It’s more than just money: the real-world harms from ransomware attacks

Nandita Pattnaik; Jason R.C. Nurse; Sarah Turner; Gareth Mott; Jamie MacColl; Pia Huesch; James Sullivan

doi:10.1007/978-3-031-38530-8_21

It’s more than just money: the real-world harms from ransomware attacks

Nandita Pattnaik
, Jason R.C. Nurse
, Sarah Turner
, Gareth Mott
, Jamie MacColl
, Pia Huesch
, James Sullivan

University of Kent
Royal United Services Institute

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

As cyber-attacks continue to increase in frequency and sophistication, organisations must be better prepared to face the reality of an incident. Any organisational plan that intends to be successful at managing security risks must clearly understand the harm (i.e., negative impact) and the various parties affected in the aftermath of an attack. To this end, this article conducts a novel exploration into the multitude of real-world harms that can arise from cyber-attacks, with a particular focus on ransomware incidents given their current prominence. This exploration also leads to the proposal of a new, robust methodology for modelling harms from such incidents. We draw on publicly-available case data on high-profile ransomware incidents to examine the types of harm that emerge at various stages after a ransomware attack and how harms (e.g., an offline enterprise server) may trigger other negative, potentially more substantial impacts for stakeholders (e.g., the inability for a customer to access their social welfare benefits or bank account). Prominent findings from our analysis include the identification of a notable set of social/human harms beyond the business itself (and beyond the financial payment of a ransom) and a complex web of harms that emerge after attacks regardless of the industry sector. We also observed that deciphering the full extent and sequence of harms can be a challenging undertaking because of the lack of complete data available. This paper consequently argues for more transparency on ransomware harms, as it would lead to a better understanding of the realities of these incidents to the benefit of organisations and society more generally.

Original language	English
Title of host publication	Human Aspects of Information Security and Assurance - 17th IFIP WG 11.12 International Symposium, HAISA 2023, Proceedings
Editors	Steven Furnell, Nathan Clarke
Publisher	Springer Nature Switzerland AG
Pages	261-274
Number of pages	14
ISBN (Electronic)	9783031385308
ISBN (Print)	9783031385292
DOIs	https://doi.org/10.1007/978-3-031-38530-8_21
Publication status	Published - 26 Jul 2023
Externally published	Yes
Event	17th IFIP WG 11.12 International Symposium on Human Aspects of Information Security and Assurance, HAISA 2023 - Kent, United Kingdom Duration: 4 Jul 2023 → 6 Jul 2023

Publication series

Name	IFIP Advances in Information and Communication Technology
Volume	674
ISSN (Print)	1868-4238
ISSN (Electronic)	1868-422X

Conference

Conference	17th IFIP WG 11.12 International Symposium on Human Aspects of Information Security and Assurance, HAISA 2023
Country/Territory	United Kingdom
City	Kent
Period	4/07/23 → 6/07/23

Keywords

Cyber risk
Cyber security
Data modelling
Harms
Impact assessment
Ransomware
Social and human aspects

Access to Document

10.1007/978-3-031-38530-8_21Licence: Other

Cite this

Pattnaik, N., Nurse, J. R. C., Turner, S., Mott, G., MacColl, J., Huesch, P., & Sullivan, J. (2023). It’s more than just money: the real-world harms from ransomware attacks. In S. Furnell, & N. Clarke (Eds.), Human Aspects of Information Security and Assurance - 17th IFIP WG 11.12 International Symposium, HAISA 2023, Proceedings (pp. 261-274). (IFIP Advances in Information and Communication Technology; Vol. 674). Springer Nature Switzerland AG. https://doi.org/10.1007/978-3-031-38530-8_21

Pattnaik, Nandita ; Nurse, Jason R.C. ; Turner, Sarah et al. / It’s more than just money : the real-world harms from ransomware attacks. Human Aspects of Information Security and Assurance - 17th IFIP WG 11.12 International Symposium, HAISA 2023, Proceedings. editor / Steven Furnell ; Nathan Clarke. Springer Nature Switzerland AG, 2023. pp. 261-274 (IFIP Advances in Information and Communication Technology).

@inproceedings{b1e2ff70ab864f9abc6b4428828d1bee,

title = "It{\textquoteright}s more than just money: the real-world harms from ransomware attacks",

abstract = "As cyber-attacks continue to increase in frequency and sophistication, organisations must be better prepared to face the reality of an incident. Any organisational plan that intends to be successful at managing security risks must clearly understand the harm (i.e., negative impact) and the various parties affected in the aftermath of an attack. To this end, this article conducts a novel exploration into the multitude of real-world harms that can arise from cyber-attacks, with a particular focus on ransomware incidents given their current prominence. This exploration also leads to the proposal of a new, robust methodology for modelling harms from such incidents. We draw on publicly-available case data on high-profile ransomware incidents to examine the types of harm that emerge at various stages after a ransomware attack and how harms (e.g., an offline enterprise server) may trigger other negative, potentially more substantial impacts for stakeholders (e.g., the inability for a customer to access their social welfare benefits or bank account). Prominent findings from our analysis include the identification of a notable set of social/human harms beyond the business itself (and beyond the financial payment of a ransom) and a complex web of harms that emerge after attacks regardless of the industry sector. We also observed that deciphering the full extent and sequence of harms can be a challenging undertaking because of the lack of complete data available. This paper consequently argues for more transparency on ransomware harms, as it would lead to a better understanding of the realities of these incidents to the benefit of organisations and society more generally.",

keywords = "Cyber risk, Cyber security, Data modelling, Harms, Impact assessment, Ransomware, Social and human aspects",

author = "Nandita Pattnaik and Nurse, \{Jason R.C.\} and Sarah Turner and Gareth Mott and Jamie MacColl and Pia Huesch and James Sullivan",

year = "2023",

month = jul,

day = "26",

doi = "10.1007/978-3-031-38530-8\_21",

language = "English",

isbn = "9783031385292",

series = "IFIP Advances in Information and Communication Technology",

publisher = "Springer Nature Switzerland AG",

pages = "261--274",

editor = "Steven Furnell and Nathan Clarke",

booktitle = "Human Aspects of Information Security and Assurance - 17th IFIP WG 11.12 International Symposium, HAISA 2023, Proceedings",

note = "17th IFIP WG 11.12 International Symposium on Human Aspects of Information Security and Assurance, HAISA 2023 ; Conference date: 04-07-2023 Through 06-07-2023",

}

Pattnaik, N, Nurse, JRC, Turner, S, Mott, G, MacColl, J, Huesch, P & Sullivan, J 2023, It’s more than just money: the real-world harms from ransomware attacks. in S Furnell & N Clarke (eds), Human Aspects of Information Security and Assurance - 17th IFIP WG 11.12 International Symposium, HAISA 2023, Proceedings. IFIP Advances in Information and Communication Technology, vol. 674, Springer Nature Switzerland AG, pp. 261-274, 17th IFIP WG 11.12 International Symposium on Human Aspects of Information Security and Assurance, HAISA 2023, Kent, United Kingdom, 4/07/23. https://doi.org/10.1007/978-3-031-38530-8_21

It’s more than just money: the real-world harms from ransomware attacks. / Pattnaik, Nandita; Nurse, Jason R.C.; Turner, Sarah et al.
Human Aspects of Information Security and Assurance - 17th IFIP WG 11.12 International Symposium, HAISA 2023, Proceedings. ed. / Steven Furnell; Nathan Clarke. Springer Nature Switzerland AG, 2023. p. 261-274 (IFIP Advances in Information and Communication Technology; Vol. 674).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - It’s more than just money

T2 - 17th IFIP WG 11.12 International Symposium on Human Aspects of Information Security and Assurance, HAISA 2023

AU - Pattnaik, Nandita

AU - Nurse, Jason R.C.

AU - Turner, Sarah

AU - Mott, Gareth

AU - MacColl, Jamie

AU - Huesch, Pia

AU - Sullivan, James

PY - 2023/7/26

Y1 - 2023/7/26

N2 - As cyber-attacks continue to increase in frequency and sophistication, organisations must be better prepared to face the reality of an incident. Any organisational plan that intends to be successful at managing security risks must clearly understand the harm (i.e., negative impact) and the various parties affected in the aftermath of an attack. To this end, this article conducts a novel exploration into the multitude of real-world harms that can arise from cyber-attacks, with a particular focus on ransomware incidents given their current prominence. This exploration also leads to the proposal of a new, robust methodology for modelling harms from such incidents. We draw on publicly-available case data on high-profile ransomware incidents to examine the types of harm that emerge at various stages after a ransomware attack and how harms (e.g., an offline enterprise server) may trigger other negative, potentially more substantial impacts for stakeholders (e.g., the inability for a customer to access their social welfare benefits or bank account). Prominent findings from our analysis include the identification of a notable set of social/human harms beyond the business itself (and beyond the financial payment of a ransom) and a complex web of harms that emerge after attacks regardless of the industry sector. We also observed that deciphering the full extent and sequence of harms can be a challenging undertaking because of the lack of complete data available. This paper consequently argues for more transparency on ransomware harms, as it would lead to a better understanding of the realities of these incidents to the benefit of organisations and society more generally.

AB - As cyber-attacks continue to increase in frequency and sophistication, organisations must be better prepared to face the reality of an incident. Any organisational plan that intends to be successful at managing security risks must clearly understand the harm (i.e., negative impact) and the various parties affected in the aftermath of an attack. To this end, this article conducts a novel exploration into the multitude of real-world harms that can arise from cyber-attacks, with a particular focus on ransomware incidents given their current prominence. This exploration also leads to the proposal of a new, robust methodology for modelling harms from such incidents. We draw on publicly-available case data on high-profile ransomware incidents to examine the types of harm that emerge at various stages after a ransomware attack and how harms (e.g., an offline enterprise server) may trigger other negative, potentially more substantial impacts for stakeholders (e.g., the inability for a customer to access their social welfare benefits or bank account). Prominent findings from our analysis include the identification of a notable set of social/human harms beyond the business itself (and beyond the financial payment of a ransom) and a complex web of harms that emerge after attacks regardless of the industry sector. We also observed that deciphering the full extent and sequence of harms can be a challenging undertaking because of the lack of complete data available. This paper consequently argues for more transparency on ransomware harms, as it would lead to a better understanding of the realities of these incidents to the benefit of organisations and society more generally.

KW - Cyber risk

KW - Cyber security

KW - Data modelling

KW - Harms

KW - Impact assessment

KW - Ransomware

KW - Social and human aspects

U2 - 10.1007/978-3-031-38530-8_21

DO - 10.1007/978-3-031-38530-8_21

M3 - Conference contribution

AN - SCOPUS:85172657709

SN - 9783031385292

T3 - IFIP Advances in Information and Communication Technology

SP - 261

EP - 274

BT - Human Aspects of Information Security and Assurance - 17th IFIP WG 11.12 International Symposium, HAISA 2023, Proceedings

A2 - Furnell, Steven

A2 - Clarke, Nathan

PB - Springer Nature Switzerland AG

Y2 - 4 July 2023 through 6 July 2023

ER -

Pattnaik N, Nurse JRC, Turner S, Mott G, MacColl J, Huesch P et al. It’s more than just money: the real-world harms from ransomware attacks. In Furnell S, Clarke N, editors, Human Aspects of Information Security and Assurance - 17th IFIP WG 11.12 International Symposium, HAISA 2023, Proceedings. Springer Nature Switzerland AG. 2023. p. 261-274. (IFIP Advances in Information and Communication Technology). doi: 10.1007/978-3-031-38530-8_21