An investigation of individual willingness to pay ransomware
DOI | https://doi.org/10.1108/JFC-02-2022-0055 |
Published date | 19 April 2022 |
Date | 19 April 2022 |
Pages | 728-741 |
Subject Matter | Accounting & finance,Financial risk/company failure,Financial crime |
Author | Anna Cartwright,Edward Cartwright,Lian Xue,Julio Hernandez-Castro |
An investigation of individual
willingness to pay ransomware
Anna Cartwright
Department of Accounting, Finance and Economics, Oxford Brookes University,
Oxford, UK
Edward Cartwright
Department of Economics and Marketing, De Montfort University, Leicester, UK
Lian Xue
Department of Economics, Wuhan University, Wuhan, China, and
Julio Hernandez-Castro
School of Computing, University of Kent, Canterbury, UK
Abstract
Purpose –Ransomwareis a relatively new form of financial extortion that is proving a major cyber-security
threat to individuals and organisations. This study aims to investigate factors that may influence an
individual’swillingness to engage in a ransom payment.
Design/methodology/approach –This study ran a large survey (n= 1,798) on a representativesample
of the UK population. This study elicited willingness to pay (WTP) ransomware and also reasons for not
wanting to pay a ransom to criminals.This study then used non-parametric tests and regression analysisto
identifyfactors that influence WTP.
Findings –This study finds that women and younger age groups are significantly more willing to pay a
ransom, as are those who store photos. There is a strong positive relationship between concern for data
breach and WTP a ransom.
Originality/value –To the best of the authors’knowledge, this is the first large scale study to look at
WTP ransomware. This study identifies a range of factorsthat can help inform law enforcement to target
advice aboutransomware attacks.
Keywords Ransomware, Cyber-security, Cyber-crime, Willingness to pay, Cyber security,
Data breach
Paper type Research paper
1. Introduction
Crypto ransomware is a form of malware that encrypts the files on a device so that the
victim can no longer access their files. The criminals then demand a ransom for the key to
decrypt the files and restore access (Maigida et al.,2019;Connolly and Wall, 2019). In early
variants of ransomware, the criminals were seemingly “experimenting”and decryption
could often be reverse engineered (Emm, 2008). This allowed some victims to recover their
This project has received funding from the Engineering and Physical Sciences Research Council
(EPSRC) for project EP/P011772/1 on the EconoMical, PsycHologicAl and Societal Impact of
RanSomware (EMPHASIS). The authors also want to thank the European Union’s Horizon 2020
research and innovation programme, under grant agreement No.700326 (RAMSES project), which
also supported this work.
JFC
30,3
728
Journalof Financial Crime
Vol.30 No. 3, 2023
pp. 728-741
© Emerald Publishing Limited
1359-0790
DOI 10.1108/JFC-02-2022-0055
The current issue and full text archive of this journal is available on Emerald Insight at:
https://www.emerald.com/insight/1359-0790.htm
To continue reading
Request your trial