{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,14]],"date-time":"2026-04-14T21:41:34Z","timestamp":1776202894268,"version":"3.50.1"},"reference-count":51,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2026,8,1]],"date-time":"2026-08-01T00:00:00Z","timestamp":1785542400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2026,8,1]],"date-time":"2026-08-01T00:00:00Z","timestamp":1785542400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"},{"start":{"date-parts":[[2026,4,7]],"date-time":"2026-04-07T00:00:00Z","timestamp":1775520000000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Computers & Security"],"published-print":{"date-parts":[[2026,8]]},"DOI":"10.1016\/j.cose.2026.104922","type":"journal-article","created":{"date-parts":[[2026,4,8]],"date-time":"2026-04-08T23:11:27Z","timestamp":1775689887000},"page":"104922","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":0,"special_numbering":"C","title":["Bending the curve: Operational cyber epidemiology for ransomware"],"prefix":"10.1016","volume":"167","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-4591-3802","authenticated-orcid":false,"given":"Stephen V","family":"Flowerday","sequence":"first","affiliation":[]},{"given":"Nikolay","family":"Lipskiy","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0984-7542","authenticated-orcid":false,"given":"Steven","family":"Furnell","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4172-3910","authenticated-orcid":false,"given":"Callum E","family":"Flowerday","sequence":"additional","affiliation":[]},{"given":"John","family":"Hale","sequence":"additional","affiliation":[]}],"member":"78","reference":[{"issue":"3","key":"10.1016\/j.cose.2026.104922_bib0001","doi-asserted-by":"crossref","first-page":"151","DOI":"10.3961\/jpmph.20.076","article-title":"Estimate of the basic reproduction number for COVID-19: A systematic review and meta-analysis","volume":"53","author":"Alimohamadi","year":"2020","journal-title":"J. Prevent. Med. Public Health"},{"key":"10.1016\/j.cose.2026.104922_bib0002","series-title":"Infectious Diseases of Humans: Dynamics and Control","author":"Anderson","year":"1991"},{"issue":"11","key":"10.1016\/j.cose.2026.104922_bib0003","doi-asserted-by":"crossref","first-page":"1274","DOI":"10.1049\/cmu2.12622","article-title":"An epidemic model for the investigation of multi-malware attack in wireless sensor network","volume":"17","author":"Awasthi","year":"2023","journal-title":"IET Commun."},{"key":"10.1016\/j.cose.2026.104922_bib0004","series-title":"Disaster Category Classification and Peril Terminology for Operational Purposes","author":"Below","year":"2009"},{"key":"10.1016\/j.cose.2026.104922_bib0005","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2023.103295","article-title":"Data flooding against ransomware: concepts and implementations","volume":"131","author":"Berardi","year":"2023","journal-title":"Comput. Secur."},{"key":"10.1016\/j.cose.2026.104922_bib0006","series-title":"Threat Advisory: SolarWinds Supply Chain Attack","author":"Biasini","year":"2020"},{"key":"10.1016\/j.cose.2026.104922_bib0007","doi-asserted-by":"crossref","first-page":"4616","DOI":"10.1038\/s41598-024-55240-0","article-title":"Mathematical modeling of cholera dynamics with intrinsic growth considering constant interventions","volume":"14","author":"Brhane","year":"2024","journal-title":"Sci. Rep."},{"key":"10.1016\/j.cose.2026.104922_bib0008","unstructured":"Caesars Entertainment, Inc. (2023, September 14). Form 8-K. https:\/\/investor.caesars.com\/static-files\/0bc13ee5-34a9-402e-8e7a-824b9dba4e57."},{"key":"10.1016\/j.cose.2026.104922_bib0009","unstructured":"Canadian Centre for Cyber Security. (2020, December 30). Alert: recommendations for SolarWinds supply-chain compromise - update 1 (AL20\u2013031 Update 1). https:\/\/www.cyber.gc.ca\/en\/alerts-advisories\/recommendations-solarwinds-supply-chain-compromise."},{"key":"10.1016\/j.cose.2026.104922_bib0010","series-title":"Public Health Emergency Preparedness and Response Capabilities: National Standards for State, Local, Tribal, and Territorial Public Health","year":"2018"},{"key":"10.1016\/j.cose.2026.104922_bib0011","series-title":"Technical Explainer: Infectious Disease Transmission Models","year":"2025"},{"key":"10.1016\/j.cose.2026.104922_bib0012","doi-asserted-by":"crossref","first-page":"52","DOI":"10.1007\/s41109-023-00578-z","article-title":"Modeling self-propagating malware with epidemiological models","volume":"8","author":"Chernikova","year":"2023","journal-title":"Appl. Netw. Sci."},{"key":"10.1016\/j.cose.2026.104922_bib0013","unstructured":"Cloudflare. (n.d.-a). What are Petya and NotPetya? Cloudflare Learning Center. Retrieved March 4, 2026, from https:\/\/www.cloudflare.com\/learning\/security\/ransomware\/petya-notpetya-ransomware\/."},{"key":"10.1016\/j.cose.2026.104922_bib0014","unstructured":"Cloudflare. (n.d.-b). What was the WannaCry Ransomware Attack? Cloudflare Learning Center. Retrieved March 4, 2026, from https:\/\/www.cloudflare.com\/learning\/security\/ransomware\/wannacry-ransomware\/."},{"issue":"13","key":"10.1016\/j.cose.2026.104922_bib0015","doi-asserted-by":"crossref","first-page":"315","DOI":"10.1098\/rsif.2006.0185","article-title":"Utility of R0 as a predictor of disease invasion in structured populations","volume":"4","author":"Cross","year":"2007","journal-title":"J. R. Soc. Interface"},{"key":"10.1016\/j.cose.2026.104922_bib0017","unstructured":"Cyentia Institute. (2024). Information risk insights study: ransomware. https:\/\/www.cyentia.com\/wp-content\/uploads\/2024\/08\/IRIS_Ransomware.pdf."},{"issue":"4","key":"10.1016\/j.cose.2026.104922_bib0018","doi-asserted-by":"crossref","first-page":"365","DOI":"10.1007\/BF00178324","article-title":"On the definition and the computation of the basic reproduction ratio R0 in models for infectious diseases in heterogeneous populations","volume":"28","author":"Diekmann","year":"1990","journal-title":"J. Math. Biol."},{"key":"10.1016\/j.cose.2026.104922_bib0019","series-title":"TeleBots are Back: Supply Chain Attacks against Ukraine","year":"2017"},{"key":"10.1016\/j.cose.2026.104922_bib0020","unstructured":"FireEye. (2020, December 13). Highly evasive attacker leverages SolarWinds supply chain to compromise multiple global victims with SUNBURST backdoor. Google Cloud Blog. https:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor."},{"key":"10.1016\/j.cose.2026.104922_bib0021","series-title":"Proceedings of the Americas Conference on Information Systems (AMCIS 2024) (Paper 28)","article-title":"Epidemiology triad analysis guiding malware control expenditure","author":"Flowerday","year":"2024"},{"key":"10.1016\/j.cose.2026.104922_bib0022","doi-asserted-by":"crossref","DOI":"10.1038\/s41746-019-0161-6","article-title":"A retrospective impact analysis of the WannaCry cyberattack on the NHS","volume":"2","author":"Ghafur","year":"2019","journal-title":"NPJ. Digit. Med."},{"key":"10.1016\/j.cose.2026.104922_bib0023","doi-asserted-by":"crossref","DOI":"10.1038\/srep05659","article-title":"A genetic epidemiology approach to cyber-security","volume":"4","author":"Gil","year":"2014","journal-title":"Sci. Rep."},{"key":"10.1016\/j.cose.2026.104922_bib0024","unstructured":"Greenberg, A. (2018, August 22). The untold story of NotPetya, the most devastating cyberattack in history. WIRED. https:\/\/www.wired.com\/story\/notpetya-cyberattack-ukraine-russia-code-crashed-the-world\/."},{"issue":"12","key":"10.1016\/j.cose.2026.104922_bib0025","doi-asserted-by":"crossref","first-page":"e420","DOI":"10.1016\/S1473-3099(17)30307-9","article-title":"The basic reproduction number (R0) of measles: A systematic review","volume":"17","author":"Guerra","year":"2017","journal-title":"Lancet Infect. Dis."},{"key":"10.1016\/j.cose.2026.104922_bib0026","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2024.103703","article-title":"XRan: explainable deep learning-based ransomware detection using dynamic analysis","volume":"139","author":"Gulmez","year":"2024","journal-title":"Comput. Secur."},{"key":"10.1016\/j.cose.2026.104922_bib0027","series-title":"Ransomware: a Public Health Crisis [White paper]","year":"2025"},{"issue":"4","key":"10.1016\/j.cose.2026.104922_bib0028","doi-asserted-by":"crossref","first-page":"599","DOI":"10.1137\/S0036144500371907","article-title":"The mathematics of infectious diseases","volume":"42","author":"Hethcote","year":"2000","journal-title":"SIAM Review"},{"key":"10.1016\/j.cose.2026.104922_bib0029","series-title":"How to Accidentally Stop a Global Cyber Attacks","author":"Hutchins","year":"2017"},{"key":"10.1016\/j.cose.2026.104922_bib0030","unstructured":"Integrated Research on Disaster Risk. (2014). Peril classification and hazard glossary (IRDR DATA Publication No. 1). https:\/\/council.science\/wp-content\/uploads\/2019\/12\/Peril-Classification-and-Hazard-Glossary-1.pdf."},{"key":"10.1016\/j.cose.2026.104922_bib0031","unstructured":"International Organization for Standardization. (2023). Health informatics: interoperability of public health emergency preparedness and response information systems (ISO Standard No. 5477:2023). https:\/\/www.iso.org\/standard\/81303.html."},{"key":"10.1016\/j.cose.2026.104922_bib0032","series-title":"Caesars Entertainment Says Social Engineering Attack Behind August Breach","author":"Jones","year":"2023"},{"key":"10.1016\/j.cose.2026.104922_bib0033","series-title":"Global Cybersecurity Outlook 2025: Insight Report","author":"Joshi","year":"2025"},{"key":"10.1016\/j.cose.2026.104922_bib0034","series-title":"APT trends report Q2 2017","year":"2017"},{"issue":"4","key":"10.1016\/j.cose.2026.104922_bib0035","doi-asserted-by":"crossref","first-page":"295","DOI":"10.1098\/rsif.2005.0051","article-title":"Networks and epidemic models","volume":"2","author":"Keeling","year":"2005","journal-title":"J. R. Soc. Interface"},{"key":"10.1016\/j.cose.2026.104922_bib0036","series-title":"Modeling Infectious Diseases in Humans and Animals","author":"Keeling","year":"2008"},{"key":"10.1016\/j.cose.2026.104922_bib0037","series-title":"Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy","first-page":"343","article-title":"Directed-graph epidemiological models of computer viruses","author":"Kephart","year":"1991"},{"key":"10.1016\/j.cose.2026.104922_bib0038","series-title":"Proceedings of the 1993 IEEE Computer Society Symposium on Research in Security and Privacy","first-page":"2","article-title":"Measuring and modeling computer virus prevalence","author":"Kephart","year":"1993"},{"issue":"772","key":"10.1016\/j.cose.2026.104922_bib0039","first-page":"700","article-title":"A contribution to the mathematical theory of epidemics","volume":"115","author":"Kermack","year":"1927","journal-title":"Proc. R. Soc. A"},{"key":"10.1016\/j.cose.2026.104922_bib0040","series-title":"Cyberattack Cost Maersk as much as $300 Million and Shut Down Port Operations","author":"Leovy","year":"2017"},{"issue":"2","key":"10.1016\/j.cose.2026.104922_bib0041","doi-asserted-by":"crossref","DOI":"10.1093\/jtm\/taaa021","article-title":"The reproductive number of COVID-19 is higher compared to SARS coronavirus","volume":"27","author":"Liu","year":"2020","journal-title":"J. Travel. Med."},{"issue":"19","key":"10.1016\/j.cose.2026.104922_bib0043","doi-asserted-by":"crossref","first-page":"430","DOI":"10.15585\/mmwr.mm7319a2","article-title":"Real-time use of a dynamic model to measure the impact of public health interventions on measles outbreak size and duration\u2014Chicago, Illinois, 2024","volume":"73","author":"Masters","year":"2024","journal-title":"Morbid. Mortal. Weekly Rep."},{"key":"10.1016\/j.cose.2026.104922_bib0045","series-title":"Microsoft Security Bulletin MS17-010: Critical","year":"2017"},{"key":"10.1016\/j.cose.2026.104922_bib57","unstructured":"MITRE. (2025). MITRE ATT&CK\u00ae. The MITRE Corporation. [Knowledge base] https:\/\/attack.mitre.org\/."},{"issue":"168","key":"10.1016\/j.cose.2026.104922_bib0046","doi-asserted-by":"crossref","DOI":"10.1098\/rsif.2020.0144","article-title":"Reconciling early-outbreak estimates of the basic reproductive number and its uncertainty: framework and applications to the novel coronavirus (SARS-CoV-2) outbreak","volume":"17","author":"Park","year":"2020","journal-title":"J. R. Soc. Interface"},{"issue":"14","key":"10.1016\/j.cose.2026.104922_bib0047","doi-asserted-by":"crossref","first-page":"3200","DOI":"10.1103\/PhysRevLett.86.3200","article-title":"Epidemic spreading in scale-free networks","volume":"86","author":"Pastor-Satorras","year":"2001","journal-title":"Phys. Rev. Lett."},{"key":"10.1016\/j.cose.2026.104922_bib0050","series-title":"Lessons Learned Review of the WannaCry Ransomware Cyber Attack","author":"Smart","year":"2018"},{"key":"10.1016\/j.cose.2026.104922_bib0051","unstructured":"Sophos. (2025). The state of ransomware in healthcare 2025 [Report]. https:\/\/www.sophos.com\/en-us\/whitepaper\/state-of-ransomware-in-healthcare."},{"key":"10.1016\/j.cose.2026.104922_bib0052","series-title":"Petya Ransomware Outbreak: Here\u2019s What you Need to Know","year":"2017"},{"key":"10.1016\/j.cose.2026.104922_bib0054","doi-asserted-by":"crossref","unstructured":"United Nations Office for Disaster Risk Reduction, & International Science Council. (2025). Hazard definition and classification review: technical report (2025). https:\/\/doi.org\/10.24948\/2025.05.","DOI":"10.24948\/2025.05"},{"issue":"1\u20132","key":"10.1016\/j.cose.2026.104922_bib0055","doi-asserted-by":"crossref","first-page":"29","DOI":"10.1016\/S0025-5564(02)00108-6","article-title":"Reproduction numbers and sub-threshold endemic equilibria for compartmental models of disease transmission","volume":"180","author":"van den Driessche","year":"2002","journal-title":"Math. Biosci."},{"key":"10.1016\/j.cose.2026.104922_bib0056","doi-asserted-by":"crossref","DOI":"10.3389\/fphy.2023.1198410","article-title":"Dynamical behaviors of an epidemic model for malware propagation in wireless sensor networks","volume":"11","author":"Zhou","year":"2023","journal-title":"Front. Phys."}],"container-title":["Computers & Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0167404826000982?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0167404826000982?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2026,4,14]],"date-time":"2026-04-14T20:41:50Z","timestamp":1776199310000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0167404826000982"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,8]]},"references-count":51,"alternative-id":["S0167404826000982"],"URL":"https:\/\/doi.org\/10.1016\/j.cose.2026.104922","relation":{},"ISSN":["0167-4048"],"issn-type":[{"value":"0167-4048","type":"print"}],"subject":[],"published":{"date-parts":[[2026,8]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"Bending the curve: Operational cyber epidemiology for ransomware","name":"articletitle","label":"Article Title"},{"value":"Computers & Security","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.cose.2026.104922","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2026 The Author(s). Published by Elsevier Ltd.","name":"copyright","label":"Copyright"}],"article-number":"104922"}}