Reconceptualising organised (cyber)crime: The case of ransomware

The concept of organised cybercrime has been the subject of much debate over the last decade. Many researchers who have applied scholarly definitions of organised crime to cyber-criminal groups have concluded that such groups are not “organised criminal groups” and do not engage in “organised crime”. This paper adopts a different perspective to argue that certain cyber-criminal groups involved in ransomware can and should be considered organised crime if a more contemporary and flexible framework for conceptualising organised crime is adopted. We make this argument using three primary domains of organised crime first described by von Lampe: criminal activities, offender social structures, and extra-legal governance. We narrow in on the concepts of violence and extra-legal governance in particular as they have been interpreted to hold significant differences for criminal groups operating in physical and digital domains. The paper argues that it is time to move on from criminological debates regarding whether organised cybercrime can exist to focus on the many rich questions that researchers can take from organised crime scholarship and apply to cyber-criminal groups. We put forward a reconceptualisation of organised cybercrime towards this end.