It is 2021, and cyberattacks are relentless. Attacks can take many forms, such as ransomware, which according to some estimations, accounted for approximately 4000 attacks per day, with 98% of the attacks relying on social engineering. Only in the US, ransomware attacks in 2020 costed an estimated $915 million. This working paper aims to look into the applicable legislative regimes to ransomware from the perspective of the US Computer Fraud and Abuse Act (CFAA) and the Convention on Cybercrime of the Council of Europe (Budapest Convention). In doing so, in Section 2 the paper first describes ransomware, both from a technical perspective as well from the perspective of the novel business model of Ransomware-as-a-service (RaaS). Section 3 is dedicated to applying the CFAA to ransomware, whereas Section 4 does the same for the Budapest Convention. Section 5 brings together some concluding reflections regarding the two legal regimes.