[mayniac]

They didn't target the hospital:

"The cyberattack was not intended for the hospital, according to a report from the German news outlet RTL. The ransom note was addressed to a nearby university. The attackers stopped the attack after authorities told them it had actually shut down a hospital."

Source: https://www.theverge.com/2020/9/17/21443851/death-ransomware...

[waihtis]

Why are people making such a huge deal about who they were targeting and who not? Ransomware is digital extortion. There’s zero honor to it in any case.

[wongarsu]

Because if only University computers had been affected nobody would have died.

If this was just some ransomware attack it would be barely newsworthy, and we sure wouldn't be discussing it. The death is what makes it interesting. And in this context it is important that the hospital wasn't even the intended target but was caught in the crossfire.

That doesn't justify anything, but I think we can all agree that extortion is a less severe crime than murder.

[waihtis]

I get your point, but the tone in some of these is borderline defensive of ransomware. As if it would be legit otherwise, except they just misfired in this case

[wongarsu]

If that's the case then just to clarify: I think ransomware is like a digital protection racket. You either pay up or they try their best to burn your business down. But it's even worse, because even if you have every intention to pay (which you shouldn't), it still causes you downtime that's probably worse than the ransom itself. It's not something I would wish on anybody, and it's a drag on the entire economy. We should prosecute the perpetrators wherever we can.

But if I had to assign jail sentences, a ransomware author would get a decade or two (add another decade in this case for manslaughter), a murderer would get a life sentence. Life over property.

[civilian]

He's not being defensive, you're being a zealot.

It is important to recognize that crimes have different levels. Society understands that, and it's encoded in our laws in the way we define scaling punishments, and have a difference between misdemeanors and felonies.

For thefts, there's a distinction between "burglary", "robbery", and "robbery with a deadly weapon".

And in this case-- comparing ransomware of a university to terrorism is disproportionate.

[waihtis]

FYI I’m not the original poster who commented on the terrorism aspect, but I think ransomware is difficult to categorize because it is often a spray and pray-type attack. And occasionally a vulnerability and other infection vectors line up neatly enough to cause huge damage.

So in this case, the better analogy would be explosives - someone tried to blow a safe to get the money inside but the explosion also killed an innocent bystander.

[throwaway316943]

Isn’t that like saying that if someone burns down an abandoned building and accidentally kills the squatters living inside that they shouldn’t be prosecuted for man slaughter as well as arson?

[matkoniecz]

If "accidentally" is true then prosecuting them for deliberate murder would not be OK.

Prosecuting them for man slaughter and arson and everything else what applies would be perfectly fine.

[vharuck]

We're going down a rabbit hole away from the main topic, but "depraved indifference" can lead to murder charges in some states. And burning down a building without checking if anybody's inside would definitely be depraved indifference.

https://en.wikipedia.org/wiki/Depraved-heart_murder

[zucker42]

Whether they targeted the hospital might be relevant to what type of homicide they are charged with if they are caught.

[shadowgovt]

The incentives remain unchanged; if an untargeted attack hits a hospital, treat it (for resource allocation to bring perpetrators to justice) as equivalent to a targeted attack. This incentivizes crooks to do the work on their end necessary to avoid society-critical targets so they don't end up staring down an INTERPOL red notice.

The Morris worm's DOS nature was a programming error; it was still prosecuted as a felony for total amount of damage done.

[marton78]

Holding a university ransom is not much better..

[mayniac]

It's definitely better than holding a hospital ransom. It's very unlikely that anyone will die if you spread ransomware in a university.

[vharuck]

Isn't that part of why we treat terrorism more harshly? It's often an indiscriminate attack that harms a lot of people. Like setting off a bomb in a government building and mostly harming private citizens who happened to be there.