Vicky Desjardins

Cyber Threat Intelligence analyst and Doctoral candidate

Back to the list of Speakers and Sessions

Vicky Desjardins Cyber Threat Intelligence analyst and Doctoral candidate, Hitachi systems security and University of Montreal

I am an English lit major turned criminologist turned cyber threat intelligence analyst. I'm an eternal optimist that research can make the world a better and safer place for all so that is what I do. I get crazy ideas, turn them into research projects and figure out later if it's actually possible. Let's see if this one will work out.

Discussion: Q&A Criminology

This is a Q&A session. Moderators will take audience questions both remotely and on-site via

Q&A panel for the Criminology block.

Talk: Checkmate: using game theory to study the evolution of ransomware

Talks will be streamed on YouTube and Twitch for free.

Ransomware has changed and adapted over time to survive. Unfortunately, this evolution has led to a grim reality. From a defender's perspective, the sheer number of new strains coming out regularly makes it impossible to defend their infrastructure against every new threat. For attackers, technological advancement created a playground filled with criminal opportunities waiting to be exploited. Game theory perspective is a way to analyze conflicting parties' behaviours to see how each will behave towards their endgames. Zero-sum games are when a player's win causes a direct loss to the other; ransomware is a good example. Traditional game theory research focuses on one attacker vs. one defender during a game. However, this is not the reality defenders face daily. Defenders must defend themselves against multiple attacks during multiple games simultaneously. This means it is far easier for attackers to win than defenders in a zero-sum game. So how can the odds be balanced out? The answer might be reducing the asymmetric information gap between the two parties. This research aims to find the recurring techniques and tactics used over time. Even though ransomware is constantly evolving, specific aspects should remain the same or at least this is what I will find out. I studied over eighty ransomwares over five years (2017-2022). This presentation will cover the evolution of the TTPs over the set period, the stable behaviours and present the observations from the findings.