Payoffs on Geopolitical Ransomware Attacks
This Politico article discusses political ransomware attacks in the context of game theory. Jenny Jun, who has studied North Korea’s cyber operations, argues that ransomware might become increasingly popular for political attacks because of lower barriers to entry, but the payoff can vary depending on several attributes of the captured data. This article mainly focuses on the factors that affect the payoffs of ransomware attacks for each country. Ransomware attacks have many advantages for smaller, less-resourced countries than other types of geopolitical warfare. Encryption algorithms are very common, so they are easy and cheap for governments to create or purchase. Another critical advantage for the attacker is that ransomware attacks are much cheaper to maintain than older forms of ransom. The longer the attack goes on, the attacking nation does not need to pay for an ongoing military siege or worry about running out of troops or supplies.
The author explains that the payoffs of ransomware attacks push the offending nation toward attacking and the defending nation toward conceding. The attacking nation has a low barrier to entry and no extra cost of continuing the attack. While some damage often occurs when hostages are held or victim nations are put under siege, the data that is held for ransom stays undamaged, making it appealing for the victim to concede and receive their intact assets back. If I were to create a game theory table for a ransomware attack, this is what I imagine it would look like:
| Concede | Do not concede | |
| Attack | (10,-5) | (5,-10) |
| Do not attack | X | (0,0) |
There is a Nash equilibrium in this game for attack, concede. The mutual best strategies are for the offending nation to attack and for the defending nation to concede. When a nation is attacked by ransomware, it maximizes their payoff to regain control of the data, while still taking some damage from paying the ransom. The article discusses that some factors can affect these payoffs. If the victim has the data backed up somewhere else, the data might be able to be recovered without damage to the defending nation, giving them a non-conceding strategy with a payoff close to 0. But this also depends on how critical the data is, because waiting to recover the data by oneself could be too costly in the time it takes. The author says that this is why ransomware attackers often target supply chains and medical systems that can cause a lot of damage if they are taken down only for a week.
Jun, Jenny. “Opinion: Could Ransomware Become a Geopolitical Weapon? Game Theory Says Yes.” POLITICO, POLITICO, 8 July 2021, www.politico.com/news/magazine/2021/07/08/ransomware-game-theory-geopolitics-cyber-attack-498625.