{"id":"https://openalex.org/W4379528878","doi":"https://doi.org/10.1109/ecrime57793.2022.10142138","title":"Ransomware: How attacker\u2019s effort, victim characteristics and context influence ransom requested, payment and financial loss","display_name":"Ransomware: How attacker\u2019s effort, victim characteristics and context influence ransom requested, payment and financial loss","publication_year":2022,"publication_date":"2022-11-30","ids":{"openalex":"https://openalex.org/W4379528878","doi":"https://doi.org/10.1109/ecrime57793.2022.10142138"},"language":"en","primary_location":{"id":"doi:10.1109/ecrime57793.2022.10142138","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ecrime57793.2022.10142138","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 APWG Symposium on Electronic Crime Research (eCrime)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://research.utwente.nl/en/publications/c80836be-d7ff-42b2-9ba0-bdc5977a3532","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5046498394","display_name":"Tom Meurs","orcid":"https://orcid.org/0000-0003-0963-5232"},"institutions":[{"id":"https://openalex.org/I94624287","display_name":"University of Twente","ror":"https://ror.org/006hf6230","country_code":"NL","type":"education","lineage":["https://openalex.org/I94624287"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Tom Meurs","raw_affiliation_strings":["University of Twente,IEBIS,Enschede,Netherlands","IEBIS, University of Twente, Enschede, Netherlands"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Twente,IEBIS,Enschede,Netherlands","institution_ids":["https://openalex.org/I94624287"]},{"raw_affiliation_string":"IEBIS, University of Twente, Enschede, Netherlands","institution_ids":["https://openalex.org/I94624287"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5086905649","display_name":"Marianne Junger","orcid":"https://orcid.org/0000-0002-9515-9860"},"institutions":[{"id":"https://openalex.org/I94624287","display_name":"University of Twente","ror":"https://ror.org/006hf6230","country_code":"NL","type":"education","lineage":["https://openalex.org/I94624287"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Marianne Junger","raw_affiliation_strings":["University of Twente,IEBIS,Enschede,Netherlands","IEBIS, University of Twente, Enschede, Netherlands"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Twente,IEBIS,Enschede,Netherlands","institution_ids":["https://openalex.org/I94624287"]},{"raw_affiliation_string":"IEBIS, University of Twente, Enschede, Netherlands","institution_ids":["https://openalex.org/I94624287"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5039255435","display_name":"Erik Tews","orcid":null},"institutions":[{"id":"https://openalex.org/I94624287","display_name":"University of Twente","ror":"https://ror.org/006hf6230","country_code":"NL","type":"education","lineage":["https://openalex.org/I94624287"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Erik Tews","raw_affiliation_strings":["University of Twente,EEMCS,Enschede,Netherlands","EEMCS, University of Twente, Enschede, Netherlands"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Twente,EEMCS,Enschede,Netherlands","institution_ids":["https://openalex.org/I94624287"]},{"raw_affiliation_string":"EEMCS, University of Twente, Enschede, Netherlands","institution_ids":["https://openalex.org/I94624287"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5053272015","display_name":"Abhishta Abhishta","orcid":"https://orcid.org/0000-0001-7122-3103"},"institutions":[{"id":"https://openalex.org/I94624287","display_name":"University of Twente","ror":"https://ror.org/006hf6230","country_code":"NL","type":"education","lineage":["https://openalex.org/I94624287"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Abhishta Abhishta","raw_affiliation_strings":["University of Twente,IEBIS,Enschede,Netherlands","IEBIS, University of Twente, Enschede, Netherlands"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Twente,IEBIS,Enschede,Netherlands","institution_ids":["https://openalex.org/I94624287"]},{"raw_affiliation_string":"IEBIS, University of Twente, Enschede, Netherlands","institution_ids":["https://openalex.org/I94624287"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":5.0986,"has_fulltext":true,"cited_by_count":17,"citation_normalized_percentile":{"value":0.95818758,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":95,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"13"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12519","display_name":"Cybercrime and Law Enforcement Studies","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12519","display_name":"Cybercrime and Law Enforcement Studies","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9980999827384949,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9939000010490417,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/ransom","display_name":"Ransom","score":0.9762014150619507},{"id":"https://openalex.org/keywords/ransomware","display_name":"Ransomware","score":0.8563797473907471},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.7423186302185059},{"id":"https://openalex.org/keywords/payment","display_name":"Payment","score":0.6753532290458679},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5535250902175903},{"id":"https://openalex.org/keywords/empirical-research","display_name":"Empirical research","score":0.47440004348754883},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.44208860397338867},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.33098289370536804},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.3089962303638458},{"id":"https://openalex.org/keywords/finance","display_name":"Finance","score":0.2747485637664795},{"id":"https://openalex.org/keywords/law","display_name":"Law","score":0.160169780254364}],"concepts":[{"id":"https://openalex.org/C2781426709","wikidata":"https://www.wikidata.org/wiki/Q1414572","display_name":"Ransom","level":2,"score":0.9762014150619507},{"id":"https://openalex.org/C2777667771","wikidata":"https://www.wikidata.org/wiki/Q926331","display_name":"Ransomware","level":3,"score":0.8563797473907471},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.7423186302185059},{"id":"https://openalex.org/C145097563","wikidata":"https://www.wikidata.org/wiki/Q1148747","display_name":"Payment","level":2,"score":0.6753532290458679},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5535250902175903},{"id":"https://openalex.org/C120936955","wikidata":"https://www.wikidata.org/wiki/Q2155640","display_name":"Empirical research","level":2,"score":0.47440004348754883},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.44208860397338867},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.33098289370536804},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.3089962303638458},{"id":"https://openalex.org/C10138342","wikidata":"https://www.wikidata.org/wiki/Q43015","display_name":"Finance","level":1,"score":0.2747485637664795},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.160169780254364},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C111472728","wikidata":"https://www.wikidata.org/wiki/Q9471","display_name":"Epistemology","level":1,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/ecrime57793.2022.10142138","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ecrime57793.2022.10142138","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 APWG Symposium on Electronic Crime Research (eCrime)","raw_type":"proceedings-article"},{"id":"pmh:oai:ris.utwente.nl:openaire/c80836be-d7ff-42b2-9ba0-bdc5977a3532","is_oa":true,"landing_page_url":"https://research.utwente.nl/en/publications/c80836be-d7ff-42b2-9ba0-bdc5977a3532","pdf_url":null,"source":{"id":"https://openalex.org/S4406922991","display_name":"University of Twente Research Information","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Meurs, T, Junger, M, Tews, E & Abhishta, A 2022, Ransomware: How attacker's effort, victim characteristics and context influence ransom requested, payment and financial loss. in Symposium on Electronic Crime Research, eCrime 2022. Symposium on Electronic Crime Research, eCrime 2022, Virtual Event, 30/11/22. https://doi.org/10.1109/eCrime57793.2022.10142138","raw_type":"info:eu-repo/semantics/publishedVersion"}],"best_oa_location":{"id":"pmh:oai:ris.utwente.nl:openaire/c80836be-d7ff-42b2-9ba0-bdc5977a3532","is_oa":true,"landing_page_url":"https://research.utwente.nl/en/publications/c80836be-d7ff-42b2-9ba0-bdc5977a3532","pdf_url":null,"source":{"id":"https://openalex.org/S4406922991","display_name":"University of Twente Research Information","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Meurs, T, Junger, M, Tews, E & Abhishta, A 2022, Ransomware: How attacker's effort, victim characteristics and context influence ransom requested, payment and financial loss. in Symposium on Electronic Crime Research, eCrime 2022. Symposium on Electronic Crime Research, eCrime 2022, Virtual Event, 30/11/22. https://doi.org/10.1109/eCrime57793.2022.10142138","raw_type":"info:eu-repo/semantics/publishedVersion"},"sustainable_development_goals":[{"score":0.7400000095367432,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":55,"referenced_works":["https://openalex.org/W35999428","https://openalex.org/W187481611","https://openalex.org/W1412796528","https://openalex.org/W1946723328","https://openalex.org/W1984487609","https://openalex.org/W2007118926","https://openalex.org/W2014703957","https://openalex.org/W2027568888","https://openalex.org/W2089515120","https://openalex.org/W2115098571","https://openalex.org/W2159509436","https://openalex.org/W2160455158","https://openalex.org/W2184786010","https://openalex.org/W2282632211","https://openalex.org/W2465068630","https://openalex.org/W2487623472","https://openalex.org/W2569711455","https://openalex.org/W2731092512","https://openalex.org/W2765987819","https://openalex.org/W2794784953","https://openalex.org/W2804510032","https://openalex.org/W2904799080","https://openalex.org/W2909622566","https://openalex.org/W2935943450","https://openalex.org/W2948913639","https://openalex.org/W2977489474","https://openalex.org/W2994735179","https://openalex.org/W3007360442","https://openalex.org/W3009452534","https://openalex.org/W3009492331","https://openalex.org/W3032258369","https://openalex.org/W3033596318","https://openalex.org/W3094233237","https://openalex.org/W3114189379","https://openalex.org/W3118621797","https://openalex.org/W3132588576","https://openalex.org/W3137482588","https://openalex.org/W3153302004","https://openalex.org/W3178261856","https://openalex.org/W3203444100","https://openalex.org/W3214926740","https://openalex.org/W4200420517","https://openalex.org/W4210285013","https://openalex.org/W4224077233","https://openalex.org/W4244843651","https://openalex.org/W4281476659","https://openalex.org/W4283732139","https://openalex.org/W4385247756","https://openalex.org/W6683638147","https://openalex.org/W6760934564","https://openalex.org/W6769035812","https://openalex.org/W6790774122","https://openalex.org/W6805780208","https://openalex.org/W6810219937","https://openalex.org/W6838436850"],"related_works":["https://openalex.org/W4237045072","https://openalex.org/W4386388924","https://openalex.org/W2614042168","https://openalex.org/W2778994855","https://openalex.org/W2913313394","https://openalex.org/W4285276936","https://openalex.org/W4281476659","https://openalex.org/W4250052582","https://openalex.org/W4213358345","https://openalex.org/W4206259164"],"abstract_inverted_index":{"In":[0],"recent":[1],"years,":[2],"ransomware":[3,44,64,76],"attacks":[4],"have":[5,38],"led":[6],"to":[7,15,23,49,84,137,162,204,210,212,235],"disastrous":[8],"consequences":[9],"for":[10,55,228],"victims,":[11],"not":[12,116],"just":[13],"due":[14,22,203],"the":[16,24,40,51,81,85,105,118,126,163,178,184,189,194,198,201,213,226],"payment":[17],"ransom":[18,119,164],"amount":[19],"but":[20,124],"also":[21,125,175],"recovery":[25],"costs":[26],"associated":[27],"with":[28],"these":[29],"attacks.":[30,45],"So":[31],"far":[32],"only":[33,117],"a":[34,63,71],"few":[35],"empirical":[36,231],"studies":[37,232],"analysed":[39],"financial":[41,53,58,127,169],"impact":[42],"of":[43,60,96,107,180,186,193,200,207,238],"This":[46],"study":[47,196],"aims":[48],"understand":[50],"expected":[52],"gains":[54],"attackers":[56,167],"and":[57,90,99,112,139,154,168,223,233,240],"losses":[59,128,170],"victims":[61,187,208],"after":[62],"attack.":[65],"To":[66],"do":[67],"so,":[68],"we":[69,102,218],"build":[70],"dataset":[72],"based":[73],"on":[74],"453":[75],"attack":[77],"investigation":[78],"reports":[79],"in":[80],"Netherlands":[82],"reported":[83,129,171],"Dutch":[86],"Police":[87],"between":[88],"2019":[89],"2022.":[91],"Using":[92],"rational":[93],"choice":[94],"model":[95],"crime":[97,100],"(RCM)":[98],"scripting":[101],"hypothesise":[103],"that":[104,146,177,220],"effort":[106],"an":[108,122],"attacker,":[109],"victim":[110,155,241],"characteristics":[111,156],"context":[113],"variables":[114],"influence":[115],"requested":[120,165],"by":[121,130,166,172],"attacker":[123,239],"victims.":[131,173],"We":[132,174],"use":[133],"generalised":[134],"linear":[135],"models":[136],"evaluate":[138],"quantify":[140],"this":[141,216],"influence.":[142],"Our":[143],"results":[144,202,224],"show":[145,176],"attacker\u2019s":[147],"efforts":[148],"such":[149,157],"as":[150,158],"using":[151],"Ransomware-as-a-Service":[152],"(RaaS)":[153],"industry":[159],"sector,":[160],"contribute":[161],"availability":[179],"recoverable":[181],"backups":[182],"explains":[183],"likelihood":[185],"paying":[188],"ransom.":[190],"A":[191],"limitation":[192],"present":[195],"is":[197],"interpretation":[199],"selection":[205],"bias":[206],"willing":[209],"report":[211],"police.":[214],"Despite":[215],"limitation,":[217],"argue":[219],"our":[221,236],"methodology":[222],"lay":[225],"groundwork":[227],"future":[229],"large-scale":[230],"add":[234],"understanding":[237],"behaviour.":[242]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":7},{"year":2024,"cited_by_count":5},{"year":2023,"cited_by_count":4}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}