This project explores how governments have responded to the ransomware threat since its surge in 2020, using case studies of active cyber defence measures deployed to disrupt ransomware networks.

From Singapore to Australia, the spectrum of proactive cybersecurity measures explored in recent years has included:

1. expanding the mandates for existing institutions;
2. granting new powers to private organisations;
3. setting up permanent operations to fight ransomware and
4. exploring new forms of international collaboration.

In the process of countering ransomware, there has been a significant shift from a strictly defensive stance to deploying “hack-back” capabilities that aim to neutralise and shut down attacking systems, within and outside of a given jurisdiction. By developing such proactive cybersecurity measures, states seem to reconceptualise the spectrum of lawful responses under international law. This trend in the cybersecurity landscape has remained underexplored in the academic literature and in the policy debates. This project aims to change that, presenting new evidence, standalone findings and initial policy recommendations, as well as providing a proof of concept for a larger study at the global level.