{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,26]],"date-time":"2025-11-26T16:42:37Z","timestamp":1764175357178,"version":"3.41.0"},"reference-count":79,"publisher":"Association for Computing Machinery (ACM)","issue":"4","license":[{"start":{"date-parts":[[2023,10,20]],"date-time":"2023-10-20T00:00:00Z","timestamp":1697760000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0\/"}],"funder":[{"name":"AXIS Insurance Company"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Digital Threats"],"published-print":{"date-parts":[[2023,12,31]]},"abstract":"<jats:p>The accelerated pace with which companies, governments, and institutions embrace digital transformation is creating opportunities for economic prosperity, but also increases the threat landscape. Recent orchestrated cyber-attacks have revealed the unpredictability of the harm they can cause in our society, rendering the creation of new models that capture systemic risk more critical than ever. In this article, we model the behaviour of one of the most prominent cyber-attacks: ransomware; in particular, ransomware that propagates between organisations via the Internet. We draw concepts from epidemiological models of viral propagation to reason about policies that can reduce the systemic cyber-risk to the community. To achieve this, we present a compartment-based epidemiological model of predator-prey interactions and run simulations to validate the importance of defensive controls that reduce the propagation of ransomware. Our model suggests that with specific defensive controls in place, other response policies may also become more effective. A prey policy to not pay the ransom may improve the ability of the victim population to recover; while information-sharing may reduce the number of organisations compromised if certain conditions on the speed of threat-intelligence sharing practices are met. These results indicate the validity of the approach, which we believe could be extended to explore the impacts of a broad range of attacker and defender behaviours and characteristics of the digital environment on systemic risk.<\/jats:p>","DOI":"10.1145\/3579648","type":"journal-article","created":{"date-parts":[[2023,1,18]],"date-time":"2023-01-18T11:27:06Z","timestamp":1674041226000},"page":"1-38","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":5,"title":["Ransomware as a Predator: Modelling the Systemic Risk to Prey"],"prefix":"10.1145","volume":"4","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-5979-7630","authenticated-orcid":false,"given":"Louise","family":"Axon","sequence":"first","affiliation":[{"name":"Department of Computer Science, University of Oxford, UK"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3049-4430","authenticated-orcid":false,"given":"Arnau","family":"Erola","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of Oxford, UK"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3747-339X","authenticated-orcid":false,"given":"Ioannis","family":"Agrafiotis","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of Oxford, UK"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0392-8413","authenticated-orcid":false,"given":"Ganbayar","family":"Uuganbayar","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of Oxford, UK"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7808-0600","authenticated-orcid":false,"given":"Michael","family":"Goldsmith","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of Oxford, UK"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2414-9657","authenticated-orcid":false,"given":"Sadie","family":"Creese","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of Oxford, UK"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2023,10,20]]},"reference":[{"volume-title":"Midyear Security Roundup: The Cost of Compromise - Security Roundup","year":"2017","key":"e_1_3_2_2_2","unstructured":"2017. Midyear Security Roundup: The Cost of Compromise - Security Roundup. Technical Report. Trendmicro. Retrieved from https:\/\/www.trendmicro.com\/vinfo\/us\/security\/research-and-analysis\/threat-reports\/roundup\/the-cost-of-compromise."},{"volume-title":"2020 Cyberthreat Defense Report","year":"2020","key":"e_1_3_2_3_2","unstructured":"2020. 2020 Cyberthreat Defense Report. Technical Report. Cyber Edge Group."},{"volume-title":"The 2020 Ransomware Resiliency Report","year":"2020","key":"e_1_3_2_4_2","unstructured":"2020. The 2020 Ransomware Resiliency Report. Technical Report. Veritas."},{"volume-title":"Dealing with the SolarWinds Orion Compromise","year":"2020","key":"e_1_3_2_5_2","unstructured":"2020. Dealing with the SolarWinds Orion Compromise. Technical Report. National Cyber Security Centre (NCSC)."},{"volume-title":"Mitigating Malware and Ransomware Attacks","year":"2020","key":"e_1_3_2_6_2","unstructured":"2020. Mitigating Malware and Ransomware Attacks. Technical Report. National Cyber Security Centre (NCSC)."},{"volume-title":"Threat Landscape 2020\u2014Ransomware","year":"2020","key":"e_1_3_2_7_2","unstructured":"2020. Threat Landscape 2020\u2014Ransomware. Technical Report. European Union Agency for Cybersecurity (ENISA)."},{"volume-title":"H-ISAC Membership","year":"2021","key":"e_1_3_2_8_2","unstructured":"2021. H-ISAC Membership. Technical Report. H-ISAC. https:\/\/h-isac.org\/membership-account\/join-h-isac\/."},{"volume-title":"No More Ransom Project","year":"2021","key":"e_1_3_2_9_2","unstructured":"2021. No More Ransom Project. Retrieved from https:\/\/www.nomoreransom.org\/en\/index.html."},{"volume-title":"The State of Ransomware 2021","year":"2021","key":"e_1_3_2_10_2","unstructured":"2021. The State of Ransomware 2021. Technical Report. Sophos."},{"volume-title":"The State of Ransomware 2022","year":"2022","key":"e_1_3_2_11_2","unstructured":"2022. The State of Ransomware 2022. Technical Report. Sophos."},{"volume-title":"Systemic Cybersecurity Risk and Role of the Global Community: Managing the Unmanageable","year":"2022","key":"e_1_3_2_12_2","unstructured":"2022. Systemic Cybersecurity Risk and Role of the Global Community: Managing the Unmanageable. Technical Report. World Economic Forum."},{"key":"e_1_3_2_13_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2018.01.001"},{"key":"e_1_3_2_14_2","volume-title":"WannaCry Malware Profile","author":"Homan Randi Eitzman, Alex Berry, and Josh","year":"2017","unstructured":"Randi Eitzman, Alex Berry, and Josh Homan. 2017. WannaCry Malware Profile. Retrieved from https:\/\/www.mandiant.com\/resources\/wannacry-malware-profile."},{"key":"e_1_3_2_15_2","first-page":"1","volume-title":"APWG Symposium on Electronic Crime Research (eCrime\u201918)","author":"Bajpai Pranshu","year":"2018","unstructured":"Pranshu Bajpai, Aditya K. Sood, and Richard Enbody. 2018. A key-management-based taxonomy for ransomware. In APWG Symposium on Electronic Crime Research (eCrime\u201918). IEEE, 1\u201312."},{"key":"e_1_3_2_16_2","volume-title":"WannaCryptor Ransomware Strikes NHS Hospitals, Telefonica, and Others","author":"Bisson David","year":"2017","unstructured":"David Bisson. 2017. WannaCryptor Ransomware Strikes NHS Hospitals, Telefonica, and Others. Retrieved from https:\/\/www.tripwire.com\/state-of-security\/latest-security-news\/wannacryptor-ransomware-strikes-nhs-hospitals-telefonica-and-others\/."},{"key":"e_1_3_2_17_2","first-page":"1","volume-title":"SecureComm and Workshops","author":"Bose Abhijit","year":"2006","unstructured":"Abhijit Bose and Kang G. Shin. 2006. On mobile viruses exploiting messaging and Bluetooth services. In SecureComm and Workshops. IEEE, 1\u201310."},{"key":"e_1_3_2_18_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4614-1686-9"},{"issue":"9","key":"e_1_3_2_19_2","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1016\/S1353-4858(16)30086-1","article-title":"Ransomware attacks: Detection, prevention and cure","volume":"2016","author":"Brewer Ross","year":"2016","unstructured":"Ross Brewer. 2016. Ransomware attacks: Detection, prevention and cure. Netw. Secur. 2016, 9 (2016), 5\u20139.","journal-title":"Netw. Secur."},{"key":"e_1_3_2_20_2","unstructured":"Elisa Canzani. 2016. Modeling dynamics of disruptive events for impact analysis in networked critical infrastructures. ISCRAM Conference (2016)."},{"key":"e_1_3_2_21_2","volume-title":"Dynamic Interdependency Models for Cybersecurity of Critical Infrastructures","author":"Canzani Elisa","year":"2017","unstructured":"Elisa Canzani. 2017. Dynamic Interdependency Models for Cybersecurity of Critical Infrastructures. Ph.D. Dissertation. Munich University. Retrieved from https:\/\/athene-forschung.unibw.de\/doc\/122159\/122159.pdf."},{"key":"e_1_3_2_22_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-41932-9_31"},{"issue":"1","key":"e_1_3_2_23_2","doi-asserted-by":"crossref","first-page":"tyz009","DOI":"10.1093\/cybsec\/tyz009","article-title":"To pay or not: Game theoretic models of ransomware","volume":"5","author":"Cartwright Edward","year":"2019","unstructured":"Edward Cartwright, Julio Hernandez Castro, and Anna Cartwright. 2019. To pay or not: Game theoretic models of ransomware. J. Cybersecur. 5, 1 (2019), tyz009.","journal-title":"J. Cybersecur."},{"volume-title":"Ransomware Recovery: How to Recover from Ransomware","year":"2022","key":"e_1_3_2_24_2","unstructured":"Checkpoint. 2022. Ransomware Recovery: How to Recover from Ransomware. Retrieved from https:\/\/www.checkpoint.com\/cyber-hub\/threat-prevention\/ransomware\/ransomware-recovery-how-to-recover-from-ransomware\/."},{"issue":"1","key":"e_1_3_2_25_2","doi-asserted-by":"crossref","first-page":"389","DOI":"10.1080\/21642583.2019.1688201","article-title":"A delayed computer virus model with nonlinear incidence rate","volume":"7","author":"Chu Yugui","year":"2019","unstructured":"Yugui Chu, Wanjun Xia, and Zecheng Wang. 2019. A delayed computer virus model with nonlinear incidence rate. Syst. Sci. Contr. Eng. 7, 1 (2019), 389\u2013406.","journal-title":"Syst. Sci. Contr. Eng."},{"key":"e_1_3_2_26_2","doi-asserted-by":"publisher","DOI":"10.1145\/1595676.1595692"},{"key":"e_1_3_2_27_2","volume-title":"Future Series: Cybersecurity, Emerging Technology and Systemic Risk","author":"Creese Sadie","year":"2020","unstructured":"Sadie Creese, Jamie Saunders, Louise Axon, and William Dixon. 2020. Future Series: Cybersecurity, Emerging Technology and Systemic Risk. Technical Report. World Economic Forum."},{"volume-title":"Ransomware Guide","year":"2020","key":"e_1_3_2_28_2","unstructured":"Cybersecurity, Multi-state Information Sharing Infrastructure Security Agency, and Analysis Center. 2020. Ransomware Guide. Technical Report. Retrieved from https:\/\/www.cisa.gov\/sites\/default\/files\/publications\/CISA_MS-ISAC_Ransomware%20Guide_S508C_.pdf."},{"key":"e_1_3_2_29_2","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-019-00338-7"},{"key":"e_1_3_2_30_2","first-page":"434","volume-title":"14th International Bhurban Conference on Applied Sciences and Technology (IBCAST\u201917)","author":"Din Shahab Ud","year":"2017","unstructured":"Shahab Ud Din, Zaheer Masood, Raza Samar, Khalid Majeed, and Muhammad Asif Zahoor Raja. 2017. Study of epidemiological based dynamic model of computer viruses for sustainable safeguard against threat propagations. In 14th International Bhurban Conference on Applied Sciences and Technology (IBCAST\u201917). IEEE, 434\u2013440."},{"key":"e_1_3_2_31_2","first-page":"41","volume-title":"IEEE 16th International Conference on Networking, Sensing and Control (ICNSC\u201919)","author":"Ding Jian","year":"2019","unstructured":"Jian Ding, Zizhen Zhang, and Xuemin Chen. 2019. A delayed predator-prey model for worm propagation in computer systems. In IEEE 16th International Conference on Networking, Sensing and Control (ICNSC\u201919). IEEE, 41\u201345."},{"key":"e_1_3_2_32_2","volume-title":"Joint Cybersecurity Advisory: 2021 Trends Show Increased Globalized Threat of Ransomware","author":"Investigation Cybersecurity Federal Bureau of","year":"2022","unstructured":"Cybersecurity Federal Bureau of Investigation and Australian Cyber Security Centre National Cyber Security Centre Infrastructure Security Agency, National Security Agency. 2022. Joint Cybersecurity Advisory: 2021 Trends Show Increased Globalized Threat of Ransomware. Technical Report. Retrieved from https:\/\/www.cisa.gov\/uscert\/ncas\/alerts\/aa22-040a."},{"volume-title":"Breaking in After Hours: Ransomware Trend Intelligence","year":"2020","key":"e_1_3_2_33_2","unstructured":"FireEye. 2020. Breaking in After Hours: Ransomware Trend Intelligence. Retrieved from https:\/\/vision.fireeye.com\/editions\/07\/07-breaking-in-after-hours.html#."},{"key":"e_1_3_2_34_2","volume-title":"Information Sharing and Analysis Center (ISACs) - Cooperative Models","author":"(ENISA) European Union Agency for Cybersecurity","year":"2018","unstructured":"European Union Agency for Cybersecurity (ENISA). 2018. Information Sharing and Analysis Center (ISACs) - Cooperative Models. Technical Report. Retrieved from https:\/\/www.enisa.europa.eu\/publications\/information-sharing-and-analysis-center-isacs-cooperative-models."},{"key":"e_1_3_2_35_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2006.02.002"},{"key":"e_1_3_2_36_2","unstructured":"Sean P. Gorman Rajendra G. Kulkarni and Laurie A. Schintler. 2004. A predator prey approach to the network structure of cyberspace. Winter International Symposium on Information and Communication Technologies (WISICT) ACM 1\u20136."},{"key":"e_1_3_2_37_2","doi-asserted-by":"publisher","DOI":"10.1109\/CSAC.2004.47"},{"key":"e_1_3_2_38_2","volume-title":"What Is WannaCry Ransomware and Why Is It Attacking Global Computers?","author":"Hern Alex","year":"2017","unstructured":"Alex Hern and Samuel Gibbs. 2017. What Is WannaCry Ransomware and Why Is It Attacking Global Computers? Retrieved from https:\/\/www.theguardian.com\/technology\/2017\/may\/12\/nhs-ransomware-cyber-attack-what-is-wanacrypt0r-20."},{"key":"e_1_3_2_39_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-61317-3_5"},{"issue":"1","key":"e_1_3_2_40_2","doi-asserted-by":"crossref","first-page":"2","DOI":"10.1186\/s40163-019-0097-9","article-title":"Ransomware deployment methods and analysis: Views from a predictive model and human responses","volume":"8","author":"Hull Gavin","year":"2019","unstructured":"Gavin Hull, Henna John, and Budi Arief. 2019. Ransomware deployment methods and analysis: Views from a predictive model and human responses. Crime Sci. 8, 1 (2019), 2.","journal-title":"Crime Sci."},{"key":"e_1_3_2_41_2","first-page":"307","volume-title":"European Conference on Innovation and Entrepreneurship","author":"Ioanid Alexandra","year":"2017","unstructured":"Alexandra Ioanid, Cezar Scarlat, and Gheorghe Militaru. 2017. The effect of cybercrime on Romanian SMEs in the context of WannaCry ransomware attacks. In European Conference on Innovation and Entrepreneurship. Academic Conferences International Limited, 307\u2013313."},{"key":"e_1_3_2_42_2","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2012.72"},{"key":"e_1_3_2_43_2","unstructured":"Insurance Journal. 2021. Insurer AXA to Stop Paying for Ransomware Crime Payments in France. Retrieved from https:\/\/www.insurancejournal.com\/news\/international\/2021\/05\/09\/613255.htm."},{"volume-title":"Over Half of Ransomware Victims Pay the Ransom, but Only a Quarter See their Full Data Returned","year":"2021","key":"e_1_3_2_44_2","unstructured":"Kaspersky. 2021. Over Half of Ransomware Victims Pay the Ransom, but Only a Quarter See their Full Data Returned. Retrieved from https:\/\/www.kaspersky.com\/about\/press-releases\/2021_over-half-of-ransomware-victims-pay-the-ransom-but-only-a-quarter-see-their-full-data-returned."},{"key":"e_1_3_2_45_2","volume-title":"Think Fast: Time between Disclosure, Patch Release and Vulnerability Exploitation\u2014Intelligence for Vulnerability Management, Part Two","author":"Semrau Shambavi Sadayappan (Mandiant) Kathleen Metrick, Jared","year":"2020","unstructured":"Shambavi Sadayappan (Mandiant) Kathleen Metrick, Jared Semrau. 2020. Think Fast: Time between Disclosure, Patch Release and Vulnerability Exploitation\u2014Intelligence for Vulnerability Management, Part Two. Retrieved from https:\/\/www.mandiant.com\/resources\/time-between-disclosure-patch-release-and-vulnerability-exploitation\/."},{"key":"e_1_3_2_46_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-20550-2_1"},{"key":"e_1_3_2_47_2","unstructured":"Brian Krebs. 2021. At least 30 000 U.S. organizations newly hacked via holes in Microsoft\u2019s email software. KrebsOnSecurity. https:\/\/krebsonsecurity.com\/2021\/03\/at-least-30000-u-s-organizations-newly-hacked-via-holes-in-microsofts-email-software\/. Accessed February 10 2023."},{"issue":"2","key":"e_1_3_2_48_2","first-page":"92","article-title":"Effect of quarantine & vaccination on infectious nodes in computer network","volume":"2","author":"Kumar Munna","year":"2015","unstructured":"Munna Kumar, Bimal Kumar Mishra, and T. C. Panda. 2015. Effect of quarantine & vaccination on infectious nodes in computer network. Int. J. Comput. Netw. Applic. 2, 2 (2015), 92\u201398.","journal-title":"Int. J. Comput. Netw. Applic."},{"issue":"1","key":"e_1_3_2_49_2","first-page":"173","article-title":"Predator-prey models on interaction between computer worms, Trojan horse and antivirus software inside a computer system","volume":"10","author":"Kumar Munna","year":"2016","unstructured":"Munna Kumar, Bimal Kumar Mishra, and T. C. Panda. 2016. Predator-prey models on interaction between computer worms, Trojan horse and antivirus software inside a computer system. Int. J. Secur. Applic. 10, 1 (2016), 173\u2013190.","journal-title":"Int. J. Secur. Applic."},{"key":"e_1_3_2_50_2","unstructured":"Martin Lee Warren Mercer Paul Rascagneres and Craig Williams. 2017. Player 3 Has Entered the Game: Say Hello to \u201cWannaCry.\u201d Retrieved from http:\/\/blog.talosintelligence.com\/2017\/05\/wannacry.html."},{"key":"e_1_3_2_51_2","volume-title":"How Ransomware Attacks","author":"Loman Mark","year":"2019","unstructured":"Mark Loman. 2019. How Ransomware Attacks. Technical Report. Sophos."},{"issue":"1","key":"e_1_3_2_52_2","first-page":"1","article-title":"Mathematical models of malaria-a review","volume":"10","author":"Mandal Sandip","year":"2011","unstructured":"Sandip Mandal, Ram Rup Sarkar, and Somdatta Sinha. 2011. Mathematical models of malaria-a review. Malaria J. 10, 1 (2011), 1\u201319.","journal-title":"Malaria J."},{"key":"e_1_3_2_53_2","volume-title":"Cyber Kill Chain","author":"Martin Lockheed","year":"2011","unstructured":"Lockheed Martin. 2011. Cyber Kill Chain. Retrieved from https:\/\/www.lockheedmartin.com\/en-us\/capabilities\/cyber\/cyber-kill-chain.html."},{"key":"e_1_3_2_54_2","doi-asserted-by":"publisher","DOI":"10.1109\/MITP.2015.14"},{"key":"e_1_3_2_55_2","doi-asserted-by":"publisher","DOI":"10.1109\/AICCSA.2017.219"},{"key":"e_1_3_2_56_2","doi-asserted-by":"publisher","DOI":"10.1201\/9780429504044-4"},{"key":"e_1_3_2_57_2","unstructured":"BBC News. 2021. Ransomware: Should Paying Hacker Ransoms Be Illegal? Retrieved from https:\/\/www.bbc.co.uk\/news\/technology-57173096."},{"key":"e_1_3_2_58_2","doi-asserted-by":"publisher","DOI":"10.5220\/0006401902320239"},{"key":"e_1_3_2_59_2","volume-title":"Cyber Security Framework (CSF) v1.1","author":"Standards National Institute of","year":"2018","unstructured":"National Institute of Standards and Technology (NIST). 2018. Cyber Security Framework (CSF) v1.1. Technical Report. Retrieved from https:\/\/www.nist.gov\/cyberframework."},{"key":"e_1_3_2_60_2","volume-title":"Ransomware Threat Report","author":"Alto Unit 42 Palo","year":"2022","unstructured":"Unit 42 Palo Alto. 2022. Ransomware Threat Report. Technical Report. Retrieved from https:\/\/start.paloaltonetworks.com\/unit-42-ransomware-threat-report.html?utm_source=google-rapp-amer-rapp&utm_medium=paid-search&utm_campaign=campaign&utm_content=591939886994-c&utm_term=ransomware%202021&sfdcid=7014u000001hKM8AAM&_bt=591939886994&_bm=e&_bn=g&gclid=Cj0KCQjw1ZeUBhDyARIsAOzAqQIx2E0MsGF519Z7_-vT8UzCsJFcQKmlGny0nEAs_duubZzRCl_6CrQaAuAQEALw_wcB."},{"key":"e_1_3_2_61_2","doi-asserted-by":"publisher","DOI":"10.1504\/IJICS.2012.051777"},{"issue":"1","key":"e_1_3_2_62_2","first-page":"42","article-title":"Predator-prey\/obligate mutualism in information system security and usage","volume":"18","author":"Pendegraft Norman","year":"2017","unstructured":"Norman Pendegraft. 2017. Predator-prey\/obligate mutualism in information system security and usage. J. Inf. Technol. Theor. Applic. 18, 1 (2017), 42.","journal-title":"J. Inf. Technol. Theor. Applic."},{"key":"e_1_3_2_63_2","volume-title":"Cyber Threat Intelligence in Government: A Guide for Decision Makers & Analysts","author":"Programme Home Office Cyber Security","year":"2019","unstructured":"Home Office Cyber Security Programme. 2019. Cyber Threat Intelligence in Government: A Guide for Decision Makers & Analysts. Technical Report. Retrieved from https:\/\/hodigital.blog.gov.uk\/wp-content\/uploads\/sites\/161\/2020\/03\/Cyber-Threat-Intelligence-A-Guide-For-Decision-Makers-and-Analysts-v2.0.pdf."},{"key":"e_1_3_2_64_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-03026-1_4"},{"key":"e_1_3_2_65_2","doi-asserted-by":"publisher","DOI":"10.1002\/sec.1186"},{"key":"e_1_3_2_66_2","volume-title":"Definitive Guide to Ransomware 2022","author":"Security IBM","year":"2022","unstructured":"IBM Security. 2022. Definitive Guide to Ransomware 2022. Technical Report. Retrieved from https:\/\/www.ibm.com\/downloads\/cas\/EV6NAQR4."},{"key":"e_1_3_2_67_2","article-title":"Automated dynamic analysis of ransomware: Benefits, limitations and use for detection","author":"Sgandurra Daniele","year":"2016","unstructured":"Daniele Sgandurra, Luis Mu\u00f1oz-Gonz\u00e1lez, Rabih Mohsen, and Emil C. Lupu. 2016. Automated dynamic analysis of ransomware: Benefits, limitations and use for detection. arXiv preprint arXiv:1609.03020 (2016).","journal-title":"arXiv preprint arXiv:1609.03020"},{"key":"e_1_3_2_68_2","doi-asserted-by":"crossref","first-page":"90","DOI":"10.1109\/CAST.2016.7914946","volume-title":"International Conference on Computing, Analytics and Security Trends (CAST\u201916)","author":"Shinde Rhythima","year":"2016","unstructured":"Rhythima Shinde, Pieter Van der Veeken, Stijn Van Schooten, and Jan van den Berg. 2016. Ransomware: Studying transfer and mitigation. In International Conference on Computing, Analytics and Security Trends (CAST\u201916). IEEE, 90\u201395."},{"key":"e_1_3_2_69_2","first-page":"65","volume-title":"ACM Workshop on Information Sharing and Collaborative Security","author":"Sillaber Christian","year":"2016","unstructured":"Christian Sillaber, Clemens Sauerwein, Andrea Mussmann, and Ruth Breu. 2016. Data quality challenges and future research directions in threat intelligence sharing practice. In ACM Workshop on Information Sharing and Collaborative Security. 65\u201370."},{"key":"e_1_3_2_70_2","volume-title":"15th Symposium on Usable Privacy and Security (SOUPS\u201919)","author":"Simoiu Camelia","year":"2019","unstructured":"Camelia Simoiu, Joseph Bonneau, Christopher Gates, and Sharad Goel. 2019. \u201cI was told to buy a software or lose my computer. I ignored it\u201d: A study of ransomware. In 15th Symposium on Usable Privacy and Security (SOUPS\u201919)."},{"key":"e_1_3_2_71_2","unstructured":"Luke Somerville. 2017. WannaCry Post-outbreak Analysis. Retrieved from https:\/\/www.forcepoint.com\/blog\/x-labs\/wannacry-post-outbreak-analysis."},{"key":"e_1_3_2_72_2","volume-title":"The Top 10 Ways Ransomware Operators Ramp Up the Pressure to Pay","author":"(Sophos) Peter Mackenzie","year":"2021","unstructured":"Peter Mackenzie (Sophos). (2021). The Top 10 Ways Ransomware Operators Ramp Up the Pressure to Pay. Retrieved from https:\/\/news.sophos.com\/en-us\/2021\/10\/28\/the-top-10-ways-ransomware-operators-ramp-up-the-pressure-to-pay\/."},{"key":"e_1_3_2_73_2","volume-title":"A Rare Win in the Cat-and-Mouse Game of Ransomware","author":"Times) Nicole Perlroth (New York","year":"2021","unstructured":"Nicole Perlroth (New York Times). 2021. A Rare Win in the Cat-and-Mouse Game of Ransomware. Retrieved from https:\/\/www.nytimes.com\/2021\/10\/24\/technology\/ransomware-emsisoft-blackmatter.html."},{"key":"e_1_3_2_74_2","unstructured":"The New York Times. 2021. Colonial Pipeline Paid Roughly $5 Million in Ransom to Hackers. Retrieved from https:\/\/www.nytimes.com\/2021\/05\/13\/us\/politics\/biden-colonial-pipeline-ransomware.html."},{"key":"e_1_3_2_75_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2019.101589"},{"issue":"4","key":"e_1_3_2_76_2","doi-asserted-by":"crossref","first-page":"347","DOI":"10.1080\/01495933.2019.1633187","article-title":"On the social science of ransomware: Technology, security, and society","volume":"38","author":"Wilner Alex","year":"2019","unstructured":"Alex Wilner, Anna Jeffery, Jacqueline Lalor, Kathleen Matthews, Krystene Robinson, Alexandra Rosolska, and Catherine Yorgoro. 2019. On the social science of ransomware: Technology, security, and society. Comparat. Strat. 38, 4 (2019), 347\u2013370.","journal-title":"Comparat. Strat."},{"key":"e_1_3_2_77_2","unstructured":"Wired. 2018. The Untold Story of NotPetya the Most Devastating Cyberattack in History. Retrieved from https:\/\/www.wired.com\/story\/notpetya-cyberattack-ukraine-russia-code-crashed-the-world\/."},{"issue":"1","key":"e_1_3_2_78_2","doi-asserted-by":"crossref","first-page":"tyaa023","DOI":"10.1093\/cybsec\/tyaa023","article-title":"An empirical study of ransomware attacks on organizations: An assessment of severity and salient factors affecting vulnerability","volume":"6","author":"Connolly Lena Yuryna","year":"2020","unstructured":"Lena Yuryna Connolly, David S. Wall, Michael Lang, and Bruce Oddson. 2020. An empirical study of ransomware attacks on organizations: An assessment of severity and salient factors affecting vulnerability. J. Cybersecur. 6, 1 (2020), tyaa023.","journal-title":"J. Cybersecur."},{"key":"e_1_3_2_79_2","volume-title":"Avoiding the Cyber Pandemic: A Public Health Approach to Preventing Malware Propagation","author":"Zelonis Kim","year":"2004","unstructured":"Kim Zelonis. 2004. Avoiding the Cyber Pandemic: A Public Health Approach to Preventing Malware Propagation. Ph.D. Dissertation. Carnegie Mellon University Heniz School (MSISPM)."},{"issue":"1","key":"e_1_3_2_80_2","first-page":"1","article-title":"Dynamics of a delayed worm propagation model with quarantine","volume":"2017","author":"Zhang Zizhen","year":"2017","unstructured":"Zizhen Zhang and Limin Song. 2017. Dynamics of a delayed worm propagation model with quarantine. Adv. Differ. Equat. 2017, 1 (2017), 1\u201313.","journal-title":"Adv. Differ. Equat."}],"container-title":["Digital Threats: Research and Practice"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3579648","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3579648","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T17:48:44Z","timestamp":1750182524000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3579648"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,10,20]]},"references-count":79,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2023,12,31]]}},"alternative-id":["10.1145\/3579648"],"URL":"https:\/\/doi.org\/10.1145\/3579648","relation":{},"ISSN":["2692-1626","2576-5337"],"issn-type":[{"type":"print","value":"2692-1626"},{"type":"electronic","value":"2576-5337"}],"subject":[],"published":{"date-parts":[[2023,10,20]]},"assertion":[{"value":"2021-11-30","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2022-12-15","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2023-10-20","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}