REACTIONS TO RANSOMWARE VARIANTS AMONG INTERNET USERS: MEASURING PAYMENT EVOCATION

Ransomware, a form of malicious software, takes users’ files hostage via encryption and demands payment for their return. Since its inception, ransomware has branched into many different variants, some of which threaten users with scare tactics in order to evoke payment. For this study, four variants of ransomware were examined by presenting vignettes via an anonymous online survey. No actual malware was installed on any devices throughout this study. Their emotional responses were captured as well as their level of familiarity with information security. Responses to the survey after the simulated ransomware vignette were recorded to gauge how users would react to a ransomware attack. Data was analyzed to discover which types of ransomware evoked payment as well as if information security knowledge also had an effect on likelihood to pay. This data is intended to be used to develop better prevention methods and messaging, with an emphasis on promoting training on malware avoidance. The study found most individuals did not choose to pay, and this could be attributed to a distrust of the ransomware threat. Self-reported information security behavior appeared to decrease payment evocation, however, peer information security experience and prior exposure to malware appeared to increase payment evocation.