> The business model behind the service is simple: the bad guys keep 10% of the ransom.
Creating a ransomware is indeed not a very nice thing to do, but IMO the ones that deserve the most to be called "bad guys" are the ones that actually spread the binary (so, the ones that keep the other 90%)
I was thinking of that analogy as well. With weapons, you can claim it is for self defense.
I guess some people will argue that releasing ransomware will make software developers study the different types of attacks, so they increase security in computer systems.
They do increase security... but if violating security could be justified like that, then why have any security at all? You'd already have a useful justification for legitimately violating security.
Like if drinking poison builds up immunity, you don't get a free pass to feed people poison because of it. If you did, then the immunity goal doesn't matter because everyone would be poisoned to death first.
Creating a ransomware is indeed not a very nice thing to do, but IMO the ones that deserve the most to be called "bad guys" are the ones that actually spread the binary (so, the ones that keep the other 90%)