Checkmate: using game theory to study the evolution of ransomware

Retour à la liste des conférenciers et sessions
Écoutez la diffusion

Ransomware has changed and adapted over time to survive. Unfortunately, this evolution has led to a grim reality. From a defender's perspective, the sheer number of new strains coming out regularly makes it impossible to defend their infrastructure against every new threat. For attackers, technological advancement created a playground filled with criminal opportunities waiting to be exploited. Game theory perspective is a way to analyze conflicting parties' behaviours to see how each will behave towards their endgames. Zero-sum games are when a player's win causes a direct loss to the other; ransomware is a good example. Traditional game theory research focuses on one attacker vs. one defender during a game. However, this is not the reality defenders face daily. Defenders must defend themselves against multiple attacks during multiple games simultaneously. This means it is far easier for attackers to win than defenders in a zero-sum game. So how can the odds be balanced out? The answer might be reducing the asymmetric information gap between the two parties. This research aims to find the recurring techniques and tactics used over time. Even though ransomware is constantly evolving, specific aspects should remain the same or at least this is what I will find out. I studied over eighty ransomwares over five years (2017-2022). This presentation will cover the evolution of the TTPs over the set period, the stable behaviours and present the observations from the findings.