Understanding Ransomware Through the Lens of Disaster Risk: Implications for Cybersecurity and Economic Stability
DOI:
https://doi.org/10.18485/ijdrm.2025.7.1.14Keywords:
ransomware, cybersecurity, disaster risk, digital economy, financial impact, critical infrastructure, cyber resilience, socio-economic consequences, risk governance, ransomware-as-a-service (RaaS)Abstract
Ransomware has emerged as a modern digital crisis, mirroring the widespread disruptions typically associated with natural or artificial disasters. As global economies grow increasingly interconnected through digital systems, the fallout from ransomware attacks stretches far beyond mere technical breaches. These incidents result in severe financial damage, disrupt operations, erode reputations, and contribute to broader socioeconomic instability. This study adopts a disaster risk perspective to examine the broader economic and social impact of ransomware, particularly its effects on critical infrastructure and public trust in institutions. Through a multi-case analysis of sixteen significant ransomware attacks between 2015 and 2025, the research highlights a recurring pattern: direct and indirect costs often compound, with impacts varying from ransom demands and halted services to reputational loss and sector-wide vulnerabilities. The rise of Ransomware-as-a-Service (RaaS) has also made these attacks more accessible and complex, deepening the threat landscape. The findings underscore the need to integrate cybersecurity into comprehensive disaster risk management strategies. Policymakers, institutions, and businesses must adopt a forward-looking approach—emphasising continuous risk evaluation, resilient digital infrastructure, and collaboration across sectors. To protect economies from escalating cyber threats, adaptive regulations and anticipatory defences are no longer optional—they're essential.
Downloads
References
1. Aleksandrina, M., Budiarti, D., Yu, Z., Pasha, F., & Shaw, R. (2019). Governmental Incentivization for SMEs’ Engagement in Disaster Resilience in Southeast Asia. International Journal of Disaster Risk Management, 1(1), 32-50.
2. Al-ramlawi, A., El-Mougher, M., & Al-Agha, M. (2020). The Role of Al-Shifa Medical Complex Administration in Evacuation & Sheltering Planning. International Journal of Disaster Risk Management, 2(2).
3. Andersen, E. S. (2025). How to mitigate ransomware risk through data and risk quantification. Cyber Security: A Peer-Reviewed Journal. doi:10.69554/ztgt3456
4. August, T., Dao, D., & Niculescu, M. F. (2019). Economics of ransomware attacks. Unpublished manuscript.
5. August, T., Dao, D., & Niculescu, M. F. (2022). Economics of ransomware: Risk interdependence and large-scale attacks. Management Science, 68(12), 8979–9002. https://doi.org/10.1287/mnsc.2021.4216
6. Axon, L., Erola, A., Agrafiotis, I., Uuganbayar, G., Goldsmith, M., & Creese, S. (2023). Ransomware as a Predator: Modelling the Systemic Risk to Prey. Digital Threats: Research and Practice, 4, 1-38. doi:10.1145/3579648
7. Benmalek, M. (2024). Ransomware on cyber-physical systems: Taxonomies, case studies, security gaps, and open challenges. Internet of Things and Cyber-Physical Systems. doi:10.1016/j.iotcps.2023.12.001
8. Carla S, R. G. (2019). School-community collaboration: disaster preparedness towards building resilient communities. International Journal of Disaster Risk Management, 1(2), 45-59.
9. Cashell, B., Jackson, W. D., Jickling, M., & Webel, B. (2004). The economic impact of cyber-attacks (CRS RL32331). Congressional Research Service.
10. Chen, S., Hao, M., Ding, F., Jiang, D., Dong, J., Zhang, S., Guo, Q., & Gao, C. (2023). Exploring the global geography of cybercrime and its driving forces. Humanities and Social Sciences Communications, 10, 71. doi:10.1057/s41599-023-01560-x
11. Chin, K. (2024). The impact of cybercrime on the economy. Retrieved from https://www.upguard.com/blog/the-impact-of-cybercrime-on-the-economy
12. Cobos, E. V. (2024). Cybersecurity economics for emerging markets. Washington, DC: World Bank. doi:10.1596/978-1-4648-2120-2
13. Cobos, V., Belen, E., & Selcen, C. (2024). A review of the economic costs of cyber incidents. Washington, DC: World Bank Group. Retrieved from http://documents.worldbank.org
14. Connolly, L., & Wall, D. (2019). The rise of crypto-ransomware in a changing cybercrime landscape: Taxonomising countermeasures. Comput. Secur., 87. doi:10.1016/J.COSE.2019.101568
15. Connolly, L., Wall, D., Lang, M., & Oddson, B. (2020). An empirical study of ransomware attacks on organizations: an assessment of severity and salient factors affecting vulnerability. J. Cybersecur., 6. doi:10.1093/cybsec/tyaa023
16. Cook, S., Giommoni, L., Trajtenberg Pareja, N., Levi, M., & Williams, M. L. (2023). Fear of economic cybercrime across Europe: A multilevel application of routine activity theory. The British Journal of Criminology, 63(2), 384–406. doi:10.1093/bjc/azac093
17. Couce-Vieira, A., Insua, D. R., & Kosgodagan, A. (2020). Assessing and forecasting cybersecurity impacts. Decision Analysis, 17(4), 356–374. doi:10.1287/deca.2020.0421
18. Cremer, F., Sheehan, B., Fortmann, M., Kia, A. N., Mullins, M., Murphy, F., & Materne, S. (2022). Cyber risk and cybersecurity: A systematic review of data availability. The Geneva Papers on Risk and Insurance - Issues and Practice, 47(3), 698–722. doi:10.1057/s41288-021-00233-9
19. Cvetković, S. M., & V. (2013). Vulnerability of critical infrastructure by natural disasters. Paper presented at the National critical infrastructure protection, regional perspective., Belgrade.
20. Cvetković, V. (2019). Risk Perception of Building Fires in Belgrade. International Journal of Disaster Risk Management, 1(1), 81-91.
21. Cvetković, V. (2023). A Predictive Model of Community Disaster Resilience based on Social Identity Influences (MODERSI). International Journal of Disaster Risk Management, 5(2), 57-80.
22. Cvetković, V. (2024a). Disaster Risk Management. In: Scientific-Professional Society for Disaster Risk Management, Belgrade.
23. Cvetković, V. (2024b). Essential Tactics for Disaster Protection and Rescue. Scientific-Professional Society for Disaster Risk Management, Belgrade.
24. Cvetković, V. M. (2024a). Disaster Resilience: Guide for Prevention, Response and Recovery. In: Belgrade: Scientific-Professional Society for Disaster Risk Management.
25. Cvetković, V. M. (2024b). In-Depth Analysis of Disaster (Risk) Management System in Serbia: A Critical Examination of Systemic Strengths and Weaknesses.
26. Cvetković, V. M., & Šišović, V. (2024). Capacity building in Serbia for disaster and climate risk education. In Disaster and Climate Risk Education: Insights from Knowledge to Action (pp. 299-323): Springer Nature Singapore Singapore.
27. Cvetković, V. M., Dragašević, A., Protić, D., Janković, B., Nikolić, N., & Milošević, P. (2022). Fire safety behavior model for residential buildings: Implications for disaster risk reduction. International Journal of Disaster Risk Reduction, 76, 102981. doi:https://doi.org/10.1016/j.ijdrr.2022.102981
28. Cvetković, V. M., Renner, R., & Jakovljević, V. (2024). Industrial Disasters and Hazards: From Causes to Conse-quences—A Holistic Approach to Resilience. International Journal of Disaster Risk Management, 6(2), 149-168.
29. Cvetković, V. M., Tanasić, J., Ocal, A., Kešetović, Ž., Nikolić, N., & Dragašević, A. (2021). Capacity Development of Local Self-Governments for Disaster Risk Management. International Journal of Environmental Research and Public Health, 18(19), 10406.
30. Cvetković, V., & Grbić, L. (2021). Public perception of climate change and its impact on natural disasters. Journal of the Geographical Institute Jovan Cvijic.
31. Cvetković, V., & Janković, B. (2020). Private security preparedness for disasters caused by natural and anthropogenic hazards. International Journal of Disaster Risk Management, 2(1), 23-33.
32. Cvetković, V., & Kezunović, A. (2021). Security Aspects of Critical Infrastructure Protection in Anthropogenic Disasters: A Case Study of Belgrade. Research Squares - Preprint, 10.21203/rs.21203.rs-927528/v927521.
33. Cvetković, V., & Martinović, J. (2020). Inovative solutions for flood risk management. International Journal of Disaster Risk Management, 2(2), 71–100.
34. Cvetković, V., & Renner, R. (2024). Comprehensive Databases on Natural and Man-Made (Technological) Hazards and Disasters: Mapping Risks and Challenges. In: Belgrade: Scientific-Professional Society for Disaster Risk Management.
35. Cvetković, V., & Šišović, V. (2024). Understanding the Sustainable Development of Community (Social) Disaster Resilience in Serbia: Demographic and Socio-Economic Impacts. Sustainability, 16 (7), 2620. In.
36. Cvetković, V., Nikolić, A., & Ivanov, A. (2023). The Role of Social Media in the Process of Informing the Public About Disaster Risks. Journal of Liberty and International Affairs, 9(2), 104-119.
37. Cvetković, V., Tanasić, J., Renner, R., Rokvić, V., & Beriša, H. (2024). Comprehensive Risk Analysis of Emergency Medical Response Systems in Serbian Healthcare: Assessing Systemic Vulnerabilities in Disaster Preparedness and Response. Paper presented at the Healthcare.
38. Farahbod, K., Shayo, C., & Varzandeh, J. (2020). Cybersecurity indices and cybercrime annual loss and economic impacts. Journal of Business and Behavioral Sciences, 32(1), 63–71.
39. George, A. S., Baskar, T., & Srikaanth, P. B. (2024). Cyber threats to critical infrastructure: Assessing vulnerabilities across key sectors. Partners Universal International Innovation Journal, 2(1), 51–75. doi:10.5281/zenodo.10639463
40. Goodell, J., & Corbet, S. (2022). Commodity market exposure to energy-firm distress: Evidence from the Colonial Pipeline ransomware attack. Finance Research Letters. doi:10.1016/j.frl.2022.103329
41. Grace, J. (2023). Impact of cybersecurity measures on financial data breaches. International Journal of Modern Risk Management, 1(1). Retrieved from https://www.iprjb.org/journals/index.php/IJMRM/article/view/2097
42. Gulyas, O., & Kiss, G. (2023). Impact of cyber-attacks on the financial institutions. Procedia Computer Science, 219, 84–90.
43. HISCOX Group. (2024). Cyber readiness report 2024: Protecting reputation through cyber resilience. Retrieved from https://www.hiscoxgroup.com/sites/group/files/documents/2024-10/HSX245–2024-CRR.pdf
44. Hromada, M., & Lukas, L. (2012). Critical Infrastructure Protection and the Evaluation Process. International Journal of Disaster Recovery and Business Continuity, 3.
45. International Chamber of Commerce. (2024). Protecting the cybersecurity of critical infrastructure and their supply chains.
46. International Monetary Fund. (2024). Global financial stability report: The last mile – Financial vulnerabilities and risks.
47. Jimmy, F. (2024). Assessing the effects of cyber attacks on financial markets. Journal of Artificial Intelligence General Science, 6(1), 288–305. doi:10.60087/jaigs.v6i1.254
48. Jurišić, D., & Marceta, Z. (2024). Collaborative Gaps: Investigating the Role of Civilian-Religious Authority Disconnection in Psychosocial Support Provision during the 2014 Floods. International Journal of Disaster Risk Management, 6(2), 1-18.
49. Kala, E. S. M. (2023). Critical role of cyber security in global economy. Open Journal of Safety Science and Technology, 13(4), 231–248.
50. Koliou, M., van de Lindt, J. W., Ellingwood, B., Dillard, M., Cutler, H., & McAllister, T. P. (2018). A critical appraisal of community resilience studies: Progress and challenges.
51. Krivokapić, Đ., Nikolić, A., Stefanović, A., & Milosavljević, M. (2023). Financial, accounting and tax implications of ransomware attack. Studia Iuridica Lublinensia, 32(1), 191–211. Retrieved from https://ssrn.com/abstract=4562912
52. Kumiko, F., & Shaw, R. (2019). Preparing International Joint Project: Use of Japanese Flood Hazard Map in Bangladesh. International Journal of Disaster Risk Management, 1(1), 62-80.
53. Künzler, F. (2023). Real cyber value at risk: An approach to estimate economic impacts of cyberattacks on businesses (Master's thesis). University of Zurich.
54. Kuzior, A., Brożek, P., Kuzmenko, O., Yarovenko, H., & Vasilyeva, T. (2022). Countering cybercrime risks in financial institutions: Forecasting information trends. Journal of Risk and Financial Management, 15(12), 613.
55. Kuzior, A., Tiutiunyk, I., Zielińska, A., & Kelemen, R. (2024). Cybersecurity and cybercrime: Current trends and threats. Journal of International Studies, 17(2), 220–239. doi:10.14254/2071-8330.2024/17-2/12
56. Lee, I. (2021). Cybersecurity: Risk management framework and investment cost analysis. Business Horizons, 64(5), 659–671. doi:10.1016/j.bushor.2021.02.022
57. Lis, P., & Mendel, J. (2019). Cyberattacks on critical infrastructure: An economic perspective. Economics and Business Review, 19(2), 24–47. doi:10.18559/ebr.2019.2.2
58. Mijalković, S., & Cvetković, V. (2013). Vulnerability of critical infrastructure by natural disasters. Paper presented at the National critical infrastructure protection, regional perspective.
59. Mokhele, M. O. (2024). Centres or Units: Making Sense of Decentralisation of Disaster Management in South African Municipalities. International Journal of Disaster Risk Management, 6(2), 19-38.
60. Molina, R. M. A., Torabi, S., Sarieddine, K., Bou-Harb, E., Bouguila, N., & Assi, C. (2022). On Ransomware Family Attribution Using Pre-Attack Paranoia Activities. IEEE Transactions on Network and Service Management, 19, 19-36. doi:10.1109/tnsm.2021.3112056
61. Molnár, A. (2024). A Systematic Collaboration of Volunteer and Professional Fire Units in Hungary. International Journal of Disaster Risk Management, 6(1), 1-13.
62. Mott, G., Turner, S., Nurse, J., Pattnaik, N., MacColl, J., Huesch, P., & Sullivan, J. (2024). 'There was a bit of PTSD every time I walked through the office door': Ransomware harms and the factors that influence the victim organization's experience. J. Cybersecur., 10. doi:10.1093/cybsec/tyae013
63. Moussaileb, R., Cuppens-Boulahia, N., Lanet, J.-L., & Bouder, H. L. (2021). A Survey on Windows-based Ransomware Taxonomy and Detection Mechanisms. ACM Computing Surveys (CSUR), 54, 1-36. doi:10.1145/3453153
64. Muniandy, M., Ismail, N., Al-Nahari, A., & Yao, D. N. (2024). Evolution and impact of ransomware: Patterns, prevention, and recommendations for organizational resilience. International Journal of Academic Research in Business and Social Sciences, 14. doi:10.6007/IJARBSS/v14-i1/19803
65. Nagar, G. (2024). The Evolution of Ransomware: Tactics, Techniques, and Mitigation Strategies. International Journal of Scientific Research and Management (IJSRM). doi:10.18535/ijsrm/v12i06.ec09
66. Pattnaik, N., Nurse, J., Turner, S., Mott, G., MacColl, J., Huesch, P., & Sullivan, J. (2023). It's more than just money: The real-world harms from ransomware attacks. ArXiv, abs/2307.02855. doi:10.48550/arXiv.2307.02855
67. Perić, J., & Vladimir, C. M. (2019). Demographic, socio-economic and phycological perspective of risk perception from disasters caused by floods: case study Belgrade. International Journal of Disaster Risk Management, 1(2), 31-43.
68. Putnik, N. (2022). Sajber rat i sajber mir. Beograd: Akademska misao.
69. Putnik, N., Milošević, M., & Cvetković, V. (2022). Rensomver kao pretnja bezbednosti – društveni i krivičnopravni aspekti. Sociološki pregled, 56(1), 328–353.
70. Rahman, A. M., & Islam, S. (2022). Financial and social costs perspective impacts of cybercrime in the UAE: Policy-guidance addressing the problem in piecemeal approach. International Journal of Economics, Business and Management Studies, 9(2), 89–103. doi:10.55284/ijebms.v9i2.718
71. Rebouh, N., Tout, F., Dinar, H., Benzid, Y., & Zouak, Z. (2024). Integrating Multi-Source Geospatial Data and AHP for Flood Susceptibility Mapping in Ain Smara, Constantine, Algeria. International Journal of Disaster Risk Management, 6(2), 245-264.
72. Reshmi, T. (2021). Information security breaches due to ransomware attacks - a systematic literature review. Int. J. Inf. Manag. Data Insights, 1, 100013. doi:10.1016/J.JJIMEI.2021.100013
73. Robles-Carrillo, M., & García-Teodoro, P. (2022). Ransomware: An Interdisciplinary Technical and Legal Approach. Security and Communication Networks. doi:10.1155/2022/2806605
74. Schwarz, M., Marx, M., & Federrath, H. (2021). A structured analysis of information security incidents in the maritime sector. arXiv preprint arXiv:2112.06545.
75. Seng, Y. J., Cen, T. Y., bin Mohd Raslan, M. A. H., Subramaniam, M. R., Xin, L. Y., Kin, S. J., Long, M. S., & Sindiramutty, S. R. (2024). In-depth analysis and countermeasures for ransomware attacks: Case studies and recommendations. Preprints. doi:10.20944/preprints202408.2261.v1
76. Singh, H., & Sittig, D. (2016). A Socio-Technical Approach to Preventing, Mitigating, and Recovering from Ransomware Attacks. Applied Clinical Informatics, 7, 624-632. doi:10.4338/ACI-2016-04-SOA-0064
77. Sudheer, S. (2024). Ransomware Attacks and Their Evolving Strategies: A Systematic Review of Recent Incidents. Journal of Technology and Systems. doi:10.47941/jts.2399
78. Sviatun, O. V., Goncharuk, O. V., Roman, C., Kuzmenko, O., & Kozych, I. V. (2021). Combating cybercrime: Economic and legal aspects. WSEAS Transactions on Business and Economics, 18, 751–762.
79. Tariq, N. (2018). Impact of cyberattacks on financial institutions. Journal of Internet Banking and Commerce, 23(2), 1–11.
80. Tarter, A. (2017). Importance of cyber security. In Community policing – A European perspective: Strategies, best practices and guidelines (pp. 213–230).
81. Thakur, M. (2024). Cyber security threats and countermeasures in digital age. Journal of Applied Science and Education, 4(1), 1–20.
82. ThankGod, J. (2024). Cyber heists and trade turmoil: Uncovering the economic impact of cybersecurity breaches on global commerce. doi:10.2139/ssrn.4858710
83. The Financial Action Task Force. (2023). Countering ransomware financing. FATF. Retrieved from http://www.fatf-gafi.org
84. Umer, S. S. (2024). Analysing in Post COVID-19 era: The Effect of Occupational Stress and Work-Life Balance on Employees Performance. International Journal of Disaster Risk Management, 6(1), 75-90.
85. Valackienė, A., & Odejayi, R. O. (2024). The impact of cyber security management on the digital economy: Multiple case study analysis. Intellectual Economics, 18(2), 261–283. doi:10.13165/IE-24-18-2-02
86. Vibhas, S., Bismark, A. G., Ruiyi, Z., Anwaar, M. A., & Rajib, S. (2019). Understanding the barriers restraining effective operation of flood early warning systems. 1(2), In press.
87. Vidović, N., Cvetković, V. M., & Beriša, H. (2024). Optimising Disaster Resilience Through Advanced Risk Management and Financial Analysis of Critical Infra-structure in the Serbian Defence Industry. International Journal of Disaster Risk Management, 6(2), 183-200.
88. Wang, P., & Johnson, C. (2018). Cybersecurity incident handling: A case study of the Equifax data breach. Issues in Information Systems, 19(3), 66–72.
89. Wang, P., D'Cruze, H., & Wood, D. (2019). Economic costs and impacts of business data breaches. Issues in Information Systems, 20(2), 94–100.
90. Wedawatta, G. (2012). Resilience and adaptation of small and medium‐sized enterprises to flood risk. Disaster Prevention and Management: An International Journal, 21(4), 474-488. doi:10.1108/09653561211256170
91. Wilner, A., Jeffery, A., Lalor, J., Matthews, K., Robinson, K., Rosolska, A., & Yorgoro, C. (2019). On the social science of ransomware: Technology, security, and society. Comparative Strategy, 38, 347-370. doi:10.1080/01495933.2019.1633187
92. Wollerton, M. (2023). Ransomware Attacks. doi:10.4135/cqresrre20230818
93. World Economic Forum. (2024). Global cybersecurity outlook 2024: Insight report. Retrieved from https://www3.weforum.org
94. World Economic Forum. (2025). Global cybersecurity outlook 2025: Insight report. Retrieved from https://reports.weforum.org
95. Yuste, J., & Pastrana, S. (2021). Avaddon ransomware: an in-depth analysis and decryption of infected systems. ArXiv, abs/2102.04796. doi:10.1016/j.cose.2021.102388
96. Zimba, A., & Chishimba, M. (2019). On the Economic Impact of Crypto-ransomware Attacks: The State of the Art on Enterprise Systems. European Journal for Security Research, 4, 3-31. doi:10.1007/s41125-019-00039-8
Downloads
Published
Issue
Section
License
Copyright (c) 2025 International Journal of Disaster Risk Management
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
This journal operates under the terms of the Creative Commons Attribution 4.0 International License (CC BY 4.0), which permits unrestricted use, distribution, reproduction, adaptation, and transformation in any medium, provided the original author and source are properly credited.
Authors retain the copyright of their articles.
The International Journal of Disaster Risk Management (IJDRM) encourages and permits authors to:
-
Post pre-print (submitted version), post-print (accepted version), and publisher’s version/PDF of their articles on personal websites, institutional repositories, disciplinary repositories, and academic networks such as ResearchGate, Academia.edu, or departmental websites,
-
Do so at any time, including before or after publication,
-
Provided that appropriate credit is given to the original publication in this journal, including:
-
Full bibliographic details
-
A clear mention of the journal name
-
A direct link to the article’s DOI (as an HTML link)
-
No prior permission is required from the publisher or editors for such actions, as long as the terms of the CC BY 4.0 license are followed.
