Ransomware as a security threat – social and criminal legislation aspects
Abstract
This article focuses on the analysis of social and criminal aspects of the phenomenon of ransomware-malware abuse. The authors’ basic hypothesis is that the optimal mechanisms in terms of security and Criminal Code protection against this specific form of attacks on computer systems and data stored therein are still underdeveloped.
The review of scientific and professional literature and the use of legal-dogmatic and normative methods by various authors have shown that crime related to the use of ransomware- malware has a potential to seriously endanger certain segments of modern society - economy, sensitive personal data, national and supranational critical infrastructure. The authors have also noted the shortcomings of currently available legal solutions.
The authors conclude that it is necessary to conduct tailored educations of computer system users and also to undertake appropriate activities for the purpose of improving security culture. The authors additionally present concrete proposals for improving the legal framework for criminal legislation.
References
Acronis Cyberthreats Report (2022). Acronis Cyberthreats Report 2022 unveils cyber threat predictions. Available at: https://www.acronis.com/en-us/blog/posts/acronis-cyberthreats-report-2022-unveils-cyberthreat-predictions/
Bing, C. (2021). Exclusive: U.S. to give ransomware hacks similar priority as terrorism. Available at: https://www.reuters.com/technology/exclusive-us-give-ransomware-hacks-similar-priority-terrorism-official-says-2021-06-03/
Bischoff, P. (2021). Ransomware attacks on US healthcare organizations cost $20.8bn in 2020. Available at: https://www.comparitech.com/blog/information-security/ransomware-attacks-hospitals-data/
Collier, R. (2017). NHS ransomware attack spreads worldwide. Canadian Medical Association Journal, 189(22), 786-787
Coveware. (2021). Available at: https://www.coveware.com/ransomware-blog
Criminal Code, Official Gazette of the Republic of Serbia, No. 85/05, 88/05, 107/05, 72/09, 111/09, 121/12, 104/13, 108/14, 94/16, 35/19 [In Serbian]
Davis, J. (2020). UPDATE: The 10 Biggest Healthcare Data Breaches of 2020. Available at: https://healthitsecurity.com/news/the-10-biggest-healthcare-data-breaches-of-2020
Đorđević, Đ. (2014). Criminal Law – a Special Part, 3rd edition. Beograd: Kriminalističkopolicijska akademija [In Serbian]
Fruhlinger, J. (2020). Ransomware explained: How it works and how to remove it. Available at: https://www.csoonline.com/article/3236183/what-is-ransomware-how-it-worksand-how-to-remove-it.html
Global Economic Crisis (2013). Available at: https://www.sciencedirect.com/topics/economics-econometrics-and-finance/global-economic-crisis
Kovačević, A., Putnik, N. & Tošković, O. (2020). Factors Related to Cyber Security Behaviour. IEEE Access, 8, 125140-125148. doi: 10.1109/ACCESS.2020.3007867
Law on Critical Infrastructure, Official Gazette of the Republic of Serbia, No. 87/18 [In Serbian]
Law on IT Security, Official Gazette of the Republic of Serbia, No. 6/2016, 94/2017 [In Serbian]
Law on the Organization and Competencies of State Bodies in the Fight against Cyber Crime, Official Gazette of the Republic of Serbia, No. 61/05, 104/09 [In Serbian]
Mandić, G., Putnik, N., Milošević, M. (2017). Data protection and social engineering - legal, organizational and security aspects. Beograd: Fakultet bezbednosti Univerziteta u Beogradu [In Serbian]
Milošević, M., Putnik, N. (2017). Cyber security and protection against high-tech crime in the Republic of Serbia – strategic and legal framework. Kultura polisa, 14(33). 177-191 [In Serbian]
Milošević, M., Putnik, N. (2019). Specifics of committing the crime of fraud with the use of information and communication technologies. Bezbednost, 2/2019, 68–89 [In Serbian]
Mohurle, S., Patil, M. (2017). A brief study of Wannacry Threat: Ransomware Attack 2017. International Journal of Advanced Research in Computer Science, 8(5), 1938-1940.
Morgan, S. (2019). Global Ransomware Damage Costs Predicted to Reach $20 Billion (USD) By 2021. Cybercrime magazine. Available at: https://cybersecurityventures.com/global-ransomware-damage-costs-predicted-to-reach-20-billion-usd-by-2021/
Putnik, N. (2009). Cyberspace and security challenges. Beograd: Univerzitet u Beogradu – Fakultet bezbednosti [In Serbian]
Radvanovsky, R. & McDougall, A. (2010). Critical Infrastructure, Homeland Security and Emergency Preparedness. Second edition. New York: CRC Press, Taylor & Francis Group.
Rakić, M. (2015). Crisis management in the function of the protection of the critical infrastructures in the transition countries (doctoral dissertation). Fakultet bezbednosti
Univerziteta u Beogradu, Beograd. Available at: https://nardus.mpn.gov.rs/bitstream/handle/123456789/4220/Disertacija52.pdf?sequence=6 [In Serbian]
Stojanović, Z., Perić, O. (2011). Criminal Law - a Special Part, 14th edition. Beograd: Pravna knjiga [In Serbian]
Stojanović, Z. (2018). Commentary on the Criminal Code. Beograd: Službeni glasnik [In Serbian]
Stojanović, Z., Delić, N. (2020). Criminal Law - a Special Part, 7th edition. Beograd: Službeni glasnik [In Serbian]
Vuković, I. (2021). Criminal Law – General Part. Beograd: Pravni fakultet Univerziteta u Beogradu [In Serbian]