Ransomware crime through the lens of neutralisation theory

This study examines ransomware crime through the lens of neutralisation theory, and explores techniques used by alleged offenders to justify their involvement in ransomware attacks. This work focuses on highly organised ransomware groups that not only conduct attacks but also operate as Ransomware-as-a-Service businesses. The interview data (n = 9) used in this research were collected by several media and cyber security companies. Drawing on Kaptein and Van Helvoort model of neutralisation techniques, we discovered that interviewees – reported ransomware offenders – distorted the facts (n = 5) and negated societal norms (n = 8). Less common, some interviewees admitted breaking norms, but they rejected responsibility by blaming the circumstances (n = 8) or their own shortcomings (n = 3). These results offer new insights that can support the development of counter-narratives.