Related papers: zkRansomware: Proof-of-Data Recoverability and Multi-round Game Theoretic Modeling of Ransomware Decisions

zkRansomware: Proof-of-Data Recoverability and Multi-round Game Theoretic Modeling of Ransomware Decisions

URL: http://arxiv.org/abs/2601.06667v1
Date: Sat, 10 Jan 2026 20:00:31 GMT
Title: zkRansomware: Proof-of-Data Recoverability and Multi-round Game Theoretic Modeling of Ransomware Decisions
Authors: Xinyu Hou, Yang Lu, Rabimba Karanjai, Lei Xu, Weidong Shi,
Abstract summary: We introduce and analyze zkRansomware.<n>This new ransomware model integrates zero-knowledge proofs to enable verifiable data recovery.<n>We show that zkRansomware is technically feasible using existing cryptographic and blockchain tools.
Score: 10.732091797893903
License: http://creativecommons.org/licenses/by-nc-nd/4.0/
Abstract: Ransomware is still one of the most serious cybersecurity threats. Victims often pay but fail to regain access to their data, while also facing the danger of losing data privacy. These uncertainties heavily shape the attacker-victim dynamics in decision-making. In this paper, we introduce and analyze zkRansomware. This new ransomware model integrates zero-knowledge proofs to enable verifiable data recovery and uses smart contracts to enforce multi-round payments while mitigating the risk of data disclosure and privacy loss. We show that zkRansomware is technically feasible using existing cryptographic and blockchain tools and, perhaps counterintuitively, can align incentives between the attacker and the victim. Finally, we develop a theoretical decision-making frame- work for zkRansomware that distinguishes it from known ransomware decision models and discusses its implications for ransomware risk anal- ysis and response decision support.

Related papers

To Think or Not to Think: Exploring the Unthinking Vulnerability in Large Reasoning Models [56.19026073319406]
Large Reasoning Models (LRMs) are designed to solve complex tasks by generating explicit reasoning traces before producing final answers.<n>We reveal a critical vulnerability in LRMs -- termed Unthinking -- wherein the thinking process can be bypassed by manipulating special tokens.<n>In this paper, we investigate this vulnerability from both malicious and beneficial perspectives.
arXiv Detail & Related papers (2025-02-16T10:45:56Z)
Assessing and Prioritizing Ransomware Risk Based on Historical Victim Data [0.0]
We present an approach to identifying which ransomware adversaries are most likely to target specific entities.<n>Ransomware poses a formidable cybersecurity threat characterized by profit-driven motives, a complex underlying economy supporting criminal syndicates, and the overt nature of its attacks.
arXiv Detail & Related papers (2025-02-06T15:57:56Z)
Ransomware IR Model: Proactive Threat Intelligence-Based Incident Response Strategy [0.0]
There is no clear and proven published incident response strategy to satisfy different business priorities and objectives under ransomware attack in detail.<n>In this paper, we quote one of our representative front-line ransomware incident response experiences for Company X.
arXiv Detail & Related papers (2025-02-03T10:25:26Z)
Understanding crypter-as-a-service in a popular underground marketplace [51.328567400947435]
Crypters are pieces of software whose main goal is to transform a target binary so it can avoid detection from Anti Viruses (AVs) applications. The crypter-as-a-service model has gained popularity, in response to the increased sophistication of detection mechanisms. This paper provides the first study on an online underground market dedicated to crypter-as-a-service.
arXiv Detail & Related papers (2024-05-20T08:35:39Z)
Detection of ransomware attacks using federated learning based on the CNN model [3.183529890105507]
This paper offers a ransomware attack modeling technique that targets the disrupted operation of a digital substation. Experiments demonstrate that the suggested technique detects ransomware with a high accuracy rate.
arXiv Detail & Related papers (2024-05-01T09:57:34Z)
Ransomware Detection Dynamics: Insights and Implications [0.0]
This research investigates the utilization of a feature selection algorithm for distinguishing ransomware-related and benign transactions in Bitcoin (BTC) and United States Dollar (USD) We propose a set of novel features designed to capture the distinct characteristics of ransomware activity within the cryptocurrency ecosystem. Through rigorous experimentation and evaluation, we demonstrate the effectiveness of our feature set in accurately extracting BTC and USD transactions.
arXiv Detail & Related papers (2024-02-07T05:36:06Z)
DRSM: De-Randomized Smoothing on Malware Classifier Providing Certified Robustness [58.23214712926585]
We develop a certified defense, DRSM (De-Randomized Smoothed MalConv), by redesigning the de-randomized smoothing technique for the domain of malware detection. Specifically, we propose a window ablation scheme to provably limit the impact of adversarial bytes while maximally preserving local structures of the executables. We are the first to offer certified robustness in the realm of static detection of malware executables.
arXiv Detail & Related papers (2023-03-20T17:25:22Z)
MOVE: Effective and Harmless Ownership Verification via Embedded External Features [104.97541464349581]
We propose an effective and harmless model ownership verification (MOVE) to defend against different types of model stealing simultaneously.<n>We conduct the ownership verification by verifying whether a suspicious model contains the knowledge of defender-specified external features.<n>We then train a meta-classifier to determine whether a model is stolen from the victim.
arXiv Detail & Related papers (2022-08-04T02:22:29Z)
Winning the Ransomware Lottery: A Game-Theoretic Model for Mitigating Ransomware Attacks [0.0]
We construct an expected value model based on data from actual ransomware attacks. We present mitigations to encourage an environment that is hostile to ransomware operators.
arXiv Detail & Related papers (2021-07-30T12:29:34Z)
Being Single Has Benefits. Instance Poisoning to Deceive Malware Classifiers [47.828297621738265]
We show how an attacker can launch a sophisticated and efficient poisoning attack targeting the dataset used to train a malware classifier. As opposed to other poisoning attacks in the malware detection domain, our attack does not focus on malware families but rather on specific malware instances that contain an implanted trigger. We propose a comprehensive detection approach that could serve as a future sophisticated defense against this newly discovered severe threat.
arXiv Detail & Related papers (2020-10-30T15:27:44Z)
Backdoor Attack against Speaker Verification [86.43395230456339]
We show that it is possible to inject the hidden backdoor for infecting speaker verification models by poisoning the training data. We also demonstrate that existing backdoor attacks cannot be directly adopted in attacking speaker verification.
arXiv Detail & Related papers (2020-10-22T11:10:08Z)

This list is automatically generated from the titles and abstracts of the papers in this site.