Taking Data Hostage: Exploring the Feasibility of Using Ransomware for Interstate Coercion

Kato, Kai

doi:10.25740/vg673tr9428

Taking Data Hostage: Exploring the Feasibility of Using Ransomware for Interstate Coercion

<a href="https://embed.stanford.edu/iframe/?url=https%3A%2F%2Fpurl.stanford.edu%2Fvg673tr9428" class="su-underline">Show Content</a>

Abstract/Contents

Abstract: Ransomware, a type of malware that prevents targets from accessing their own data unless a ransom is paid, has become an irresistibly lucrative tool for cyber criminals. In recent years, high-profile ransomware attacks have successfully demanded hefty ransoms from organizations worldwide, with some attacks even targeting nationally critical infrastructure. Ransomware is highly effective for extracting money, but could this technology be used by other actors, such as states, to demand things other than money? This thesis seeks to answer whether and how ransomware can be used between states to directly coerce behavioral change. To answer this question, this thesis first presents a game-theoretical model of ransomware that offers a means of logically theorizing how ransomware against states might play out. The thesis then turns to case studies of two notable criminal ransomware incidents, examining them through the lens of theories of interstate coercion. This study finds that ransomware offers some upsides as a coercive weapon between states, including the ability to improve the attack's credibility. However, ransomware is still limited by the need to assure the target that compliance will allow them to recover their data. Although it is difficult to conclusively predict the future of ransomware based on available evidence, these limitations suggest that ransomware will be bounded to narrow use cases. Nonetheless, by examining this hypothetical cyber tactic, this thesis offers some precautionary insights and reinforces the importance of strengthening the cybersecurity of critical infrastructure.

Description

Type of resource	text
Date modified	December 5, 2022
Publication date	May 31, 2022; May 2022

Creators/Contributors

Author	Kato, Kai	https://orcid.org/0000-0002-3989-7084 (unverified)
Thesis advisor	Lin, Herbert
Thesis advisor	Ullman, Jeffrey
Degree granting institution	Stanford University
Department	Center for International Security and Cooperation

Subjects

Subject	ransomware
Subject	Coercion
Subject	cyber warfare
Subject	Computer security
Subject	Game theory
Subject	Malware (Computer software)
Subject	Cyberinfrastructure
Subject	Computer crimes
Subject	International relations
Genre	Text
Genre	Thesis

Bibliographic information

DOI	https://doi.org/10.25740/vg673tr9428
Location	https://purl.stanford.edu/vg673tr9428

Access conditions

Use and reproduction: User agrees that, where applicable, content will not be used to identify or to otherwise infringe the privacy or confidentiality rights of individuals. Content distributed via the Stanford Digital Repository may be subject to additional license and use restrictions applied by the depositor.
License: This work is licensed under a Creative Commons Attribution 4.0 International license (CC BY).

Preferred citation

Preferred citation: Kato, K. (2022). Taking Data Hostage: Exploring the Feasibility of Using Ransomware for Interstate Coercion. Stanford Digital Repository. Available at https://purl.stanford.edu/vg673tr9428

Collection

Stanford University, Center for International Security and Cooperation, Interschool Honors Program in International Security Studies, Theses

View other items in this collection in SearchWorks

Contact information

Contact: kaiykato@stanford.edu

Also listed in

View in SearchWorks

Loading usage metrics...