// Comparison
Sandworm vs The Ransomware Hunting Team: Which Should You Read?
Two cybersecurity books on Narrative, compared honestly: who each is for, what each does best, and which to read first.
A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers
Andy Greenberg
Long-form journalism on the GRU's hacking operations, the best non-technical book on what state-level cyber actually looks like.
A Band of Misfits' Improbable Crusade to Save the World from Cybercrime
Renee Dudley, Daniel Golden
Investigative journalism on the volunteers who quietly cracked ransomware to free victims for free, while the FBI mostly watched. A people-first look at the early ransomware economy.
Read this if
Skip this if
Key takeaways
- NotPetya was not a ransomware accident; it was a wartime weapon that overshot.
- Attribution is slow, contested, and political, but it is also possible and increasingly precise.
- The line between cybercrime and statecraft is thinner than the threat-intel literature suggests.
- The earliest, most effective ransomware response came from unpaid volunteers, not governments or vendors.
- Many ransomware strains shipped with crypto flaws that made free decryption possible, for a while.
- Institutional response lagged for years because the problem fell between agencies, jurisdictions, and budgets.
How they compare
We rate Sandworm higher (5/5 against 4/5 for The Ransomware Hunting Team). For most readers, that means Sandworm is the primary pick and The Ransomware Hunting Team is a useful follow-up.
Both books target beginner-level readers, so the choice is about topic, not difficulty.
Sandworm and The Ransomware Hunting Team both cover Narrative, so reading them in sequence reinforces the same material from different angles.