Taking Data Hostage: Exploring the Feasibility of Using Ransomware for Interstate Coercion
Abstract/Contents
- Abstract
- Ransomware, a type of malware that prevents targets from accessing their own data unless a ransom is paid, has become an irresistibly lucrative tool for cyber criminals. In recent years, high-profile ransomware attacks have successfully demanded hefty ransoms from organizations worldwide, with some attacks even targeting nationally critical infrastructure. Ransomware is highly effective for extracting money, but could this technology be used by other actors, such as states, to demand things other than money? This thesis seeks to answer whether and how ransomware can be used between states to directly coerce behavioral change. To answer this question, this thesis first presents a game-theoretical model of ransomware that offers a means of logically theorizing how ransomware against states might play out. The thesis then turns to case studies of two notable criminal ransomware incidents, examining them through the lens of theories of interstate coercion. This study finds that ransomware offers some upsides as a coercive weapon between states, including the ability to improve the attack's credibility. However, ransomware is still limited by the need to assure the target that compliance will allow them to recover their data. Although it is difficult to conclusively predict the future of ransomware based on available evidence, these limitations suggest that ransomware will be bounded to narrow use cases. Nonetheless, by examining this hypothetical cyber tactic, this thesis offers some precautionary insights and reinforces the importance of strengthening the cybersecurity of critical infrastructure.
Description
Type of resource | text |
---|---|
Date modified | December 5, 2022 |
Publication date | May 31, 2022; May 2022 |
Creators/Contributors
Author | Kato, Kai |
![]() |
---|---|---|
Thesis advisor | Lin, Herbert | |
Thesis advisor | Ullman, Jeffrey | |
Degree granting institution | Stanford University | |
Department | Center for International Security and Cooperation |
Subjects
Subject | ransomware |
---|---|
Subject | Coercion |
Subject | cyber warfare |
Subject | Computer security |
Subject | Game theory |
Subject | Malware (Computer software) |
Subject | Cyberinfrastructure |
Subject | Computer crimes |
Subject | International relations |
Genre | Text |
Genre | Thesis |
Bibliographic information
Access conditions
- Use and reproduction
- User agrees that, where applicable, content will not be used to identify or to otherwise infringe the privacy or confidentiality rights of individuals. Content distributed via the Stanford Digital Repository may be subject to additional license and use restrictions applied by the depositor.
- License
- This work is licensed under a Creative Commons Attribution 4.0 International license (CC BY).
Preferred citation
- Preferred citation
- Kato, K. (2022). Taking Data Hostage: Exploring the Feasibility of Using Ransomware for Interstate Coercion. Stanford Digital Repository. Available at https://purl.stanford.edu/vg673tr9428
Collection
Stanford University, Center for International Security and Cooperation, Interschool Honors Program in International Security Studies, Theses
View other items in this collection in SearchWorksContact information
- Contact
- kaiykato@stanford.edu
Also listed in
Loading usage metrics...