When people think about ransomware, they often picture large enterprises or healthcare systems being disrupted. That’s where most of the research and industry attention has traditionally been focused.

My work led me in a slightly different direction.

While working with regulated retail and transaction platforms, I kept encountering a class of systems that did not quite fit the usual security assumptions: lottery and betting kiosks. These systems operate in public environments, process financial transactions continuously, and are often left unattended for long periods of time.

What stood out to me was how differently these systems behaved compared to the environments most security models are designed for. Many of the standard assumptions around patching, maintenance, and operational control simply did not apply cleanly in practice.

Where the Problem Started

Kiosk systems are built under a unique set of constraints. They often run on stable but older environments, have limited maintenance windows, and are expected to remain operational almost all the time.

At the same time, they are exposed to both physical and network-level risks. Something as simple as a USB device or a compromised local connection can become an entry point.

Early on, it became clear that many of the assumptions we make in enterprise security do not hold in this context. Immediate patching is not always possible. Downtime is not acceptable. And access to the environment cannot always be tightly controlled.

This led to a simple but important shift in perspective:

Instead of focusing only on how to prevent attacks, it becomes equally important to understand how systems can continue operating when something goes wrong.

Rethinking Security as Resilience

This idea became the foundation for my research, where I explored what a resilience-first approach might look like for these environments.

Rather than relying on a single defensive layer, the approach combines multiple capabilities working together:

• preventive controls to reduce the attack surface
• behavioral detection to identify anomalies early
• response mechanisms that allow systems to isolate, contain, and recover

One of the more interesting parts of this work was trying to balance security theory with operational reality. Many approaches that work well in controlled enterprise environments become difficult to apply in systems that must remain continuously available and operate under strict performance and regulatory constraints.

Another important consideration was ensuring that any solution remained lightweight enough for real operational environments. The framework needed to work under intermittent connectivity conditions while avoiding noticeable delays or disruption for users.

What the Experiments Taught Me

To understand how this approach performs in practice, I built a simulated environment representing hundreds of kiosks operating under realistic conditions.

Instead of relying on purely theoretical scenarios, the system was tested against behaviors inspired by known ransomware patterns, including propagation and staged impact.

What became clear was that detection alone is not enough. Systems that can identify an attack but cannot recover quickly still experience significant disruption.

In contrast, systems designed with recovery in mind are able to limit the overall impact much more effectively.

This reinforced a key takeaway for me: Resilience is not just about stopping attacks, but about reducing their consequences.

Why This Matters

Although this work focuses on kiosk systems, the underlying challenge is much broader.

Many modern platforms are distributed, continuously running, and tightly coupled with real-world operations. In such environments, downtime can be just as damaging as a security breach itself.

This creates a need for systems that are not only secure, but also adaptable and recoverable.

Looking Ahead

One area that continues to be particularly interesting is how these ideas intersect with emerging system design patterns, especially in distributed and AI-enabled environments.

As systems grow more complex, the boundary between reliability and security continues to blur. Designing for one increasingly requires designing for the other.

Final Thoughts

This work started with a practical observation about how real systems behave under operational constraints. It gradually evolved into a broader exploration of how we think about security in environments where failure is not optional.

Looking back, one of the most valuable parts of this work was realizing how closely reliability and security are connected in real-world systems. The experience reinforced the idea that resilient system design is not only about defending against threats, but also about building systems that can adapt, recover, and continue operating under pressure.

Access the Full Paper

This post is based on my recent research on ransomware resilience in kiosk systems.

The full paper can be accessed here: https://doi.org/10.32604/jcs.2025.073670