When Cryptographic Ransomware Poses Cyber Threats: Ethical Challenges and Proposed Safeguards for Cybersecurity Researchers

Cryptographic ransomware, a malware capable of destroying data, is a serious threat if used against providers of critical infrastructures such as healthcare, energy supply chains, banking services, and transport systems. Used as such, ransomware may qualify as cyber weapon, but the
current discussion around cyber and information warfare is not sufficiently legally regulated. This delegates the safe governance thereof to the application of ethical principles but leaves researchers working on ransomware in doubt about the double-use nature of their work and what code of conduct to follow. Although some existing biomedical research ethical principles have been repurposed for ICT research, in the context of recent threats posed by ransomware attacks, these
efforts need an urgent rethink, especially when it involves the research of cybersecurity researchers dealing specifically with ransomware. This paper does not offer solutions, but rather describes the complexity, nature and extent of ethical challenges raised by cybersecurity research and invites the cybersecurity research community to enter into active discussions around the need to consider the development of an appropriate research ethics framework in the domain of cybersecurity.