Skip to main content
Kent Academic Repository

Applying Neutralisation Theory to Better Understand Ransomware Offenders

Connolly, Lena, Borrion, Hervé, Arief, Budi, Kaddoura, Sanaa (2023) Applying Neutralisation Theory to Better Understand Ransomware Offenders. In: 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). . pp. 177-182. IEEE Computer Society, Los Alamitos, CA, USA ISBN 979-83-503-2720-5. (doi:10.1109/EuroSPW59978.2023.00025) (KAR id:102142)


The work presented in this paper investigates the crime of ransomware from the perspective of neutralisation theory. In particular, this research-in-progress paper aims to explore the feasibility of using neutralisation theory to better understand one of the key stakeholders in ransomware operations: the offenders. Individuals (including offenders) may employ techniques of neutralisation in order to justify their rule-breaking acts, and to diminish both the perceived consequences of their acts and the feeling of guilt. The focus of this work is on highly organised ransomware groups that not only conduct cyber attacks but also operate Ransomware-as-a-Service (RaaS) businesses. Secondary data was used in this research, including media interviews with alleged ransomware offenders. Data analysis is currently ongoing, but preliminary results show that ransomware offenders mainly use six neutralisation techniques to minimise the perceived impact and/or guilty feeling of their actions. These six neutralisation techniques are (1) denial of victim, (2) denial of injury, (3) claim of benefits, (4) claim of entitlement, (5) defence of necessity, and (6) claim of relative acceptability. The findings from this work can shed some light on the ransomware offending pathways, which in turn can be utilised to devise more effective countermeasures for combatting ransomware crime.

Item Type: Conference or workshop item (Proceeding)
DOI/Identification number: 10.1109/EuroSPW59978.2023.00025
Additional information: © 2023 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Uncontrolled keywords: ransomware crime, neutralisation theory, countermeasures
Subjects: Q Science > QA Mathematics (inc Computing science)
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
University-wide institutes > Institute of Cyber Security for Society
Depositing User: Budi Arief
Date Deposited: 19 Jul 2023 08:00 UTC
Last Modified: 09 Jan 2024 00:52 UTC
Resource URI: (The current URI for this page, for reference purposes)

University of Kent Author Information

  • Depositors only (login required):

Total unique views for this document in KAR since July 2020. For more details click on the image.