The Individual Victims of Ransomware Attacks: An Exploratory Study


Dylan Reynolds, Cape Breton University

Ransomware encrypts a victim’s devices, files, or networks so that the victim can no longer access them. Ransomware attacks involve perpetrators deploying ransomware, then demanding money in exchange for the return of data, and sometimes threatening to release data publicly. Although these attacks usually target major institutions (e.g., companies, hospitals, and universities), the data accessed are often people’s personal information. Breaches of personal information routinely impact Canadians in numerous ways and ransomware attacks are expected to produce especially varied consequences given offenders frequently target and leverage sensitive information. To date, no research has systematically examined the effects of ransomware attacks on the general population. This presentation will draw from a unique survey of Canadian adults currently being administered through CloudResearch’s Prime Panels (expected n = 2000). Prime Panels draws from a large, aggregated pool of other market research platforms’ existing participant pools. This survey begins by asking respondents if, to their knowledge, they have ever had their information targeted or seized in a ransomware attack. Participants who respond ‘yes’ are asked a series of questions about the nature of the incident, how the incident impacted them, and their knowledge and perception of the institution’s response. Respondents who indicate that they have not been impacted by ransomware attacks are presented with vignettes about different ransomware scenarios. These participants are asked to identify their level of distress in each scenario and are asked about their general knowledge of ransomware attacks in Canada. Due to the dearth of research on the social consequences of ransomware attacks, this survey includes several open-ended questions that tap into respondents’ perceptions of ransomware in Canada, which may reveal interesting lines of inquiry. The survey is estimated to take respondents an average of 20 minutes to complete. Respondents are currently completing the survey, and it is expected to be closed by the end of February 2024. Despite using a non-random sample of Canadians, this survey will provide the most comprehensive assessment of how ransomware attacks against institutions impact Canadians. Depending on the results of the survey and open-ended responses, I expect the presentation to discuss some of the following three themes. First, the presentation is likely to discuss the impact of ransomware attacks on Canadians, including reporting on financial, emotional, or other harms experienced. With no real prevalence estimates available, it is difficult to estimate how many respondents will report having been impacted by ransomware attacks, but this presentation may be able to explore trends in consequences based on the type of institution attacked (e.g., school, corporation, hospital, etc.) or based on individuals’ relationships to the institution (e.g., employee, client, customer, etc.). Second, this presentation can report on Canadians’ general knowledge and perceptions of ransomware attacks. This survey allows respondents to report if they are unsure whether they have been impacted by ransomware attacks and includes questions about ransomware attacks that participants are aware of, even if they did not impact them. Third, this presentation can report on Canadians’ perceptions of institutions’ responses following ransomware attacks. The survey asks respondents, both those who have and have not been impacted by ransomware, whether they believe institutions should pay attackers or deny ransom demands. Overall, the anticipated findings of this research are likely to provide a clearer understanding of how Canadians understand and are impacted by ransomware attacks, which could inform future research and policy.

This paper will be presented at the following session: