Ransomware through the lens of state crime: Conceptualizing ransomware groups as cyber proxies, pirates, and privateers

Abstract

Cybercrime and other cybersecurity harms are gaining increasing political and public attention across many countries. One of the most serious and fastest growing categories of such harms relates to ransomware attacks. Many of the groups responsible for ransomware attacks have come under political pressure in recent years as they have become more aggressive in their methods and targeting. On a geopolitical level, an area attracting increasing interest is the complex relationships between ransomware groups and states, in particular, Russia. This paper introduces the concept of state crime to ransomware groups. Starting with the concept of proxies before turning to the historical examples of privateering and piracy, we focus on the notion of “cyber privateers” to analyze two select ransomware groups—DarkSide and REvil—that are believed to be affiliated with the Russian state. We argue that approaching these ransomware groups as cyber privateers engaged in state crime has the potential to enhance our understanding of how these groups operate. We further posit that a state crime perspective also assists in identifying how ransomware may be countered, highlighting the need for policy responses that are effective even when ransomware groups may be tacitly protected by a state.