2016 Challenge Problem “Modeling Consequences of Ransomware on Critical Infrastructures”


In recent years cybersecurity experts have been reporting that the number of adversaries in cyberspace continues to grow and to become more sophisticated in their practices stating crimeware is taking on more Advanced Persistent Threat (APT) like characteristics. The Institute for Critical Infrastructure Technology (ICIT) just issued a stark warning that 2016 would be the year ransomware holds America hostage.

A successful ransomware attack, unlike other crimeware, creates disruptive effects on victim systems and an associated attack on critical infrastructure has the potential to greatly increase the risk of unintended and possibly catastrophic consequences. The availability of both ransomware and now ransomware as a service means the skill level for entry is low and will likely increase the chance of a significant disruptive event occurring. Also, because of the disruptive effects that this type of attack produces, it should not be ignored that a nation state actor could use this kind of crimeware to mask an information warfare purpose while providing them with some level of deniability.  

This year’s challenge problem seeks modeling approaches that provide insight into the potential consequences that can result from crimeware, specifically ransomware, attacks on critical infrastructure. Additionally, last year’s challenge problem, “Novel Approaches to Avoid Misattribution of Malicious Cyber Activity,” sought techniques to identify non-obvious features of malicious activity that could be used to distinguish threat actors who employ very similar Techniques, Tactics, and Procedures (TTP). Building on that idea, this year’s challenge problem also seeks novel techniques that could reveal a nation-state actor trying to use ransomware or other crimeware to instigate an attack on US critical infrastructure.

Researchers can choose any critical infrastructure as a use case or focus for models/model approaches.

  1. Are there modeling approaches (new or existing) for gaining insight into the consequences of ransomware attacks on critical infrastructure?
    1. Could these be used to inform a risk framework?
    2. Could these produce mitigation strategies?
  2. What novel methods/techniques or behavioral analytics exist to attribute attacks?
    1. How would you apply these specifically to Advanced Persistent Threats or terrorists?
    2. Could these reveal possible nation-state instigation?
    3. How would these minimize the possibility of misattribution?
  3. Is there any other emerging crimeware that could cause significant disruptive events or other unintended consequences?
  4. Are there any geo-political or socio-economic dependencies that might reveal the perpetrator's true identity?
  5. What is a strategy to reduce the utility of crimeware, specifically ransomware on the critical infrastructure? 
  6. Which critical infrastructures are most at risk from a ransomware attack?


The ICIT Ransomware Report: 2016 Will Be the Year Ransomware Holds America Hostage
Authors: James Scott (ICIT) and Drew Spaniel (CMU)
2016 is the year ransomware will wreak havoc on America’s critical infrastructure community. The resurgence of these attacks is driven by a growing attack surface comprised of internet enabled devices and a keen understanding by Advanced Persistent Threat groups that ransomware is under-combated and highly profitable. The “ICIT Ransomware Report: 2016 Will Be the Year Ransomware Holds America Hostage” is a comprehensive analysis of ransomware threats and mitigation strategies