UT maps decision-making processes of victims of ransomware

- EN - NL
University of Twente has investigated the decision-making processes of victims forced to pay ransom following ransomware attacks. UT researcher Tom Meurs and his colleagues analysed data provided by the Dutch National Police and a Dutch incident response organisation on 481 ransomware attacks. They were able to show that organisations with recoverable backups were better able to avoid having to pay ransom. Data exfiltration led to higher ransom amounts paid. That was also the case for organisations insured against ransomware attacks.

The researchers used a two-step system: First, the victims decided whether or not to pay the ransom. Second, in the event they did decide to pay, they determined the amount to be paid. "Because we assess the two steps at the same time, the results are more reliable than previous scientific research into ransom payments."

Important insights

The investigation into 481 ransomware attacks submitted to us by the Dutch National Police and a Dutch incident response organisation has yielded a number of important insights. Insurance led to paid ransom amounts that were up to 2.8 times higher, without influencing the frequency of payments. Data exfiltration led to paid ransom amounts that were up to 5.5 times higher, without influencing the frequency of payments. Organisations with recoverable back-ups were up to 27.4 times less likely to pay the ransom compared to victims without recoverable back-ups.

"The insights emphasise the importance for policy makers to focus on areas such as data exfiltration, the role of insurance, and the promotion of recoverable back-ups. The implementation of recoverable back-ups is an effective technological strategy that helps stop criminals from removing back-ups while they infiltrate your systems."

Ecrime2023

During Ecrime 2023 in Barcelona, Tom Meurs and his team received the best Paper award.

The co-authors of the study are: Edward Cartwright (De Montfort University, UK), Anna Cartwright (Oxford Brookes University, UK), Marianne Junger (UT, BMS-IEBIS), Raphael Hoheisel (UT, BMS-IEBIS), Erik Tews (UT, EEMCS-SCS), Abhishta Abhishta (UT, BMS-IEBIS).

Study programmes

Student Services Contact Centre
(Internal) Service Portal
Alumni portal
Faculties, institutes & service departments

Contact & Route
People Pages (UT phone directory)
Route and map
Careers
News overview UT
Event overview UT

International Student Services Information for current students Submit internship/Find talent Studium Generale

Contact People pages (UT phone directory) Press information Faculties/schools Research institutes