The Ransomware Hunting Team

The Ransomware Hunting Team: A Band of Misfits' Improbable Crusade to Save the World from Cybercrime is a 2022 nonfiction book on computer security by Renee Dudley and Daniel Golden. It was published in the United States in October 2022 by Farrar, Straus and Giroux, and is about a group of volunteer freelance computer experts who crack ransomware and help victims recover their data without them having to yield to extortion. Sections of this book had previously featured in a ProPublica podcast, The Extortion Economy: Exploring the Secret World of Ransomware, in December 2021.

Dudley is a technology journalist at ProPublica, and Golden is a journalist and senior editor at the same organization. Golden won the 2004 Pulitzer Prize for Beat Reporting, and Dudley was a 2017 Pulitzer Prize for National Reporting finalist.

The Ransomware Hunting Team audiobook published by Macmillan Audio and narrated by BD Wong won the 2023 Audie Award for Nonfiction.

Synopsis
The Ransomware Hunting Team is about a small group of computer experts in the United States and Europe who devote large amounts of their time to cracking ransomware. They include Michael Gillespie, Fabian Wosar and Sarah White, all volunteers who do not ask for payment for helping victims of these cyberattacks. Authors Dudley and Golden explain how cybercriminals break into vulnerable computer systems, infect them with viruses that encrypt their data, and then demand money for decryption keys. The book highlights some of the prominent ransomware attacks, such as the 2021 Colonial Pipeline ransomware attack, and the 2017 infection of Britain's National Health Service systems. But because many ransomware attacks are not made public. there are considerably more occurrences than reported.

If ransomware has been properly written, cracking it is normally "impossible". But from time to time the hackers take shortcuts, or make mistakes, and the elite team is able to reverse-engineer the malware and construct decryption keys for the victims to recover their data without having to pay ransoms. The book discloses that the battle between the ransomware developers and the hunters is an undeclared cyberwar. It also explains why the FBI and the Department of Homeland Security in the United States are unable to fully tackle this problem. Bound by rigid structures, these organizations are reluctant to work with outsiders, and derisively refer to Gillespie and company as the "Geek Squad". But after the Colonial Pipeline incident, they have begun to work more closely with the ransomware hunters.

Reception
Kirkus Reviews called The Ransomware Hunting Team "[a]n accessible, tautly written account of cyberwarfare in real time." Their review said it brings to mind Clifford Stoll's 1989 book, The Cuckoo's Egg when "computer mischief" was still new, but added that Dudley and Golden's book "is an update to that distinguished predecessor, though it also enters into the newer realms of the dark web, cryptocurrency, and high-level code-breaking." A review at Publishers Weekly described the book as "an intriguing profile of volunteer tech experts who work to combat digital extortionists." It stated, "Readers will put down this engrossing underdog story just long enough to back up their own files."

The Economist stated in a review of The Ransomware Hunting Team that, "The ransomware business is complicated, ruthless and growing fast." It said the book explains the mechanics of ransomware and how it is "spread[ing] like knotweed". It added that Dudley and Golden's research has produced some "fascinating anecdotes", and focuses on not only the people involved, but also the computers they use. The reviewer concluded that the authors have produced "a good introduction" to ransomware and recommended the book to those looking for a guide to the topic.

In a review of the book in The New York Times, Josephine Wolff wrote that the book has "lively portraits" of the cybercriminals and the hunters, and does a "brilliant job" of tracking the subtle banter between the two groups via embedded text in program code. She said Dudley and Golden emphasize the devastating effect ransomware has on its victims, and highlights "the indifference and incompetence" of the authorities in tackling this problem. But Wolff felt that a shortcoming of the book is its lack of coverage of the role "cryptocurrency exchanges, botnet operators, hosting providers and internet service providers" could play in making it more difficult for ransomware attacks to happen.