Skip to main content
Kent Academic Repository

Using Eyetracker to Find Ways to Mitigate Ransomware

Arief, Budi, Periam, Andy, Cetin, Orcun, Hernandez-Castro, Julio C. (2020) Using Eyetracker to Find Ways to Mitigate Ransomware. In: Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP. . pp. 448-456. Scitepress ISBN 978-989-758-399-5. (doi:10.5220/0008956004480456) (KAR id:80445)


Ransomware is a form of malware designed to prevent access to data by either locking out the victims from their system or encrypting some or all of their files until a ransom has been paid to the attacker. Victims would know that they had been hit by ransomware because a ransom demand (splash screen) would be displayed on their compromised device. This study aims to identify key user interface features of ransomware splash screens and see how these features affect victims’ likelihood to pay, and how this information may be used to create more effective countermeasures to mitigate the threat of ransomware. We devised an experiment that contained three broad types of splash screens (Text, Time-Sensitive Counter, and Other). A total of nine splash screens were shown to each participant, from which data on the participants’ eye behaviour were collected. After each splash screen, participants were also asked a set of questions that would help describe their experience and be cross-referenced with the eye tracking data to aid analysis. Our experiment collected quantitative eye tracker data and qualitative data regarding willingness to pay from 25 participants. Several key components of the splash screens such as the text, logo, images, and technical information were analysed. Comments from the participants on whether they would pay the ransom or not, and the reasons behind their decision were also recorded. We found that there is no clear indication that one type of splash screen would have a higher chance of success with regard to ransom payment. Our study revealed that there are some characteristics in splash screens that would strongly discourage some victims from paying. Further investigation will be carried out in this direction, in order to design and develop more effective countermeasures to ransomware.

Item Type: Conference or workshop item (Proceeding)
DOI/Identification number: 10.5220/0008956004480456
Uncontrolled keywords: Ransomware, Ransom Notes, Splash Screens, Eye Tracker, Countermeasures, Mitigation, User Study
Subjects: Q Science > QA Mathematics (inc Computing science) > QA 75 Electronic computers. Computer science
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Depositing User: Budi Arief
Date Deposited: 10 Mar 2020 13:49 UTC
Last Modified: 09 Jan 2024 12:52 UTC
Resource URI: (The current URI for this page, for reference purposes)

University of Kent Author Information

  • Depositors only (login required):

Total unique views for this document in KAR since July 2020. For more details click on the image.