Skip to main content
Kent Academic Repository

The Scourge of Ransomware: Victim Insights on Harms to Individuals, Organisations and Society

MacColl, Jamie and Hüsch, Pia and Mott, Gareth and Sullivan, James and Nurse, Jason R. C. and Turner, Sarah and Pattnaik, Nandita (2024) The Scourge of Ransomware: Victim Insights on Harms to Individuals, Organisations and Society. Technical report. The Royal United Services Institute for Defence and Security Studies (KAR id:104628)

Abstract

Ransomware incidents remain a scourge on UK society. Based on interviews with victims and incident responders, this paper outlines the harm ransomware causes to organisations, individuals, the UK economy, national security and wider society.

The research reveals a wide range of harms caused by ransomware, including physical, financial, reputational, psychological and social harms.

We set out a framework of:

First-order harms: Harms to any organisation and their staff directly targeted by a ransomware operation.

Second-order harms: Harms to any organisation or individuals that are indirectly affected by a ransomware incident.

Third-order harms: The cumulative effect of ransomware incidents on wider society, the economy and national security.

Building on an existing taxonomy of cyber harms, 1. this framework will enable policymakers, practitioners and researchers to categorise more case studies on ransomware incidents and to better explain new and existing types of harm to the UK and other countries.

Ransomware is a risk for organisations of all sizes. The findings from this paper highlight that ransomware can create significant financial costs and losses for organisations, which in some cases can threaten their very existence. Ransomware can also create reputational harm for businesses that rely on continuous operations or hold very sensitive data – although customers and the general public can be more forgiving than some victims believe.

The harms from ransomware go beyond financial and reputational costs for organisations. Interviews with victims and incident responders revealed that ransomware creates physical and psychological harms for individuals and groups, including members of staff, healthcare patients and schoolchildren.

Ransomware can ruin lives. Incidents highlighted in this paper have caused individuals to lose their jobs, evoked feelings of shame and self-blame, extended to private and family life, and contributed to serious health issues.

The harm and cumulative effects caused by ransomware attacks have implications for wider society and national security, including supply chain disruption, a loss of trust in law enforcement, reduced faith in public services, and the normalisation of cybercrime. Ransomware also creates a strategic advantage for the hostile states harbouring the cyber-criminals who conduct such operations.

Downstream harm to individuals from ransomware is more severe when attacks encrypt IT infrastructure, rather than steal and leak data. There is no evidence from this research that the ransomware ecosystem is exploiting stolen or leaked personal data in a systemic way for fraud or other financially motivated cybercrimes. At present, exploiting stolen data for other activities is less profitable than extortion-based crime that takes away victims’ access to their systems and data. This finding may inform victim decision-making on when they should and should not consider paying a ransom demand.

Item Type: Reports and Papers (Technical report)
Subjects: B Philosophy. Psychology. Religion > BF Psychology
H Social Sciences > H Social Sciences (General)
H Social Sciences > HB Economic Theory
H Social Sciences > HF Commerce > HF5351 Business
J Political Science
Q Science > QA Mathematics (inc Computing science)
T Technology
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
University-wide institutes > Institute of Cyber Security for Society
Depositing User: Jason Nurse
Date Deposited: 16 Jan 2024 10:23 UTC
Last Modified: 20 Jun 2024 15:39 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/104628 (The current URI for this page, for reference purposes)

University of Kent Author Information

  • Depositors only (login required):

Total unique views for this document in KAR since July 2020. For more details click on the image.