{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,3]],"date-time":"2026-07-03T06:44:43Z","timestamp":1783061083584,"version":"3.54.6"},"reference-count":44,"publisher":"Oxford University Press (OUP)","issue":"1","license":[{"start":{"date-parts":[[2019,8,27]],"date-time":"2019-08-27T00:00:00Z","timestamp":1566864000000},"content-version":"vor","delay-in-days":238,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100000266","name":"Engineering and Physical Sciences Research Council","doi-asserted-by":"publisher","award":["EP\/P011772\/1"],"award-info":[{"award-number":["EP\/P011772\/1"]}],"id":[{"id":"10.13039\/501100000266","id-type":"DOI","asserted-by":"publisher"}]},{"name":"European Union\u2019s Horizon 2020","award":["700326"],"award-info":[{"award-number":["700326"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019,1,1]]},"abstract":"<jats:title>Abstract<\/jats:title>\n               <jats:p>Ransomware is a type of malware that encrypts files and demands a ransom from victims. It can be viewed as a form of kidnapping in which the criminal takes control of the victim\u2019s files with the objective of financial gain. In this article, we review and develop the game theoretic literature on kidnapping in order to gain insight on ransomware. The prior literature on kidnapping has largely focused on political or terrorist hostage taking. We demonstrate, however, that key models within the literature can be adapted to give critical new insight on ransomware. We primarily focus on two models. The first gives insight on the optimal ransom that criminals should charge. The second gives insight on the role of deterrence through preventative measures. A key insight from both models will be the importance of spillover effects across victims. We will argue that such spillovers point to the need for some level of outside intervention, by governments or otherwise, to tackle ransomware.<\/jats:p>","DOI":"10.1093\/cybsec\/tyz009","type":"journal-article","created":{"date-parts":[[2019,9,10]],"date-time":"2019-09-10T18:25:09Z","timestamp":1568139909000},"source":"Crossref","is-referenced-by-count":51,"title":["To pay or not: game theoretic models of ransomware"],"prefix":"10.1093","volume":"5","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-0194-9368","authenticated-orcid":false,"given":"Edward","family":"Cartwright","sequence":"first","affiliation":[{"name":"Department of Strategic Management and Marketing, De Montfort University, Leicester, UK"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Julio","family":"Hernandez Castro","sequence":"additional","affiliation":[{"name":"School of Computing, University of Kent, Canterbury, Kent, UK"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Anna","family":"Cartwright","sequence":"additional","affiliation":[{"name":"School of Economics, Finance and Accounting, Coventry University, Coventry, UK"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"286","published-online":{"date-parts":[[2019,8,26]]},"reference":[{"key":"2019091012524837500_tyz009-B1","doi-asserted-by":"crossref","first-page":"8","DOI":"10.1016\/S1353-4858(16)30096-4","article-title":"Ransomware: taking businesses hostage","volume":"2016","author":"Mansfield-Devine","year":"2016","journal-title":"Netw Secur"},{"key":"2019091012524837500_tyz009-B2","doi-asserted-by":"crossref","first-page":"23","DOI":"10.1080\/23742917.2016.1252191","article-title":"Influences on ransomware\u2019s evolution and predictions for the future challenges","volume":"1","author":"Kalaimannan","year":"2017","journal-title":"J Cyber Secur Tech"},{"key":"2019091012524837500_tyz009-B3","year":"2016"},{"key":"2019091012524837500_tyz009-B4","volume-title":"Security and Privacy Proceedings IEEE Symposium","author":"Young","year":"1996"},{"key":"2019091012524837500_tyz009-B5","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"Kharraz","year":"2015"},{"key":"2019091012524837500_tyz009-B6","author":"Barlyn","year":"2017"},{"key":"2019091012524837500_tyz009-B7","doi-asserted-by":"crossref","first-page":"321","DOI":"10.1080\/10430719208404740","article-title":"Combating political hostage-taking: an alternative approach","volume":"3","author":"Shahin","year":"1992","journal-title":"Defence Peace Econ"},{"key":"2019091012524837500_tyz009-B8","doi-asserted-by":"crossref","first-page":"301","DOI":"10.1016\/j.ejpoleco.2003.12.007","article-title":"An economic perspective on transnational terrorism","volume":"20","author":"Sandler","year":"2004","journal-title":"Eur J Political Econ"},{"key":"2019091012524837500_tyz009-B9","doi-asserted-by":"crossref","first-page":"158","DOI":"10.1080\/10576100701812886","article-title":"Modeling hostage-taking: on reputation and strategic rationality of terrorists","volume":"31","author":"Nax","year":"2008","journal-title":"Stud Confl Terror"},{"key":"2019091012524837500_tyz009-B10","doi-asserted-by":"crossref","first-page":"77","DOI":"10.1007\/978-94-015-7774-8_4","volume-title":"Models of Strategic Rationality","author":"Selten","year":"1988"},{"key":"2019091012524837500_tyz009-B11","first-page":"16","article-title":"To bargain or not to bargain: that is the question","volume":"78","author":"Lapan","year":"1988","journal-title":"Am Econ Rev"},{"key":"2019091012524837500_tyz009-B12","doi-asserted-by":"crossref","first-page":"397","DOI":"10.1007\/978-3-319-68711-7_21","volume-title":"International Conference on Decision and Game Theory for Security","author":"Laszka","year":"2017"},{"key":"2019091012524837500_tyz009-B13","first-page":"69","volume-title":"International Conference on Applied Human Factors and Ergonomics","author":"Caporusso","year":"2018"},{"key":"2019091012524837500_tyz009-B14","doi-asserted-by":"crossref","first-page":"287","DOI":"10.1111\/j.1528-3585.2007.00290.x","article-title":"Applying analytical methods to study terrorism","volume":"8","author":"Sandler","year":"2007","journal-title":"Int Stud Perspect"},{"key":"2019091012524837500_tyz009-B15","doi-asserted-by":"crossref","first-page":"257","DOI":"10.1177\/0022343313491277","article-title":"The analytical study of terrorism: taking stock","volume":"51","author":"Sandler","year":"2014","journal-title":"J Peace Res"},{"key":"2019091012524837500_tyz009-B16","volume-title":"The Strategy of Conflict","author":"Schelling","year":"1980"},{"key":"2019091012524837500_tyz009-B17","volume-title":"Kidnapping for Ransom: The Growing Terrorist Financing Challenge","author":"Cohen","year":"2012"},{"key":"2019091012524837500_tyz009-B18","first-page":"299","article-title":"Refusing to negotiate: analyzing the legality and practicality of a piracy ransom ban","volume":"47","author":"Dutton","year":"2014","journal-title":"Cornell Int L J"},{"key":"2019091012524837500_tyz009-B19","first-page":"06660","article-title":"Economic analysis of ransomware","volume":"1703","author":"Hernandez-Castro","year":"2017","journal-title":"arXiv Preprint arXiv"},{"key":"2019091012524837500_tyz009-B20","volume-title":"Cybercrime-as-a-service: identifying control points to disrupt","author":"Huang","year":"2017"},{"key":"2019091012524837500_tyz009-B21","author":"August","year":"2017"},{"key":"2019091012524837500_tyz009-B22","author":"Jarvis"},{"key":"2019091012524837500_tyz009-B23","volume-title":"2016 Kent Cyber Security Survey","author":"Hernandez-Castro","year":"2016"},{"key":"2019091012524837500_tyz009-B24","volume-title":"Electronic Crime Research 2016 APWG Symposium","author":"Liao","year":"2016"},{"key":"2019091012524837500_tyz009-B25","first-page":"457","article-title":"Bitiodine: extracting intelligence from the bitcoin network","author":"Spagnuolo","year":"2014","journal-title":"International Conference on Financial Cryptography and Data Security."},{"key":"2019091012524837500_tyz009-B26","year":"2016"},{"key":"2019091012524837500_tyz009-B27","volume-title":"2018 IEEE Symposium on Security and Privacy","author":"Huang","year":"2018"},{"key":"2019091012524837500_tyz009-B28","author":"Paquet-Clouston","year":"2018"},{"key":"2019091012524837500_tyz009-B29","year":"2018"},{"key":"2019091012524837500_tyz009-B30","article-title":"The FBI says you may need to pay up if hackers infect your computer with ransomware","author":"Danielson","year":"2015","journal-title":"BusinessInsider"},{"key":"2019091012524837500_tyz009-B31","author":"Rashid","year":"2016"},{"key":"2019091012524837500_tyz009-B32","year":"2017"},{"key":"2019091012524837500_tyz009-B33","year":"2017"},{"key":"2019091012524837500_tyz009-B34","doi-asserted-by":"crossref","first-page":"171484","DOI":"10.1098\/rsos.171484","article-title":"Kidnapping model: an extension of Selten\u2019s game","volume":"4","author":"Iqbal","year":"2017","journal-title":"R Soc Open Sci"},{"key":"2019091012524837500_tyz009-B35","doi-asserted-by":"crossref","DOI":"10.1017\/CBO9780511607950","volume-title":"Bargaining Theory with Applications","author":"Muthoo","year":"1999"},{"key":"2019091012524837500_tyz009-B36","author":"Cusack","year":"2018"},{"key":"2019091012524837500_tyz009-B37","doi-asserted-by":"crossref","first-page":"41","DOI":"10.1016\/j.ejpoleco.2016.05.004","article-title":"Why concessions should not be made to terrorist kidnappers","volume":"44","author":"Brandt","year":"2016","journal-title":"Eur J Political Econ"},{"key":"2019091012524837500_tyz009-B38","author":"Baddeley","year":"2011"},{"key":"2019091012524837500_tyz009-B39","doi-asserted-by":"crossref","first-page":"597","DOI":"10.1016\/j.cose.2011.12.010","article-title":"Leveraging behavioral science to mitigate cyber security risk","volume":"31","author":"Pfleeger","year":"2012","journal-title":"Comp Secur"},{"key":"2019091012524837500_tyz009-B40","doi-asserted-by":"crossref","first-page":"235","DOI":"10.1177\/0022343312465424","article-title":"Democracy, civil liberties, and hostage-taking terrorism","volume":"50","author":"Lee","year":"2013","journal-title":"J Peace Res"},{"key":"2019091012524837500_tyz009-B41","doi-asserted-by":"crossref","first-page":"403","DOI":"10.1177\/0022002700044004001","article-title":"Toward a model of terrorist behavior in hostage-taking incidents","volume":"44","author":"Wilson","year":"2000","journal-title":"J Confl Resolut"},{"key":"2019091012524837500_tyz009-B42","doi-asserted-by":"crossref","first-page":"739","DOI":"10.1177\/0022343309339249","article-title":"Hostage taking: determinants of terrorist logistical and negotiation success","volume":"46","author":"Gaibulloev","year":"2009","journal-title":"J Peace Res"},{"key":"2019091012524837500_tyz009-B43","author":"Hadlington","year":"2017"},{"key":"2019091012524837500_tyz009-B44","doi-asserted-by":"crossref","first-page":"125","DOI":"10.1007\/s11127-012-0008-z","article-title":"Terrorist success in hostage-taking missions: 1978\u20132010","volume":"156","author":"Santifort","year":"2013","journal-title":"Public Choice"}],"container-title":["Journal of Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/academic.oup.com\/cybersecurity\/article-pdf\/5\/1\/tyz009\/29212816\/tyz009.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,9,23]],"date-time":"2019-09-23T01:38:51Z","timestamp":1569202731000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article\/doi\/10.1093\/cybsec\/tyz009\/5554879"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,1,1]]},"references-count":44,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2019,1,1]]}},"URL":"https:\/\/doi.org\/10.1093\/cybsec\/tyz009","relation":{},"ISSN":["2057-2085","2057-2093"],"issn-type":[{"value":"2057-2085","type":"print"},{"value":"2057-2093","type":"electronic"}],"subject":[],"published-other":{"date-parts":[[2019]]},"published":{"date-parts":[[2019,1,1]]},"article-number":"tyz009"}}