Abstract
Ransomware is a cybercrime in which criminals must coerce their victims’ cooperation to profit from infections. There are generally three possible outcomes of a successful infection: (1) a user, having a secure recent backup of his data, will not feel compelled to pay; (2) an unprepared victim would rather accept the data loss than pay the ransom; and (3) the victim values the compromised data more than the ransom being asked, and therefore pays. Though such crimes are initiated by technological means, they rely on social persuasion for success. The argument will be put forward in this paper that ransomware attacks take advantage of the psychology of loss aversion, and that by delivering loss feedback, these attacks exert a psychological influence that is advantageous to the attackers, and which affects individuals differently according to their neural characteristics. Evidence from cognitive, personality and evolutionary psychology are each presented; directions for further research into the risk factors and mechanisms of persuasion in ransomware attacks are indicated.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Andersson, O., Holm, H. J., Tyran, J. R., & Wengström, E. (2014). Deciding for others reduces loss aversion. Management Science, 62(1), 29–36.
Baluch, F., & Itti, L. (2011). Mechanisms of top-down attention. Trends in Neurosciences, 34(4), 210–224.
Bohr, J., & Bashir, M. (2014, July). Who uses bitcoin? An exploration of the bitcoin community. In Twelfth Annual International Conference on Privacy, Security and Trust (PST) (pp. 94–101). IEEE. doi:https://doi.org/10.1109/PST.2014.6890928
Bressler, S. L., & Ding, M. (2006). Event-related potentials. Wiley encyclopedia of biomedical engineering. Hoboken, NJ: Wiley.
Brewer, R. (2016). Ransomware attacks: Detection, prevention and cure. Network Security, 2016(9), 5–9.
Carver, C. S. (1980). Perceived coercion, resistance to persuasion, and the type a behavior pattern. Journal of Research in Personality, 14(4), 467–481.
Cleck, J. N., & Blendy, J. A. (2008). Making a bad thing worse: Adverse effects of stress on drug addiction. The Journal of Clinical Investigation, 118(2), 454–461.
Dehaene, S., Posner, M. I., & Tucker, D. M. (1994). Localization of a neural system for error detection and compensation. Psychological Science, 5(5), 303–305.
Dias-Ferreira, E., Sousa, J. C., Melo, I., Morgado, P., Mesquita, A. R., Cerqueira, J. J., … Sousa, N. (2009). Chronic stress causes frontostriatal reorganization and affects decision-making. Science, 325(5940), 621–625.
Friedman, M., & Rosenman, R. H. (1959). Association of specific overt behavior pattern with blood and cardiovascular findings: Blood cholesterol level, blood clotting time, incidence of arcus senilis, and clinical coronary artery disease. Journal of the American Medical Association, 169(12), 1286–1296.
Gehring, W. J., & Willoughby, A. R. (2002). The medial frontal cortex and the rapid processing of monetary gains and losses. Science, 295(5563), 2279–2282.
Haigh, M. S., & List, J. A. (2005). Do professional traders exhibit myopic loss aversion? An experimental analysis. The Journal of Finance, 60(1), 523–534.
Herrmann, C. S., Strüber, D., Helfrich, R. F., & Engel, A. K. (2016). EEG oscillations: From correlation to causality. International Journal of Psychophysiology, 103, 12–21.
Itagaki, S., & Katayama, J. I. (2008). Self-relevant criteria determine the evaluation of outcomes induced by others. Neuroreport, 19(3), 383–387.
Jones, C. L., Minati, L., Harrison, N. A., Ward, J., & Critchley, H. D. (2011). Under pressure: Response urgency modulates striatal and insula activity during decision-making under risk. PLoS One, 6(6), e20942.
Judges, R. A., Gallant, S. N., Yang, L., & Lee, K. (2017). The role of cognition, personality, and trust in fraud victimization in older adults. Frontiers in Psychology, 8, 588.
Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., & Kirda, E. (2015). Cutting the gordian knot: A look under the hood of ransomware attacks. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 3–24). Cham: Springer.
Kiehl, K. A., Liddle, P. F., & Hopfinger, J. B. (2000). Error processing and the rostral anterior cingulate: An event-related fMRI study. Psychophysiology, 37(2), 216–223.
Kircanski, K., Notthoff, N., DeLiema, M., Samanez-Larkin, G. R., Shadel, D., Mottola, G., … Gotlib, I. H. (2018). Emotional arousal may increase susceptibility to fraud in older and younger adults. Psychology and Aging, 33(2), 325.
Knoch, D., Gianotti, L. R., Pascual-Leone, A., Treyer, V., Regard, M., Hohmann, M., & Brugger, P. (2006). Disruption of right prefrontal cortex by low-frequency repetitive transcranial magnetic stimulation induces risk-taking behavior. Journal of Neuroscience, 26(24), 6469–6472.
Kobayakawa, M., Koyama, S., Mimura, M., & Kawamura, M. (2008). Decision making in Parkinson’s disease: Analysis of behavioral and physiological patterns in the Iowa gambling task. Movement Disorders, 23(4), 547–552.
Krawczyk, D. C., & D’esposito, M. (2013). Modulation of working memory function by motivation through loss-aversion. Human Brain Mapping, 34(4), 762–774.
Lee, J. K., Moon, S. Y., & Park, J. H. (2017). CloudRPS: A cloud analysis based enhanced ransomware prevention system. The Journal of Supercomputing, 73(7), 3065–3084.
Leng, Y., & Zhou, X. (2014). Interpersonal relationship modulates brain responses to outcome evaluation when gambling for/against others: An electrophysiological analysis. Neuropsychologia, 63, 205–214.
Li, Y. J., Kenrick, D. T., Griskevicius, V., & Neuberg, S. L. (2012). Economic decision biases and fundamental motivations: How mating and self-protection alter loss aversion. Journal of Personality and Social Psychology, 102(3), 550.
Liu, Y., Nelson, L. D., Bernat, E. M., & Gehring, W. J. (2014). Perceptual properties of feedback stimuli influence the feedback-related negativity in the flanker gambling task. Psychophysiology, 51(8), 782–788.
Luck, S. J. (2014). An introduction to the event-related potential technique. Cambridge, MA: MIT Press.
Luo, X., & Liao, Q. (2007). Awareness education as the key to ransomware prevention. Information Systems Security, 16(4), 195–202.
Masaki, H., Takeuchi, S., Gehring, W. J., Takasawa, N., & Yamazaki, K. (2006). Affective-motivational influences on feedback-related ERPs in a gambling task. Brain Research, 1105(1), 110–121.
Minati, L., Grisoli, M., Franceschetti, S., Epifani, F., Granvillano, A., Medford, N., … Critchley, H. D. (2012). Neural signatures of economic parameters during decision-making: A functional MRI (FMRI), electroencephalography (EEG) and autonomic monitoring study. Brain Topography, 25(1), 73–96.
Modic, D., Anderson, R., & Palomäki, J. (2018). We will make you like our research: The development of a susceptibility-to-persuasion scale. PLoS One, 13(3), e0194119.
Paddon, D. (2018, May 16), Dozens of Canadian firms have paid ransoms to regain control of data, study finds. The Globe and Mail. Retrieved from http://www.theglobeandmail.com/report-on-business/study-finds-dozens-of-canadian-firms-have-paid-ransoms-to-regain-control-of-data/article31253317/
Patyal, M., Sampalli, S., Ye, Q., & Rahman, M. (2017). Multi-layered defense architecture against ransomware. International Journal of Business and Cyber Security, 1(2), 52–64.
Polman, E. (2012). Self–other decision making and loss aversion. Organizational Behavior and Human Decision Processes, 119(2), 141–150.
Richardson, R., & North, M. M. (2017). Ransomware: Evolution, mitigation and prevention. International Management Review, 13(1), 10–21.
Rozendaal, E., Buijs, L., & Reijmersdal, E. A. V. (2016). Strengthening children’s advertising defenses: The effects of forewarning of commercial and manipulative intent. Frontiers in Psychology, 7, 1186.
Sagarin, B. J., Cialdini, R. B., Rice, W. E., & Serna, S. B. (2002). Dispelling the illusion of invulnerability: The motivations and mechanisms of resistance to persuasion. Journal of Personality and Social Psychology, 83(3), 526.
Schonberg, T., Fox, C. R., & Poldrack, R. A. (2011). Mind the gap: Bridging economic and naturalistic risk-taking with cognitive neuroscience. Trends in Cognitive Sciences, 15(1), 11–19.
Schutte, I., Kenemans, J. L., & Schutter, D. J. (2017). Resting-state theta/beta EEG ratio is associated with reward-and punishment-related reversal learning. Cognitive, Affective, & Behavioral Neuroscience, 17(4), 1–10.
Symantec. (2016). Symantec 2016 Internet security threat report. Tempe, AZ: Symantec.
Takács, Á., Kóbor, A., Janacsek, K., Honbolygó, F., Csépe, V., & Németh, D. (2015). High trait anxiety is associated with attenuated feedback-related negativity in risky decision making. Neuroscience Letters, 600, 188–192.
Taylor, S. E. (1991). Asymmetrical effects of positive and negative events: The mobilization-minimization hypothesis. Psychological Bulletin, 110(1), 67.
Taylor, S. F., Martis, B., Fitzgerald, K. D., Welsh, R. C., Abelson, J. L., Liberzon, I., … Gehring, W. J. (2006). Medial frontal cortex activity and loss-related responses to errors. Journal of Neuroscience, 26(15), 4063–4070.
Tom, S. M., Fox, C. R., Trepel, C., & Poldrack, R. A. (2007). The neural basis of loss aversion in decision-making under risk. Science, 315(5811), 515–518.
Treadway, M. T., Buckholtz, J. W., & Zald, D. (2013). Perceived stress predicts altered reward and loss feedback processing in medial prefrontal cortex. Frontiers in Human Neuroscience, 7, 180.
Trustwave. (2017). 2017 Trustwave global security report. Chicago, IL: Trustwave. Retrieved from https://www.trustwave.com/en-us/resources/library/documents/2017-trustwave-global-security-report/
Tversky, A., & Kahneman, D. (1991). Loss aversion in riskless choice: A reference-dependent model. The Quarterly Journal of Economics, 106(4), 1039–1061.
van de Weijer, S. G., & Leukfeldt, E. R. (2017). Big five personality traits of cybercrime victims. Cyberpsychology, Behavior and Social Networking, 20(7), 407–412.
Vance, A., Anderson, B. B., Kirwan, C. B., & Eargle, D. (2014). Using measures of risk perception to predict information security behavior: Insights from electroencephalography (EEG). Journal of the Association for Information Systems, 15(10), 679.
Welte, J. W., Barnes, G. M., Tidwell, M. C. O., & Hoffman, J. H. (2011). Gambling and problem gambling across the lifespan. Journal of Gambling Studies, 27(1), 49–61.
West, R., Tiernan, B. N., Kieffaber, P. D., Bailey, K., & Anderson, S. (2014). The effects of age on the neural correlates of feedback processing in a naturalistic gambling game. Psychophysiology, 51(8), 734–745.
Whitty, M. T., & Buchanan, T. (2012). The online romance scam: A serious cybercrime. CyberPsychology, Behavior, and Social Networking, 15(3), 181–183.
Wohl, M. J., Christie, K. L., Matheson, K., & Anisman, H. (2010). Animation-based education as a gambling prevention tool: Correcting erroneous cognitions and reducing the frequency of exceeding limits among slots players. Journal of Gambling Studies, 26(3), 469–486.
Yeung, N., Holroyd, C. B., & Cohen, J. D. (2004). ERP correlates of feedback and reward processing in the presence and absence of response choice. Cerebral Cortex, 15(5), 535–544.
Zheng, Y., Li, Q., Wang, K., Wu, H., & Liu, X. (2015). Contextual valence modulates the neural dynamics of risk processing. Psychophysiology, 52(7), 895–904.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
McIntyre, D.L., Frank, R. (2021). No Gambles with Information Security: The Victim Psychology of a Ransomware Attack. In: Weulen Kranenbarg, M., Leukfeldt, R. (eds) Cybercrime in Context. Crime and Justice in Digital Society, vol I. Springer, Cham. https://doi.org/10.1007/978-3-030-60527-8_4
Download citation
DOI: https://doi.org/10.1007/978-3-030-60527-8_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-60526-1
Online ISBN: 978-3-030-60527-8
eBook Packages: Law and CriminologyLaw and Criminology (R0)