But what happens in the case where you are able to identify—either by name, location, computer, IP address, MAC address or otherwise—the individual(s) responsible for the ransomware, extortionware or electronic demand for payment? Right now, a ransomware victim has few options. One: Pay the ransom. Two: Don’t pay the ransom and restore/rebuild. Or, three: Choose option one or two but work with law enforcement in the hope that the perpetrator will be caught and prosecuted. The real-world law offers another option. A form of self-help, you could say. Why not ransomware the ransomware purveyors?
Source: Why Not Hold Ransomware Attackers Hostage for a Change? – Security Boulevard