Skip to main content

Investigating the Impact of Ransomware Splash Screens

Yilmaz, Yagiz, Cetin, Orcun, Arief, Budi, Hernandez-Castro, Julio C. (2021) Investigating the Impact of Ransomware Splash Screens. Journal of Information Security and Applications, 61 . Article Number 102934. ISSN 2214-2126. E-ISSN 2214-2126. (doi:10.1016/j.jisa.2021.102934) (KAR id:92301)

PDF Author's Accepted Manuscript
Language: English

Download (2MB) Preview
[thumbnail of Preprint-InvestigatingTheImpactOfRansomwareSplashScreens.pdf]
This file may not be suitable for users of assistive technology.
Request an accessible format
PDF Publisher pdf
Language: English

Restricted to Repository staff only
Contact us about this Publication
[thumbnail of 1-s2.0-S2214212621001526-main.pdf]
Official URL:


Ransomware is a type of malicious software that locks out its victim from accessing functionality or data on their device, typically by encrypting files. To regain access, victims would typically need to make a ransom payment. Victims get notified that their device has been infected through a ransom note (splash screen) displayed on their device. Ransomware splash screens can be presented in many ways; the most common ones are via a text file or a graphical user interface (GUI). Splash screens may also include additional features, such as a countdown timer, as part of the ransomware operator's ploy to encourage their victims to pay. The main aim of this study was to gain valuable insights into how ransomware splash screens might affect victims' responses. Moreover, the study also investigated whether exposure to different splash screens would encourage participants to adopt good security behaviours. A controlled experiment was conducted by randomly assigning 538 participants into one of the three ransomware infection scenarios based on the splash screen type (Text-based, GUI or GUI + Timer). After watching a demonstration of a ransomware scenario, each participant was asked to complete a survey regarding their post-infection behaviour and their cybersecurity habits. The study concluded that ransomware's user interface elements do not have a notable effect on how victims would react, in terms of their willingness to pay or their reporting rates. Additionally findings included that, even though 60% of the participants would like to report a ransomware incident, they were not sure how to do this. This illustrates the lack of public awareness about cybercrime reporting. Lack of trust was the main reason why participants did not want to click on links offering cybersecurity advice after the exposure. This shows that more effective methods for encouraging cybersecurity behaviour are still needed.

Item Type: Article
DOI/Identification number: 10.1016/j.jisa.2021.102934
Projects: EconoMical, PsycHologicAl and Societal Impactof RanSomware (EMPHASIS)
Uncontrolled keywords: cybersecurity, ransomware, ransom notes, splash screens, user interface, behavioural experiment
Subjects: Q Science > QA Mathematics (inc Computing science)
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Funders: Engineering and Physical Sciences Research Council (
Depositing User: Budi Arief
Date Deposited: 13 Dec 2021 18:09 UTC
Last Modified: 27 Jul 2022 23:00 UTC
Resource URI: (The current URI for this page, for reference purposes)
Arief, Budi:
Hernandez-Castro, Julio C.:
  • Depositors only (login required):


Downloads per month over past year