I'm not going to tell you how to run your site, but I normally do the following:

Ban the user.
Get all the user's info (posts, IPs, PMs, etc.).
Send the user an email telling them why they have been banned (be professional about it).
Post on their threads a message explaining why it is stupid to use warez (its buggy, normally a Trojan Horse program, can get you into legal troubles, etc.).
Lock down their threads.

If you have time, follow up on the user's info you saved. See if he's done this before. Read his PMs (surprising what people will say in PMs). See if he has other contacts on your forum. Etc. You can waste a lot of time doing this, so save this for "special cases" or times when you want to test your tracking skills.

Don't worry too much about "hacker payback". Most of these warez users are not very smart (they wouldn't have been caught if they had half a brain ). So as long as your website isn't wide open to script-kiddie attacks they are not going to "fry your hard drive" or something silly like that.

Also, make sure that YOU don't do anything illegal. Reading their PMs is legal, using the information in it to hack their email account is illegal. Telling them that they are breaking the law is legal, but calling their mom can be considered harassment in some states (but it sure is fun ).