Report
Victim decision-making during ransomware attacks
Publisher
Decision making
Cyber-crime
Financial crime
Victims of crimes
Malware
Australia
Description
Ransomware is a highly destructive and pervasive threat that involves the use of malware to encrypt data or systems and extort victims. This study uses data from online moderated interviews with 33 ransomware victims to examine victim decision making during a ransomware attack. The sample for this study was drawn from a larger survey of online Australians about their experiences of cybercrime.
The study finds that support and resources – to help victims assess the risks associated with a ransomware attack and to restore their data and devices – must be readily accessible when ransomware attacks occur.
Key findings
- While ransomware attacks could be a fear-inducing and stressful experience, victims logically assessed the threat and weighed up their responses. Victims commonly found practical ways to restore their data and systems, often with advice and support from trusted sources.
- Victims rarely tried to negotiate with offenders. The vast majority of victims decided against paying the ransom because they distrusted the offenders.
- Victims are capable of rational decision making following ransomware attacks even during periods of heightened stress and emotion.
Publication Details
Peer Reviewed:
Yes
Copyright:
Australian Institute of Criminology 2026
License type:
CC BY
Access Rights Type:
open
Post date:
9 Jul 2026
