
Be the first to like this
Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our User Agreement and Privacy Policy.
Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our Privacy Policy and User Agreement for details.
Published on
Slides from Tony MartinVegue's presentation at NBTcon, San Francisco: December 03, 2016.
"Ransomware & Game Theory: To Pay, or Not to Pay?"
Abstract:
What do the San Francisco Giants, Cryptolocker and nuclear war all have in common? They all involve conflicts in which incentives, payouts and winning strategies can be analyzed with game theory. Game theory is a branch of mathematics that models conflict and cooperation between parties and is used in many realworld decision making scenarios, inside and outside the Information Security field. Game theory is particularly useful in analyzing the extortionist / victim dynamic present in ransomware infection scenarios.
Ransomware comes in many varieties and works in different ways, but the basic setting is the same: cybercriminals infect a computer with malicious software that blocks access to the system or important files until the ransom is paid.
The conventional wisdom in information security regarding ransomware is to never pay. But, why? The answer is a little more nuanced than “never pay” or “always pay.” The decision is a complex scenario of incentives and payoffs. Who stands to gain when ransomware is paid? Who gains when it is not paid?
This talk will use the familiar topic of ransomware to introduce participants to game theory concepts like rational decisionmaking, zerosum games, incentives, utility and Nash Equilibrium – all important tools that can help solve security problems. By analyzing ransomware decisionmaking with a game theory mindset, participants will learn a new set of skills and a new way of incentivedriven thinking.
Be the first to like this
Be the first to comment