Author ORCID Identifier:

https://orcid.org/0000-0001-7579-6689

Date of Graduation

5-2026

Document Type

Dissertation

Degree Name

Doctor of Philosophy in Computer Science (PhD)

Degree Level

Graduate

Department

Electrical Engineering and Computer Science

Advisor/Mentor

Thompson, Dale

Committee Member

Panda, Brajendra

Second Committee Member

Ware, Morgan

Third Committee Member

Li, Qinghua

Keywords

Cybersecurity; Game Theory; Malware; Post-Quantum Cryptography; Quantum Computing; Ransomware

Abstract

Ransomware is one of the most pervasive and dangerous threats to cybersecurity today. Attacks involving ransomware have been responsible for the disruption of critical services in many fields including healthcare, education, and government. In the current paradigm, crypto ransomware relies on asymmetric cryptography to perform its operations in a way that ensure the victim’s only chance for file recovery is by paying the attacker’s requested ransom payment. However, advancements in quantum computing threaten the asymmetric cryptography that ransomware relies on. It has been shown that, once developed, a sufficiently powerful quantum computer will have the ability to break asymmetric cryptography standards like RSA, ECC, and Diffie-Hellman. The implications that the compromising of these cryptographic standards has for both ransomware attackers and those defending against them is the focus of this work. The examination of these implications is done in several ways. The first aspect uses game theory to analyze how the introduction of quantum computers will impact the decision making of both attackers and defenders in a more abstract sense. An updated game theoretical model of ransomware attack and defense based on the current technological landscape is created. This model synthesizes assumptions from existing models while introducing new ones that make the model more accurate. An analysis is done on this pre-quantum model that demonstrates the utility of game theoretical modeling and the interesting conclusions that can be reached from it. After this, the possibility of quantum computers being able to break existing asymmetric cryptography standards is introduced into the model. The model is then reanalyzed demonstrating that ransomware attackers will be incentivized to replace existing asymmetric cryptography with the newly developed post-quantum cryptography standards. Based on this, a multifaceted examination of post-quantum cryptography is performed to determine how the adoption of this cryptography into ransomware might impact its detectability. An experimental piece of ransomware software is created that uses post-quantum cryptography and it is compared with ransomware that uses traditional asymmetric cryptography. First, basic performance metrics like memory and CPU usage are contrasted between the two. Following this, a comparison of how well malware scanners are able to detect each type of ransomware is done. Then, a proof of concept is presented that demonstrates targeting the underlying mathematical operations of post-quantum cryptography is likely the best avenue for the detection of post-quantum ransomware. Lastly, machine learning techniques are applied for detecting post-quantum ransomware. It can be seen that instruction level sampling provides data that allows models to easily distinguish post-quantum ransomware from both traditional ransomware as well as benign workloads that include the use of the same post-quantum libraries that are used by the ransomware.

Share

COinS