EconoMical, PsycHologicAl and Societal Impact of RanSomware (EMPHASIS)

The project considers the economical, psychological and social effects of ransomware.

Ransomware is a particular type of malware, and a new crime of extortion committed online. Malicious software gets installed through a phishing email or a drive-by download on a website. When it runs, it performs an action such as the encryption of the user's files, and asks a ransom for this action to be undone. The victim is coerced into paying through psychological manipulations which sometimes masquerade as advice. Due to the subtle ways that the technological aspects of the crime blend with - and are exploited through - various human dimensions, it has profound economic, psychological and societal impacts upon its victims, which makes its eradication all the more complicated. Law Enforcement Agencies have estimated that losses to criminals using ransomware are many millions of pounds, but the true costs may never be known because victims have shown to be particularly reluctant to report.

This project sets out to answer the following questions:
Why is ransomware so effective as a crime and why are so many people falling victim to it?
Who is carrying out ransomware attacks?
How can police agencies be assisted?
What interventions are required to mitigate the impacts of ransomware?

In order to do so, the project gathers data from Law Enforcement Agencies (which have agreed to closely collaborate with the project), through surveys of the general public and SMEs, and through interviews with stakeholders. The data will be analysed using script analysis, behavioural analysis, and other profiling techniques, leading to narratives regarding the criminals, the victims, and the typical ransomware scenario. Economical and behavioural models of ransomware will then be constructed and used to improve ransomware mitigation and advice, as well as support for law enforcement.

We envisage our work will have a major impact on individuals and many key organisations across the UK including SMEs, Hospitals, Police Forces and Local Councils, all of which have recently been victimised by ransomware.

The results of the project will constitute a large contribution to the UK's digital economy, as they will help reduce the impact of cybercrime (particularly ransomware) and raise awareness, educate and improve the response of our citizens to cybercrime. Our activities will also educate and make best practices more readily available to SMEs and Law Enforcement Agencies. The economic implications will be measured, indirectly as a loss of profit on the part of cybercriminals. Additionally, some of the outcomes of the project will decisively help individuals and organizations to know how to respond more effectively to ransomware, and to report these cases to the authorities in larger numbers, which will contribute to more effective governmental reactions and campaigns against ransomware and other malware.

We will achieve this impact through:

- the project web page: This will link to particularly informative cases, disseminate our research results, link to sanitising tools and advisories, and publicise best practices.
Extensive documentation will be developed and made available in the webpage to describe the functioning, configuration, and defensive and cleaning strategies against the most prevalent and threatening ransomware in the UK. Similarly, detailed instructions on how to best configure different operating systems (for PCs, smartphones and tablets) to protect them against ransomware. We will also publish a comparative list of how different popular antivirus and other security software vendors fare against different ransomware.

-an Online Video Course (OVC)
We will develop an OVC of approximately 12 hours. It will describe the basics of ransomware, how it has been used in the past and can be used in the future, will present our project outputs and will include interviews with law enforcement agents, academic and forensic experts and victims. We will include best practices, security software recommendations and practical examples on how to prevent and to react to a ransomware attack. A special grant from Kent University aimed at creating new MOOC-related materials, will cover creation, recording, editing and distribution costs up to £5,000.

-Seminars
Two seminars will be held at City University to present our findings to LEA. These seminars will also include training sessions and technical exchanges.

- Public engagement activities
We will prepare a set of activities aimed to maximize the impact to the general public. Our activities are focused on three goals: (1) making science accessible to the general public, (2) increasing societal awareness and interest in the area, and (3) attracting talent towards future careers in cybersecurity.

-- Cafe Scientifique - Schools Visits - Open Days - Master Classes
We plan to run four Cafe Scientifique 90 minutes talks, covering the fundamentals of ransomware for better educating attendees about the existing risks and how to best act to minimise the chances of getting infected and how to react when it happens. We aim to do so in a way accessible to the general public, raising awareness and attracting interest towards the topics. We will modify this presentation for using it in schools' outreach, at University Open Days, and as Masterclasses offered to SMEs, e.g. following similar activities at Kent in recent years.

-- Dissemination in generalist media
We also plan to use our extensive experience in science popularisation by writing a series of three articles at TheConversation.com: a general introduction to ransomware, tools and techniques to counter it, and an overview for the general public of the project's research outcomes. We will also continue to target newspapers and web magazines for this kind of publicity.