Orbital Escalation: Modeling Satellite Ransomware Attacks Using Game Theory

TL;DR

This paper presents the first game-theoretic framework for modeling ransomware against satellites: the orbital escalation game, where the attacker escalates ransom demands across orbital passes, while the defender chooses their best strategy, e.g., attempt a restore procedure.

Abstract

Ransomware has yet to reach orbit, but the conditions for such an attack already exist. This paper presents the first game-theoretic framework for modeling ransomware against satellites: the orbital escalation game. In this model, the attacker escalates ransom demands across orbital passes, while the defender chooses their best strategy, e.g., attempt a restore procedure. Using dynamic programming, we solve the defender's optimal strategy and the attacker's expected payoff under real orbital constraints. Additionally, we provide a GPS III satellite case study that demonstrates how our orbital escalation game can be applied in the context of a fictional but feasible ransomware attack to derive the best strategies at every step. In conclusion, this foundational model offers satellite owners, policy makers and researchers, a formal framework to better prepare their responses when a spacecraft is held for ransom.

Figures (8)

• Figure 1: Current ransom at orbital pass $k$.
• Figure 2: Defender’s decision problem equation modeled as a Bellman recursion at orbital pass $k$. Here $V_k$ is the defender’s minimal expected cost; $R_k = R_0 + (k-1)\Delta R$ is the ransom demand at pass $k$; $c_{\downarrow}$ is the per-pass downtime cost; $V_{k+1}$ and $V_{k+d_j}$ are continuation values after idling or a failed restore, respectively; $C_j$, $d_j$, and $p_j$ are the direct cost, duration (in passes), and success probability of restore strategy $j$; and $L_{\mathrm{ref}}$ is the mission loss if the defender refuses to pay. At each pass the defender compares the four options and chooses the action that minimizes cost.
• Figure 3: Defender's end of horizon decision.
• Figure 4: Attacker's end of horizon payoff.
• Figure 5: Recursive formulation of the attacker’s continuation value $A_k$ at orbital pass $k$. Each term represents the attacker’s expected payoff given the defender’s chosen action (Pay, Idle, Restore, or Refuse).