Forget The “Script Kiddies”: DOJ Needs To Get Serious About The Ransomware Business

Ransomware attacks aren’t spawned by lone wolves or wayward geeks. They are rather the end product of an organized business ecosystem, and it’s time the Justice Department made it a priority to take it down, says Kellen Dwyer on the Lawfare blog. Dwyer is a former federal cyber-crime prosecutor and now a cybercrime and data security teacher at George Mason’s Antonin Scalia Law School. He does not discourage the usual recommended strategies, like defensive cybersecurity and the sharing of information among victims or potential victims, but he says that going after organized cyber criminals is the low-hanging fruit among policy responses to ransomware, and it ought to be picked. A prerequisite to doing that, he says, is understanding how the business works: A small sector of highly skilled technicians create the “tools,” which they then market to a much larger pool of less skilled practitioners, commonly known as “script kiddies.”

“To fight ransomware, the Justice Department should follow the playbook that it used against organized crime in the 1960s and terrorists after 9/11,” Dwyer says. “The department needs a ‘troop surge’ of cyber prosecutors and agents to conduct long-term, proactive investigations into ransomware gangs and the organizations that enable them.”