Ransomware attacks have increased in recent years and the impact on victims and society can be considerable. In order to develop effective measures against ransomware, it is important to understand how attacks are committed. However, most research on ransomware focuses on technical aspects or specific stages in the process. Less scientific research has been conducted on the entire process or the human involvement in attacks. Moreover, while crime scripts exist for other forms of cybercrime, a crime script for ransomware attacks is missing in the literature. The current study seeks to address this gap through a crime script analysis of ransomware attacks, using 44 court documents from Dutch and English-speaking countries and 10 expert interviews. The crime script analysis helps in understanding the actions taken in each stage of a ransomware attack and the behavior of and interaction between victims and offenders. It shows how the ransomware ecosystem has professionalized, with groups investing time, effort and money in the malware and infrastructure, outsourcing parts of the process and sometimes providing victims with customer service. Furthermore, it gives insight into facilitators, including the security risks that enable attackers in gaining access and cryptocurrency mixers or exchange services that facilitate money laundering. The findings have helped identify potential situational crime prevention measures, which are described in the discussion.

The internet has become a popular marketplace for the sale of illicit products, including stolen personal information, drugs, and firearms. Many of these products are acquired using cryptocurrencies, which are generally defined as forms of digital currency that is traceable through blockchain ledger technology. These currencies are thought to be more secure than other forms of digital payment, though law enforcement and financial service providers have found ways to investigate account holders and their transactions. Consequently, several service providers have begun to offer cryptomixing services, which effectively launders payments to circumvent detection and investigation tools. Few have explored the practices of cryptomixing services, or the ways in which they are marketed on the Open and Dark Web. This inductive qualitative analysis will examine a sample of 18 cryptomixing services advertised on both the Open and Dark Web to better understand cryptomixing and its role in facilitating illicit transactions across the internet.

Op 1 maart 2019 is de Wet computercriminaliteit III (hierna Wet CCIII) in werking getreden. Met deze wet heeft de hackbevoegdheid een grondslag gekregen in het Wetboek van Strafvordering (artt. 126nba, 126uba en 126zpa Sv). De nieuwe bevoegdheid maakt het mogelijk dat opsporingsambtenaren, ‘onder voorwaarden een geautomatiseerd werk, dat bij een verdachte in gebruik is, op afstand heimelijk [kunnen] binnendringen met het oog op bepaalde doelen op het gebied van de opsporing van ernstige strafbare feiten’.