Personality Types and Ransomware Victimisation-Reference-Cited by-同舟云学术

Personality Types and Ransomware Victimisation

Published:2022-10-26 Issue: Volume: Page:
ISSN:2692-1626
Container-title:Digital Threats: Research and Practice
language:en
Short-container-title:Digital Threats

Author:

Yilmaz Yagiz¹,Cetin Orcun¹,Grigore Claudia²,Arief Budi²,Hernandez-Castro Julio²

Affiliation:

1. Sabancı University, Turkey

2. University of Kent, United Kingdom

Abstract

Ransomware remains one of the most prevalent cyberthreats to individuals and businesses alike. Psychological techniques are often employed by attackers when infecting victims’ devices with ransomware, in an attempt to increase the likelihood of the victims paying the ransom demand. At the same time, cybersecurity researchers are continually putting in effort to find new ways to prevent ransomware infections and victimisation from happening. Since employees and contractors are often considered to be the most frequent and well-known attack vectors, it makes sense to focus on them. Identifying factors to predict the most vulnerable population to cyberattacks can be useful in preventing or mitigating the impact of ransomware attacks. Additionally, understanding victims’ psychological traits can help us devise better solutions to recover from the attack more effectively, while at the same time, encouraging victims not to pay the ransom demand to cybercriminals. In this paper, we investigated the relationship between personality types and ransomware victimisation, in order to understand whether people with certain personality types would be more prone to becoming a ransomware victim or not. We also studied the behavioural and psychological effects of becoming a ransomware victim, in an attempt to see whether such an experience can be used to reinforce positive cybersecurity behaviours in the future. We carried out a survey involving 880 participants, recruited through the Prolific online survey platform. First, these participants were asked to answer a set of standard questions to determine their personality type, using the Big-Five personality trait indicators. They were then asked to answer several follow-up questions regarding victimisation, as well as their feelings and views post-victimisation. We found that 9.55% (n=84) of the participants had been a victim of ransomware. Out of these, 2.38% (n=2) were found to have paid the ransom. We found no compelling evidence to suggest that personality traits would influence ransomware victimisation. In other words, there are no discernible differences regarding potential ransomware victimisation based on people’s personality types alone. Therefore, we should not blame victims for falling prey – in particular, we should not apportion the blame to their personality type. These findings can be used to improve positive cybersecurity behaviours, for example, by encouraging victims to invest more in cybersecurity products and tools. Additionally, our results showed that the aftermath of a ransomware attack could be quite devastating and hard to deal with for many victims. Finally, our research shows that properly dealing with ransomware is a complex socio-technical challenge that requires both technical and psychological support.

Publisher

Association for Computing Machinery (ACM)

Subject

Computer Networks and Communications,Computer Science Applications,Hardware and Architecture,Safety Research,Information Systems,Software

Link

https://dl.acm.org/doi/pdf/10.1145/3568994

Reference43 articles.

1. Budi Arief , Andy Periam , Orcun Cetin , and Julio C Hernandez-Castro . 2020 . Using Eyetracker to Find Ways to Mitigate Ransomware . In 6th Int’l Conf. on Information Systems Security and Privacy (ICISSP 2020). 448–456. Budi Arief, Andy Periam, Orcun Cetin, and Julio C Hernandez-Castro. 2020. Using Eyetracker to Find Ways to Mitigate Ransomware. In 6th Int’l Conf. on Information Systems Security and Privacy (ICISSP 2020). 448–456.

2. Christopher Bing . 2021 [Online]. Exclusive: U.S. to give ransomware hacks similar priority as terrorism . Reuters (June 04 , 2021 [Online]). https://www.reuters.com/technology/exclusive-us-give-ransomware-hacks-similar-priority-terrorism-official-says-2021-06-03/ Christopher Bing. 2021 [Online]. Exclusive: U.S. to give ransomware hacks similar priority as terrorism. Reuters (June 04, 2021 [Online]). https://www.reuters.com/technology/exclusive-us-give-ransomware-hacks-similar-priority-terrorism-official-says-2021-06-03/

3. Jacob Bogage . 2021 [Online]. Colonial Pipeline CEO says paying $4.4 million ransom was ‘the right thing to do for the country’ . The Washington Post (May 19 , 2021 [Online]). https://www.washingtonpost.com/business/2021/05/19/colonial-pipeline-ransom-joseph-blunt/ Jacob Bogage. 2021 [Online]. Colonial Pipeline CEO says paying $4.4 million ransom was ‘the right thing to do for the country’. The Washington Post (May 19, 2021 [Online]). https://www.washingtonpost.com/business/2021/05/19/colonial-pipeline-ransom-joseph-blunt/

4. Confirmation and clarification of primary personality factors

5. Open Science Collaboration . 2015. Estimating the reproducibility of psychological science. Science 349, 6251 ( 2015 ), aac4716. Open Science Collaboration. 2015. Estimating the reproducibility of psychological science. Science 349, 6251 (2015), aac4716.

Cited by 5 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Ransomware Reloaded: Re-examining Its Trend, Research and Mitigation in the Era of Data Exfiltration;ACM Computing Surveys;2024-08-30

2. Privacy of Information and Data;Advances in Information Quality and Management;2024-03-29

3. Statistical Modeling of Ransomware Attacks Trends;Lecture Notes in Networks and Systems;2024

4. The Social and Technological Incentives for Cybercriminals to Engage in Ransomware Activities;Security and Privacy in Social Networks and Big Data;2023

5. Reducing False Negatives in Ransomware Detection: A Critical Evaluation of Machine Learning Algorithms;Applied Sciences;2022-12-16