Search
Browse By Day
Browse By Time
Browse By Person
Browse By Mini-Conference
Browse By Division
Browse By Session or Event Type
Browse Sessions by Fields of Interest
Browse Papers by Fields of Interest
Search Tips
Conference
Location
About APSA
Personal Schedule
Change Preferences / Time Zone
Sign In
X (Twitter)
Why do states sponsor ransomware gangs? Conventional explanations by scholars of International Relations suggest that ransomware generates cash for governments and signals resolve. However, for most states sponsoring ransomware, the monetary payoffs are minimal, the potential for international backlash is significant, and the ability to effectively signal capabilities is questionable. Moreover, ransomware attacks, being revelatory in nature, prompt victims to strengthen their defenses against future attacks, thereby hindering the sponsoring states’ efforts in collecting bargaining-relevant intelligence. This paper presents a game theoretic model of an attacker and defender within a unidirectional supply chain network. The model posits that defenders are unable to distinguish between successfully hacked nodes and those spared from attack, leading to a routine over-defense of already secure nodes. This aspect incentivizes the attacker to target less critical nodes with ransomware – serving as both decoys and cartographers – while clandestinely collecting intelligence on more pivotal nodes. The paper explores this model through case studies of Chinese cyber espionage and ransomware campaigns, including a technical analysis of the methods employed. These studies lend credence to the "Theory of Firm Intelligence Value", demonstrating how firms possess varying levels of intelligence significance and why they might have been selected to begin with.