The Ransomware Pricing Paradox: An Empirical Study of the Six Stages of Ransomware Negotiations
Tom Meurs,
Anna Cartwright,
Edward Cartwright,
Harold Houba and
Daniel Woods
Additional contact information
Tom Meurs: Dutch Police
Anna Cartwright: Independent researcher
Edward Cartwright: De Montfort University
Harold Houba: Vrije Universiteit Amsterdam and Tinbergen Institute
Daniel Woods: University of Edinburgh
No 25-052/VII, Tinbergen Institute Discussion Papers from Tinbergen Institute
Abstract:
Ransomware has become the most common cyber risk for businesses. The rise is not driven by attackers using innovative attacks, but instead by deteriorating negotiation outcomes. The average payment grew by almost 20,000% since 2018. However, it remains unclear why attackers can demand ever higher ransoms. Our study explores potential explanations: lack of backups, cyber insurance, access to incident response (IR) firms, data exfiltration, and negotiating style. We model negotiation as a six-stage model: attacker intent, victim engagement, discount offer, discount magnitude, payment decision, and re-extortion. We test hypothetical explanations for ransom outcomes using two datasets: (1) 481 police-reported incidents (2019–2023); and (2) 237 negotiation transcripts from 23 ransomware groups.
JEL-codes: C7 D22 D9 (search for similar items in EconPapers)
Date: 2025-10-14
References: Add references at CitEc
Citations:
Downloads: (external link)
https://papers.tinbergen.nl/25052.pdf (application/pdf)
Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.
Export reference: BibTeX
RIS (EndNote, ProCite, RefMan)
HTML/Text
Persistent link: https://EconPapers.repec.org/RePEc:tin:wpaper:20250052
Access Statistics for this paper
More papers in Tinbergen Institute Discussion Papers from Tinbergen Institute Contact information at EDIRC.
Bibliographic data for series maintained by Tinbergen Office +31 (0)10-4088900 ().