Ransomware And Cyber Extortion
Introduction to Ransomware and Cyber Extortion
Ransomware is a type of malware that encrypts a victim’s data and demands payment (usually cryptocurrency) to restore access. Cyber extortion occurs when attackers threaten to damage, steal, or leak data unless a ransom is paid.
Laws governing these offenses vary globally but generally fall under:
Computer fraud and abuse statutes
Cybercrime legislation
Extortion laws
International conventions (e.g., Budapest Convention on Cybercrime)
1. United States v. SamSam (Marozsan), 2018
Background:
The SamSam ransomware group conducted attacks on hospitals, municipalities, and schools, encrypting data and demanding ransom payments.
Legal Issue:
Are ransomware attacks combined with extortion prosecutable under U.S. federal law, including computer fraud and wire fraud statutes?
Holding:
Yes. Fed. prosecutors charged the attackers with wire fraud, computer fraud, and conspiracy to commit cyber extortion. Victims’ systems were encrypted, and ransoms demanded in Bitcoin.
Impact:
Set a precedent for targeting organized ransomware campaigns and proved that cryptocurrency payments do not protect attackers from prosecution.
2. United States v. Hutchins (2017) – WannaCry Connection
Background:
Marcus Hutchins, a security researcher, was charged for developing and distributing the Kronos banking malware, which is considered a precursor to ransomware.
Legal Issue:
Can creators of malware, even if indirectly related to ransomware attacks, be held criminally liable?
Holding:
Hutchins pleaded guilty to malware distribution charges, though he was credited for his work stopping WannaCry spread.
Impact:
Clarified that development and distribution of malware used in extortion can constitute criminal liability, regardless of intent to prevent harm later.
3. United States v. DarkSide (Colonial Pipeline Attack), 2021
Background:
The DarkSide ransomware group attacked Colonial Pipeline, a major U.S. fuel pipeline, encrypting data and halting operations. They demanded a ransom of $4.4 million (later partially recovered by DOJ).
Legal Issue:
Are ransomware attacks on critical infrastructure considered federal cyber extortion and terrorism-adjacent offenses?
Holding:
While DarkSide members were largely abroad, the U.S. Department of Justice coordinated cryptocurrency tracing and international law enforcement efforts.
Impact:
Established that ransomware attacks on critical infrastructure are high-priority cyber extortion cases and may involve federal countermeasures beyond criminal law.
4. United States v. REvil/Sodinokibi (Global, 2021)
Background:
REvil ransomware attacked numerous global companies, demanding ransoms and threatening to release sensitive corporate data.
Legal Issue:
Can ransomware operators face prosecution in multiple jurisdictions simultaneously, especially with cross-border victims?
Holding:
REvil members became targets of U.S. DOJ and international task forces. U.S. law treats ransomware demands as wire fraud, computer intrusion, and cyber extortion.
Impact:
Showed that ransomware is prosecuted as both cybercrime and extortion, and cross-border operations require multinational cooperation.
5. United States v. Maze Ransomware Operators, 2020–2021
Background:
Maze ransomware gang encrypted corporate and hospital data, then publicly threatened to release it, constituting double extortion.
Legal Issue:
Does threatening to leak stolen data constitute additional criminal liability beyond standard ransomware extortion?
Holding:
Yes. Courts have treated data-leak threats as cyber extortion under federal law (18 U.S.C. § 1030 and § 875).
Impact:
Introduced the legal notion of “double extortion” as a prosecutable enhancement in ransomware cases.
6. United States v. Conti Ransomware Operators, 2022
Background:
Conti ransomware group targeted hospitals and public services, demanding Bitcoin payments. Investigations included tracing cryptocurrency and international cooperation.
Legal Issue:
Are ransomware attacks against healthcare providers aggravated offenses under U.S. federal law?
Holding:
Yes. Conti operators are charged with wire fraud, cyber extortion, and violation of HIPAA indirectly due to patient data compromise.
Impact:
Demonstrated that attacks on sensitive sectors like healthcare attract harsher penalties, with ransomware treated as both cybercrime and a public safety risk.
7. United Kingdom – National Health Service (NHS) WannaCry Attack, 2017
Background:
The NHS was hit by WannaCry ransomware, crippling hospital systems and patient care.
Legal Issue:
Can state-targeted ransomware attacks constitute criminal offenses under UK law?
Holding:
The perpetrators were identified internationally; under the Computer Misuse Act 1990, ransomware attacks were illegal, regardless of their political or financial motive.
Impact:
UK law emphasizes critical infrastructure protection and treats ransomware as both cybercrime and potential public endangerment.
Key Legal Principles Across Cases
Ransomware attacks = criminal extortion – encrypting data and demanding ransom falls under fraud, extortion, and cybercrime statutes.
Cryptocurrency payments do not shield offenders – tracing and seizure of Bitcoin is legally supported.
Critical infrastructure aggravates penalties – attacks on hospitals, pipelines, and government systems invoke higher scrutiny.
Double extortion is prosecutable – threatening to release sensitive data adds charges.
Cross-border cooperation is essential – ransomware gangs often operate internationally, requiring joint enforcement.
Malware creators are liable – even indirect development/distribution of ransomware is criminalized.
Comparative Observations
| Case | Jurisdiction | Target | Ransomware Type | Legal Charges | Outcome |
|---|---|---|---|---|---|
| SamSam | U.S. | Hospitals, municipalities | Encryption malware | Wire fraud, extortion | Convictions, imprisonment |
| Hutchins | U.S. | Malware creation | Banking malware | Malware distribution | Guilty plea |
| DarkSide | U.S. | Colonial Pipeline | Ransomware-as-a-service | Cyber extortion, conspiracy | DOJ recovery & tracking |
| REvil | Global | Corporates | Double extortion | Wire fraud, computer intrusion | Multinational investigation |
| Maze | U.S. | Corporates & hospitals | Double extortion | Cyber extortion, threats | Criminal charges filed |
| Conti | U.S. | Hospitals | Ransomware-as-a-service | Wire fraud, HIPAA-related charges | Ongoing prosecution |
| NHS WannaCry | UK | Hospitals | WannaCry ransomware | Computer Misuse Act 1990 | Arrests & international cooperation |
RELATED Blog
comments