While the entire world has struggled with COVID-19 for more than a year, another virus has reached epidemic proportions—ransomware.
A ransomware attack is like a cyber hijacking, with criminals infiltrating and seizing an organization’s data or computer systems and demanding a payment or ransom to restore access. National data shows these ransomware attacks are spiking, with an organization attacked by ransomware every 40 seconds.
Professor Kay-Yut Chen and Associate Professor Jingguo Wang, both in the Department of Information Systems and Operations Management, and doctoral student Yan Lang have explored how ransomware attacks sometimes pit organizations against law enforcement agencies trying to protect them. The study explains that companies tend to negotiate with their attackers to drive down the cost of the ransom. But such behavior in turn incentivizes attackers to continue their illegal activities and runs counter to FBI guidance.
The researchers are investigating in part how to nudge companies toward adopting strategies that decrease the risk of digital extortion.
“We need to encourage firms to do the right thing in security investing,” says Dr. Wang. “Recognizing the long-term benefits of this approach could help other companies come to the right decision.”