Ransomware: Notes on the US Computer Fraud and Abuse Act and the CoE International Convention on Cybercrime

Catalina Goanta; Apostolis Zarras

Ransomware: Notes on the US Computer Fraud and Abuse Act and the CoE International Convention on Cybercrime

Law Innovation and Technology

Research output: Working paper › Academic

Abstract

It is 2021, and cyberattacks are relentless. Attacks can take many forms, such asransomware, which according to some estimations, accounted for approximately 4000 attacks per day, with 98% of the attacks relying on social engineering. Only in the US, ransomware attacks in 2020 costed an estimated $915 million. This working paper aims to look into the applicable legislative regimes to ransomware from the perspective of the US Computer Fraud and Abuse Act (CFAA) and the Convention on Cybercrime of the Council of Europe (Budapest Convention). In doing so, in Section 2 the paper first describes ransomware, both from a technical perspective as well from the perspective of the novel business model of Ransomware-as-a-service (RaaS).Section 3 is dedicated to applying the CFAA to ransomware, whereas Section 4 does the same for the Budapest Convention. Section 5 brings together some concluding reflections regarding the two legal regimes.

Original language	English
Place of Publication	United States
Publisher	Stanford Law School
Pages	1-21
Publication status	Published - 2021

Publication series

Name	TTLF Working Papers
Publisher	Stanford Law School
Volume	82

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

goantazarras_wp82Submitted manuscript, 1 MB

https://law.stanford.edu/publications/no-82-ransomware-notes-on-the-us-computer-fraud-and-abuse-act-and-the-coe-international-convention-on-cybercrime/

Cite this

@techreport{5cfe8b5a73e64303a2c1c1492f58a8db,

title = "Ransomware: Notes on the US Computer Fraud and Abuse Act and the CoE International Convention on Cybercrime",

abstract = "It is 2021, and cyberattacks are relentless. Attacks can take many forms, such asransomware, which according to some estimations, accounted for approximately 4000 attacks per day, with 98\% of the attacks relying on social engineering. Only in the US, ransomware attacks in 2020 costed an estimated \$915 million. This working paper aims to look into the applicable legislative regimes to ransomware from the perspective of the US Computer Fraud and Abuse Act (CFAA) and the Convention on Cybercrime of the Council of Europe (Budapest Convention). In doing so, in Section 2 the paper first describes ransomware, both from a technical perspective as well from the perspective of the novel business model of Ransomware-as-a-service (RaaS).Section 3 is dedicated to applying the CFAA to ransomware, whereas Section 4 does the same for the Budapest Convention. Section 5 brings together some concluding reflections regarding the two legal regimes.",

author = "Catalina Goanta and Apostolis Zarras",

year = "2021",

language = "English",

series = "TTLF Working Papers",

publisher = "Stanford Law School",

pages = "1--21",

address = "United States",

type = "WorkingPaper",

institution = "Stanford Law School",

}

TY - UNPB

T1 - Ransomware: Notes on the US Computer Fraud and Abuse Act and the CoE International Convention on Cybercrime

AU - Goanta, Catalina

AU - Zarras, Apostolis

PY - 2021

Y1 - 2021

N2 - It is 2021, and cyberattacks are relentless. Attacks can take many forms, such asransomware, which according to some estimations, accounted for approximately 4000 attacks per day, with 98% of the attacks relying on social engineering. Only in the US, ransomware attacks in 2020 costed an estimated $915 million. This working paper aims to look into the applicable legislative regimes to ransomware from the perspective of the US Computer Fraud and Abuse Act (CFAA) and the Convention on Cybercrime of the Council of Europe (Budapest Convention). In doing so, in Section 2 the paper first describes ransomware, both from a technical perspective as well from the perspective of the novel business model of Ransomware-as-a-service (RaaS).Section 3 is dedicated to applying the CFAA to ransomware, whereas Section 4 does the same for the Budapest Convention. Section 5 brings together some concluding reflections regarding the two legal regimes.

AB - It is 2021, and cyberattacks are relentless. Attacks can take many forms, such asransomware, which according to some estimations, accounted for approximately 4000 attacks per day, with 98% of the attacks relying on social engineering. Only in the US, ransomware attacks in 2020 costed an estimated $915 million. This working paper aims to look into the applicable legislative regimes to ransomware from the perspective of the US Computer Fraud and Abuse Act (CFAA) and the Convention on Cybercrime of the Council of Europe (Budapest Convention). In doing so, in Section 2 the paper first describes ransomware, both from a technical perspective as well from the perspective of the novel business model of Ransomware-as-a-service (RaaS).Section 3 is dedicated to applying the CFAA to ransomware, whereas Section 4 does the same for the Budapest Convention. Section 5 brings together some concluding reflections regarding the two legal regimes.

M3 - Working paper

T3 - TTLF Working Papers

SP - 1

EP - 21

BT - Ransomware: Notes on the US Computer Fraud and Abuse Act and the CoE International Convention on Cybercrime

PB - Stanford Law School

CY - United States

ER -

Ransomware: Notes on the US Computer Fraud and Abuse Act and the CoE International Convention on Cybercrime

Abstract

Publication series

UN SDGs

Access to Document

Fingerprint

Cite this