Your World of Legal Intelligence
 United Kingdom | +44 (0) 20 7284 8080

An investigation of individual willingness to pay ransomware

Document Cited in Related
Vincent
DOIhttps://doi.org/10.1108/JFC-02-2022-0055
Published date19 April 2022
Date19 April 2022
Pages728-741
Subject MatterAccounting & finance,Financial risk/company failure,Financial crime
AuthorAnna Cartwright,Edward Cartwright,Lian Xue,Julio Hernandez-Castro
An investigation of individual
willingness to pay ransomware
Anna Cartwright
Department of Accounting, Finance and Economics, Oxford Brookes University,
Oxford, UK
Edward Cartwright
Department of Economics and Marketing, De Montfort University, Leicester, UK
Lian Xue
Department of Economics, Wuhan University, Wuhan, China, and
Julio Hernandez-Castro
School of Computing, University of Kent, Canterbury, UK
Abstract
Purpose Ransomwareis a relatively new form of nancial extortion that is proving a major cyber-security
threat to individuals and organisations. This study aims to investigate factors that may inuence an
individualswillingness to engage in a ransom payment.
Design/methodology/approach This study ran a large survey (n= 1,798) on a representativesample
of the UK population. This study elicited willingness to pay (WTP) ransomware and also reasons for not
wanting to pay a ransom to criminals.This study then used non-parametric tests and regression analysisto
identifyfactors that inuence WTP.
Findings This study nds that women and younger age groups are signicantly more willing to pay a
ransom, as are those who store photos. There is a strong positive relationship between concern for data
breach and WTP a ransom.
Originality/value To the best of the authorsknowledge, this is the rst large scale study to look at
WTP ransomware. This study identies a range of factorsthat can help inform law enforcement to target
advice aboutransomware attacks.
Keywords Ransomware, Cyber-security, Cyber-crime, Willingness to pay, Cyber security,
Data breach
Paper type Research paper
1. Introduction
Crypto ransomware is a form of malware that encrypts the les on a device so that the
victim can no longer access their les. The criminals then demand a ransom for the key to
decrypt the les and restore access (Maigida et al.,2019;Connolly and Wall, 2019). In early
variants of ransomware, the criminals were seemingly experimentingand decryption
could often be reverse engineered (Emm, 2008). This allowed some victims to recover their
This project has received funding from the Engineering and Physical Sciences Research Council
(EPSRC) for project EP/P011772/1 on the EconoMical, PsycHologicAl and Societal Impact of
RanSomware (EMPHASIS). The authors also want to thank the European Unions Horizon 2020
research and innovation programme, under grant agreement No.700326 (RAMSES project), which
also supported this work.
JFC
30,3
728
Journalof Financial Crime
Vol.30 No. 3, 2023
pp. 728-741
© Emerald Publishing Limited
1359-0790
DOI 10.1108/JFC-02-2022-0055
The current issue and full text archive of this journal is available on Emerald Insight at:
https://www.emerald.com/insight/1359-0790.htm

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT