{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,3]],"date-time":"2026-07-03T06:44:42Z","timestamp":1783061082269,"version":"3.54.6"},"reference-count":38,"publisher":"MDPI AG","issue":"2","license":[{"start":{"date-parts":[[2019,6,10]],"date-time":"2019-06-10T00:00:00Z","timestamp":1560124800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100000266","name":"Engineering and Physical Sciences Research Council","doi-asserted-by":"publisher","award":["EP\/P011772\/1"],"award-info":[{"award-number":["EP\/P011772\/1"]}],"id":[{"id":"10.13039\/501100000266","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Games"],"abstract":"<jats:p>Ransomware is a particular form of cyber-attack in which a victim loses access to either his electronic device or files unless he pays a ransom to criminals. A criminal\u2019s ability to make money from ransomware critically depends on victims believing that the criminal will honour ransom payments. In this paper we explore the extent to which a criminal can build trust through reputation. We demonstrate that there are situations in which it is optimal for the criminal to always return the files and situations in which it is not. We argue that the ability to build reputation will depend on how victims distinguish between different ransomware strands. If ransomware is to survive as a long term revenue source for criminals then they need to find ways of building a good reputation.<\/jats:p>","DOI":"10.3390\/g10020026","type":"journal-article","created":{"date-parts":[[2019,6,10]],"date-time":"2019-06-10T03:16:51Z","timestamp":1560136611000},"page":"26","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":25,"title":["Ransomware and Reputation"],"prefix":"10.3390","volume":"10","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-1965-842X","authenticated-orcid":false,"given":"Anna","family":"Cartwright","sequence":"first","affiliation":[{"name":"School of Economics, Finance and Accounting, University of Coventry, Coventry CV1 5FB, UK"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0194-9368","authenticated-orcid":false,"given":"Edward","family":"Cartwright","sequence":"additional","affiliation":[{"name":"Department of Strategic Management and Marketing, De Montfort University, Leicester LE1 9BH, UK"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"1968","published-online":{"date-parts":[[2019,6,10]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"2","DOI":"10.1186\/s40163-019-0097-9","article-title":"Ransomware Deployment Methods and Analysis: Views from a Predictive Model and Human Responses","volume":"8","author":"Hull","year":"2019","journal-title":"Crime Sci."},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., and Kirda, E. (2015, January 9\u201310). Cutting the gordian knot: A look under the hood of ransomware attacks. Proceedings of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Milan, Italy.","DOI":"10.1007\/978-3-319-20550-2_1"},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"8","DOI":"10.1016\/S1353-4858(16)30096-4","article-title":"Ransomware: Taking businesses hostage","volume":"2016","year":"2016","journal-title":"Netw. Secur."},{"key":"ref_4","first-page":"10","article-title":"Ransomware: Evolution, mitigation and prevention","volume":"13","author":"Richardson","year":"2017","journal-title":"Int. Manag. Rev."},{"key":"ref_5","unstructured":"F-Secure (2019, May 14). F-Secure State of Cyber-Security Report 2017. Available online: https:\/\/www.f-secure.com\/documents\/996508\/1030743\/cyber-security-report-2017."},{"key":"ref_6","first-page":"48","article-title":"Ransomware: A Survey and Trends","volume":"6","author":"Aurangzeb","year":"2017","journal-title":"J. Inf. Assur. Secur."},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Hernandez-Castro, J., Cartwright, E., and Stepanova, A. (2017). Economic Analysis of Ransomware. arXiv.","DOI":"10.2139\/ssrn.2937641"},{"key":"ref_8","unstructured":"Trend-Micro (2019, May 14). Ransomware: The Truth Behind the Headlines. Available online: https:\/\/www.trendmicro.co.uk\/media\/misc\/ransomware-the-truth-behind-the-headlines.pdf."},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Huang, D.Y., Aliapoulios, M.M., Li, V.G., Invernizzi, L., Bursztein, E., McRoberts, K., Levin, J., Levchenko, K., Snoeren, A.C., and McCoy, D. (2018, January 20\u201324). Tracking ransomware end-to-end. Proceedings of the 2018 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA.","DOI":"10.1109\/SP.2018.00047"},{"key":"ref_10","unstructured":"Paquet-Clouston, M., Haslhofer, B., and Dupont, B. (2018). Ransomware Payments in the Bitcoin Ecosystem. arXiv."},{"key":"ref_11","unstructured":"Cusack, B., and Ward, G. (2018, January 16\u201318). Points of Failure in the Ransomware Electronic Business Model. Proceedings of the Twenty-Fourth Americas Conference on Information Systems, New Orleans, LA, USA."},{"key":"ref_12","unstructured":"Rashid, F. (2019, May 14). 4 Reasons Not to Pay Up in a Ransomware Attack. InfoWorld. Available online: https:\/\/www.infoworld.com\/article\/3043197\/4-reasons-not-to-pay-up-in-a-ransomware-attack.html."},{"key":"ref_13","unstructured":"VioletBlue (2019, May 16). Customer Service Matters When It Comes to Ransomware, Engadget. Available online: https:\/\/www.engadget.com\/2016\/09\/09\/customer-service-matters-when-it-comes-to-ransomware\/."},{"key":"ref_14","unstructured":"CyberEdge (2019, May 16). Fifth-Annual Cyberthreat Defense Report. Available online: https:\/\/cyber-edge.com\/cdr\/#about-this-report."},{"key":"ref_15","unstructured":"Bursztein, E. (2019, May 16). Unmasking the Ransomware Kingpins. EliE. Available online: https:\/\/elie.net\/blog\/security\/unmasking-the-ransomware-kingpins\/."},{"key":"ref_16","unstructured":"Palmer, D. (2019, May 16). The Godfather of Ransomware Returns: Locky Is Back and Sneakier than Ever. ZD Net. Available online: https:\/\/www.zdnet.com\/article\/the-godfather-of-ransomware-returns-locky-is-back-and-sneakier-than-ever\/."},{"key":"ref_17","unstructured":"Caulfield, T., Ioannidis, C., and Pym, D. (2019, May 14). Dynamic Pricing for Ransomware. Available online: http:\/\/www0.cs.ucl.ac.uk\/staff\/D.Pym\/ransomware-dynamic.pdf."},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Caporusso, N., Chea, S., and Abukhaled, R. (2018, January 27\u201331). A Game-Theoretical Model of Ransomware. Proceedings of the International Conference on Applied Human Factors and Ergonomics, Orlando, FL, USA.","DOI":"10.1007\/978-3-319-94782-2_7"},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Laszka, A., Farhang, S., and Grossklags, J. (2017, January 23\u201325). On the Economics of Ransomware. Proceedings of the International Conference on Decision and Game Theory for Security, Vienna, Austria.","DOI":"10.1007\/978-3-319-68711-7_21"},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Cartwright, A., Cartwright, E., and Hernandez-Castro, H. (2019). To pay or not: Game theoretic models of ransomware. J. Cybersecur., forthcoming.","DOI":"10.1093\/cybsec\/tyz009"},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"41","DOI":"10.1016\/j.ejpoleco.2016.05.004","article-title":"Why concessions should not be made to terrorist kidnappers","volume":"44","author":"Brandt","year":"2016","journal-title":"Eur. J. Political Econ."},{"key":"ref_22","first-page":"16","article-title":"To bargain or not to bargain: That is the question","volume":"78","author":"Lapan","year":"1988","journal-title":"Am. Econ. Rev."},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Selten, R. (1977). A simple game model of kidnapping. Mathematical Economics and Game Theory, Springer.","DOI":"10.1007\/978-3-642-45494-3_11"},{"key":"ref_24","unstructured":"Zarifis, A., and Cheng, X. (2018, January 16\u201318). The Impact of Extended Global Ransomware Attacks on Trust: How the Attacker\u2019s Competence and Institutional Trust Influence the Decision to Pay. Proceedings of the Twenty-Fourth Americas Conference on Information Systems, New Orleans, LA, USA."},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"407","DOI":"10.1111\/j.1468-0262.2004.00496.x","article-title":"Imperfect monitoring and impermanent reputations","volume":"72","author":"Cripps","year":"2004","journal-title":"Econometrica"},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"561","DOI":"10.2307\/2297864","article-title":"Maintaining a Reputation when Strategies are Imperfectly","volume":"59","author":"Fudenberg","year":"1992","journal-title":"Rev. Econ. Stud."},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"555","DOI":"10.2307\/2298086","article-title":"Repeated games with long-run and short-run players","volume":"57","author":"Fudenberg","year":"1990","journal-title":"Rev. Econ. Stud."},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"691","DOI":"10.2307\/2171867","article-title":"Maintaining a reputation against a long-lived opponent","volume":"64","author":"Celetani","year":"1996","journal-title":"Econometrica"},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"245","DOI":"10.1016\/0022-0531(82)90029-1","article-title":"Rational cooperation in the finitely repeated prisoners\u2019 dilemma","volume":"27","author":"Kreps","year":"1982","journal-title":"J. Econ. Theory"},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"253","DOI":"10.1016\/0022-0531(82)90030-8","article-title":"Reputation and imperfect information","volume":"27","author":"Kreps","year":"1982","journal-title":"J. Econ. Theory"},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"280","DOI":"10.1016\/0022-0531(82)90031-X","article-title":"Predation, reputation, and entry deterrence","volume":"27","author":"Milgrom","year":"1982","journal-title":"J. Econ. Theory"},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"157","DOI":"10.3982\/TE1893","article-title":"Reputation without commitment in finitely repeated games","volume":"11","author":"Weinstein","year":"2016","journal-title":"Theor. Econ."},{"key":"ref_33","unstructured":"Fudenberg, D., and Levine, D.K. (1998). The Theory of Learning in Games, MIT Press."},{"key":"ref_34","unstructured":"Young, H.P. (2001). Individual Strategy and Social Structure: An Evolutionary Theory of Institutions, Princeton University Press."},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1016\/0899-8256(91)90003-W","article-title":"Evolution, learning, and economic behavior","volume":"3","author":"Selten","year":"1991","journal-title":"Games Econ. Behav."},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"57","DOI":"10.2307\/2951778","article-title":"The evolution of conventions","volume":"61","author":"Young","year":"1993","journal-title":"Econometrica"},{"key":"ref_37","doi-asserted-by":"crossref","first-page":"10887","DOI":"10.1523\/JNEUROSCI.5829-12.2013","article-title":"The human brain encodes event frequencies while forming subjective beliefs","volume":"33","author":"Schultz","year":"2013","journal-title":"J. Neurosci."},{"key":"ref_38","doi-asserted-by":"crossref","first-page":"605","DOI":"10.1111\/1468-0262.00125","article-title":"Reinforcement-based vs. Belief-based Learning Models in Experimental Asymmetric-information Games","volume":"68","author":"Feltovich","year":"2000","journal-title":"Econometrica"}],"container-title":["Games"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2073-4336\/10\/2\/26\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T12:57:12Z","timestamp":1760187432000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2073-4336\/10\/2\/26"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,6,10]]},"references-count":38,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2019,6]]}},"alternative-id":["g10020026"],"URL":"https:\/\/doi.org\/10.3390\/g10020026","relation":{},"ISSN":["2073-4336"],"issn-type":[{"value":"2073-4336","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,6,10]]}}}