‘Your Data is Stolen and Encrypted’: The Ransomware Victim Experience

pdf
Read Full Report(PDF 2MB)
3-D image of vulnerable computer systems being hacked and network ransomware on digital cybercrime background and skull and crossbones

James Thew / Alamy Stock Photo


This paper aims to understand the wide range of harm caused by ransomware attacks to individuals, organisations and society at large.

More individuals and organisations in the UK and globally are becoming victims of ransomware. However, little is known about their experiences. This paper sheds light on the victim experience and identifies several key factors that typically shape such experiences. These factors are context specific and can either improve or worsen the victim experience. They include the following:

  • Timing of an incident, which may happen after a victim has increased their cyber security measures or at an already stressful time for an organisation, such as the beginning of a school year.
     
  • Level of preparation in the form of strong cyber security measures and contingency plans explicitly tailored to respond to a cyber incident.
     
  • Human factors, such as the workplace environment and pre-existing dynamics which are often reinforced during an incident. Good levels of unity can bring staff together during a moment of crisis, but a lack of leadership or a blame culture are likely to aggravate the harm experienced during the incident.
     
  • Engagement with third-party service providers, such as those providing technical incident response or legal services, can alleviate the negative aspects of the victim experience by providing critical legal, technical or other help. However, they may aggravate the harm by providing poor services or losing valuable time in responding to the incident.
     
  • A successful communications campaign is highly context- and victim-specific. It must include external and internal communications with staff members not part of the immediate response to ensure a good workplace culture.

For support, many victims turn to public sector institutions such as law enforcement. Expectations for technical support and expertise from law enforcement are generally low, but victims feel especially unsupported where phone calls are not returned and there is no engagement or feedback loop. The National Cyber Security Centre enjoys a better reputation. However, there is widespread uncertainty about its role and the thresholds that must be met for it to provide support. This poses a reputational risk.

Understanding how ransomware attacks are personally felt by victims and what factors aggravate or alleviate the harm they experience is key for policymakers seeking to implement measures to minimise harm as much as possible.


WRITTEN BY

Dr Pia Hüsch

Research Fellow

Cyber

View profile

Dr Gareth Mott

Research Fellow

Cyber

View profile

Jamie MacColl

Research Fellow

Cyber

View profile

Dr Jason R. C. Nurse

Associate Fellow; Associate Professor in Cyber Security, University of Kent

View profile

James Sullivan

Director, Cyber Research

Cyber

View profile

Sarah Turner

View profile

Nandita Pattnaik

Expert on the security dynamics of a connected home environment.

View profile


Footnotes


Explore our related content