EconoMical, PsycHologicAl and Societal Impact of RanSomware (EMPHASIS)

Lead Research Organisation: City, University of London
Department Name: Sch of Engineering and Mathematical Sci


The project considers the economical, psychological and social effects of ransomware.

Ransomware is a particular type of malware, and a new crime of extortion committed online. Malicious software gets installed through a phishing email or a drive-by download on a website. When it runs, it performs an action such as the encryption of the user's files, and asks a ransom for this action to be undone. The victim is coerced into paying through psychological manipulations which sometimes masquerade as advice. Due to the subtle ways that the technological aspects of the crime blend with - and are exploited through - various human dimensions, it has profound economic, psychological and societal impacts upon its victims, which makes its eradication all the more complicated. Law Enforcement Agencies have estimated that losses to criminals using ransomware are many millions of pounds, but the true costs may never be known because victims have shown to be particularly reluctant to report.

This project sets out to answer the following questions:
Why is ransomware so effective as a crime and why are so many people falling victim to it?
Who is carrying out ransomware attacks?
How can police agencies be assisted?
What interventions are required to mitigate the impacts of ransomware?

In order to do so, the project gathers data from Law Enforcement Agencies (which have agreed to closely collaborate with the project), through surveys of the general public and SMEs, and through interviews with stakeholders. The data will be analysed using script analysis, behavioural analysis, and other profiling techniques, leading to narratives regarding the criminals, the victims, and the typical ransomware scenario. Economical and behavioural models of ransomware will then be constructed and used to improve ransomware mitigation and advice, as well as support for law enforcement.


10 25 50
Description Current ransomware is imperfect from technological, economical, and psychological points of view. Malware infection methods may still be the best place to disrupt attacks. Evidence that ransomware is used by large scale organised crime is still thin on the ground. Ransomware perpetrators other than "script kiddies" are hard to identify other than by intelligence services.
Exploitation Route Too early to say.
Sectors Digital/Communication/Information Technologies (including Software),Healthcare,Government, Democracy and Justice

Description Ideas from the EMPHASIS project have fed into discussions about information security management and cyber crime, via presentations and public engagement publications.
First Year Of Impact 2017
Sector Digital/Communication/Information Technologies (including Software),Government, Democracy and Justice
Impact Types Societal,Economic,Policy & public services

Description No More Ransom 
Organisation No More Ransom
Sector Charity/Non Profit 
PI Contribution We are advertising No More Ransom on our project website and promote No More Ransom to the general public.
Collaborator Contribution No More Ransom is an organisation that provides decryption keys for many specimens of ransomware. The decryption keys allow ransomware victims to recover their files after a ransomware attack. No More Ransom lists our project as a partner on their website, which promotes awareness of our research.
Impact Outcomes: this project is listed on the No More Ransom website, and No More Ransom is listed on the EMPHASIS website.
Start Year 2018