companies toward adopting strategies that decrease the risk of digital extortion.
“We must convince companies that just because the bad actors come down on the ransom, it doesn’t make it right to pay them—and you’ll probably continue to have problems,” Dr. Chen says.
