Combating Ransomware in Internet of Things: A Games-in-Games Approach for Cross-Layer Cyber Defense and Security Investment

The recent surge in ransomware attacks has threatened many critical infrastructures such as oil pipeline systems, hospitals, and industrial Internet of Things (IoT). Ransomware is a cryptoviral extortion attack that involves two phases: the cyber infection of the malware and the financial transaction of the ransom payment. As the ransomware attackers are financially motivated, the protection of the infrastructure networked systems requires a cross-layer risk analysis that not only examines the vulnerability of the cyber system but also consolidates the economics of ransom payment. To this end, this paper establishes a two-player multi-phase and multi-stage game framework to model cyber and economic phases of a ransomware attack. We use a zero-sum Markov game to capture the multi-stage penetration of ransomware in the lateral movement. A sequential-move game is proposed to model the ransom payment interactions at the second phase. Two games are composed to form a multi-phase and multi-stage game-in-games (MPMS-GiG) that enables a holistic risk assessment of ransomware in networks and a cross-layer design of cyber defense and investment strategies to mitigate the attack. We provide a complete equilibrium characterization of ransomware game and design interdependent optimal strategies for cyber protection and ransom payment. We use prospect theory to analyze the impact of human factors on equilibrium strategies. Finally, we use a prototypical industrial IoT network as a case study to corroborate the results.