THE SOCIAL AND LEGISLATIVE PRINCIPLES OF COUNTERACTING RANSOMWARE CRIME

. This article aims to analyze the relationship between the threat of ransomware and new effective counteraction principles for law enforcement agencies to utilize. Moreover, it contemplates on how specific behavior of persons can help reduce the threat of being infected with this malicious software. It establishes that certain changes made in society’s mentality towards their computer and network systems can significantly reduce the consequent damages of ransomware attacks. The manuscript uses a qualitative research approach and the analysis of variance (ANOVA), including an F-test, which defines major challenges in ransomware. This is the first empirical research piece which uses this type of data and approach for the analysis of current threats in global ransomware security. The article suggests that the main challenge is the systematic growth of ransomware connected to illegal businesses and the inattentive actions of casual users. The research paper proposes the implementation of global ransomware counteraction principles on the base of challenges that are present now and the prospects of rising threats in the future. In addition, the manuscript analyzes the trends of the last 2-years of attacks to find and determine new ways of successfully counteracting it for optimal innovative regional development.


Introduction
The post-industrial era makes global digital technologies accessible and easy-to-use. Today's society is reliant on the internet, although the effects of this dependence is a common topic of debate. Information Technologies (IT) provide many services that contribute to making our everyday lives simpler and more organized.
However, availability of global digital technologies opens opportunities for individuals who are looking to take advantage of their vulnerabilities. Security breakdowns can lead to economic losses of innocent citizens, companies and even governments. Worse still, perpetrators can use computers and network systems to raise alarms, create panic in anticipation of violent ransomware attacks-and to coordinate and carry out terrorist acts. To great despair, counteraction of cybercrime has faced many problems, which have yet to be resolved (Zimba et al., 2018;Plėta et al., 2020).
One of the most effective ways of bypassing security protocols of computer systems and consequently infecting them is through ransomware. Ransomware is one of many categories of malicious software and affects masses of computers: ranging from family desktop PCs to corporate systems. Ransomware is described as a "kind of malware which demands a payment in exchange for a stolen functionality". Unfortunately, these ransomware attacks are prominent to this day and pose a significant threat.
Researchers have attributed the lack of an acute response to these crybercrimes to many factors. Among them is IT professionals' lack of understanding and interest in the phenomenon of cybercrime. Moreover, law enforcement officials lack the tools necessary to address the problem: old laws cannot conform with committed crimes. At the same time, new laws have very few judicial precedents that can be guided (Mercaldo et al., 2016).
As will be further discussed in the study, virtually everyone has the potential to counter cybercrime, especially ransomware. And if everyone is well-informed, attentive and careful, society in its entirety will have a better understanding of the principles of preventing these ransomware attacks. Of course, lots of changes will have to be made to achieve this (Kurpjuhn, 2019). But two groups specifically can increase their efforts to handle this problem and pave the way for countering this phenomenon (Chung, 2019;Al-rimy et al., 2018).
Another problem that should be emphasized is that everyone is talking about cybercrime despite not having an official definition of it (O'Kane et al., 2018).

Literature review
As cyberspace becomes more prominent in the modern world, it is evident that law enforcement agencies are not always able to keep up with its rates of growth. The scale at which IT has consumed the world has made systematicly and successfully committing cybercrimes possible. Because of this, networks of cyberfraud begin to nest in virtual space and harm individuals, governments, businesses. Responses to these actions should be strategical, tactical, and cooperative (Fagioli, 2019).
Cybercrime counteraction faces many problems. The general confusion surrounding the definition of cybercrime is an issue that needs to be addressed and resolved. A lack of professionals correctly determining the unique nature and threats of cybercrime could result in an array of complications which make counteracting it even harder.
There are many reasons justifying the development of a model definition of cybercrime specifically. A standardized perception of cybercrime across IT personnel, computer users, victims, police officers, detectives, prosecutors and judges will lead to the aforementioned unification of different social institutions, which, above all
Cybercrime definition should be unified not only among agencies, but among countries as well, due to the possibilities that cyberspace, the virtual space in which cybercrimes are committed, grants. This virtual world allows crimes to happen wherever. Thus, a mutual understanding of cybercrime across the globe is necessary to counteract this aspect of the problem (Kolodenker et al., 2017;Alwaelya et al., 2020;. Cybercrime definition would aid not only cooperation between agencies but also all parties individually. For example, IT professionals need a good definition of cybercrime to know when (and what) to report to authorities. At the same time, law enforcement needs a legislative definition of this type of crime to prosecute offenders, as laws must be defined in order to be enforceable (Pope, 2016).
Attempts to define cybercrime illustrate that it is a very generalized term. Practically speaking, these definitions are useless in almost any discussion, especially that which attempts to fully analyze cybercrime. This research paper now presents some noteworthy interpretations of cybercrime (Paquet-Clouston et al., 2019).
Many state-level and international organizations have attempted to give a working definition. The Council of Europe's Cybercrime Treaty's definition of cybercrime is broad, including such offences as criminal activity aimed at collecting or manipulating data and even copyright infringement. The United Nations Manual on the Prevention and Control of Computer Related Crime on the other hand, includes more misdemeanors, such as forgery, unauthorized access to computer systems and fraud. Symantec Corporation, which is a company specializing in computer security, gives the following definition of cybercrime: "any crime that is committed using a computer or network, or hardware device". At this point in the 21 st century though, almost any action of any person in a First-world country utilizes the listed elements, so, perhaps, the line between a regular crime and cybercrime becomes too blurry.
Other studies and research papers are categorizing cybercrimes in order to come to a more cohesive conclusion. Gordon and Ford (2006) brought the idea of distinguishing Type I and Type II cybercrime based on the offences' characteristics, including whether or not the act was limited to computer systems exclusively (Covic and Voß, 2019;Tarakanov, 2020, Mikhaylov andSokolinskaya, 2019).
Conversations and discussions on cybercrime in general can be extensive. However, this study focuses on one of the most common offences in cyberspace: ransomware. Ransomware, as has been already stated, is a type of malicicious software (Malware) which infects many Personal Computers. The infection, generally, can be in two forms. The first one completely locks out the user from accessing their system unless a ransom is paid. The other form restricts access to sensitive documents and information under the threat of deleting them unless the same condition is met. The size of the ransom can vary depending on the victim and situation, and criminals often demand the fee be payed in Bitcoin due to the privacy and lack of transparency that comes with cryptocurrency payements and transfers. Regardless, the general consensus is to not pay the ransom, as in doing so, the victim is proving the hackers' scheme to be profitable and they will continue to harm other systems. Moreover, no victim can be sure that the criminals will "hold up their end of the bargain" and actually unlock the system and/or files (Gonzales and Hayaineh, 2017;Zhang et al., 2019;Meynkhard, 2019;Lopatin, 2019;Lopatin, 2020;Denisova et al., 2019;Mikhaylov, 2018a;Mikhaylov, 2018b).
Although CryptoWall, which had become the leading version of ransomware in 2015, had great reputation for decrypting files after paying the fee, far from many other criminals and systems were as honest, which, of course, Ransomware has been terrorizing persons' computer systems for over a decade now. The volume of these infections when the first ransomware ransomware attacks were made was initially low. Nevertheless, the rate at which ransomware spread increased over 500% in the year 2013 when compared to previous years. One of the many reasons that the number of ransomware attacks had increased exponentially was due to the fact that ransomware has shifted from infecting business network systems and computers to personal computers in households. It is noteworthy that these ransomware attacks are also more frightening, which is explained by the nature of household users to neglect backing up their files and using an effective antivirus that may prevent such happening in the first place (Connolly and Wall, 2019;Meynkhard, 2020b;Nyangarika et al., 2018;Nyangarika et al., 2019a, Meynkhard, 2020aNyangarika et al., 2019b).
Malware itself is accompanied by other viruses and worms, which harm computer systems and are a breach of security and privacy. One of the key issues relating to this subject is that programs meant to decrease victimization risk are not very effective. As of 2020, it is estimated that 33.28% of unprotected computer systems are infected with malware. Compare this to the 25% of PCs that are infected despite having anti-virus programs installed, and it would seem, as indicated by the relatively small spread between the figures, that these applications alone cannot prevent infections from happening. Moreover, criminology and IT are not capable of single-handedly counteracting this problem. It is an individual's responsibility to be familiar with the consequences of browsing suspicious and unsafe websites and change their behavior accordingly (An and Dorofeev, 2019;Brewer, 2016;Varyash et al., 2020;Nie et al., 2020).
Taking these facts into consideration, self-control is an important factor when analyzing victimization rates. It is a user's responsibility to be wary of visited websites and downloaded files. Low levels of self-control contribute to certain types of security breaches, data manipulation, and on-line harassment. Not only that, but these individual characteristics can be associated with minor cyberdeviance. These discoveries illustrate that individual characteristics and decisions are vital for safety in cyberspace but are not able to sufficiently provide a full line of security (Everett, 2016;Mohurle and Patil, 2017;Mikhaylov, 2019;Dayong et al., 2020;Denisova et al., 2019;Dooyum et al., 2020).
Among many cyberspace attacks, ransomware in particular is dependant and reliant on the behavior of the infected user -the victim. Ransomware attacks can be coordinated, targeting a specific system, e.g. a company's network of computers. However, these offences often happen due to a lack of attention from potential usersthey "accidentally" get infected whilst visiting suspicious websites and downloading unsafe files. The behaviour of a user is presented not only by whether or not he has been infected, but also by his decision to pay the ransom or not. This is a key component in understanding and preventing ransomware attacks, because the decision to comply with hackers can give them incentive to keep their criminal spree going (

Materials and methods
A qualitative research approach is used in this study to reach its goals. Qualitative inquiries can be used for deep studying of ransomware crime like researchers before (Connolly and Wall, 2019). A focus group was created in order to be examined and analyzed. Our sample is made by persons who had rich experience with cryptoransomware ransomware attacks.
Several measures were taken to verify the study's results and ensure reliability of the findings. Secondary data served as an important validator of discoveries. Moreover, the employment of a purposeful sampling technique prevented sampling distortion. The sample size itself was determined by the principle of theoretical saturation, equating to 30 interviewees.
Another key technique used in the study was asking respondents to provide feedback on interview transcripts and study findings and subsequently rationalizing them. The results of the survey were shared with an experienced researcher from TrendMicro, who provided important expert comments. All findings are supported by interviewees' quotes, providing additional verification. Finally, study informants showcased a high degree of unanimity about the necessary organizational measures needed to respond to the crypto-ransomware threat suggests that the results are reliable and will not change significantly if additional organizations were to be interviewed.
It is our belief that these precautions have eliminated most inaccuracies and misunderstandings from the data collection. Although we do not claim that the list of proposed measures is exhaustive, the utilization of the aforementioned principles ensures reliable results. As for the validity of findings, the situation is generally more complex. Interviews inevitably allow participants to answer questions in ways that distort facts. However, in this study, the situation appears to be unique. Participants had various incentives to provide factual answers. Although we do not claim that the study participants were entirely honest or forthcoming, several factors allow us to conclude that interviewees provided trust-worthy replies (Mikhaylov, 2020a;Mikhaylov, 2020b;. This conclusion can be made based on several reasonings. The majority of victims suffered greatly from cryptoransomware attacks, including personal emotional distress as well as physical damage to IT infrastructure. The key incentive for participation in this study was to share their experiences with the aim to prevent future ransomware attacks on other organizations. Interviewees appeared to be genuinely concerned with the threat that these attacks present, including its recent proliferation and the consequences it may entail. Several respondents strongly disapproved the fact that many organizations are hiding active cyber-ransomware attacks. Moreover, several interviewees were appalled by the fact that criminals held them hostages and wanted to 'share their story' and warn others Mikhaylov et al., 2018).
Almost all victims actively participated in validation exercises and expressed a keen interest in receiving final results and conclusions. As for Police Officers from the CCUs, the very nature of their job is to reduce cybercrime. Hence, they have a genuine interest in providing objective data. Our observation was that law enforcement representatives readily shared data on ransomware ransomware attacks, carefully concealing victims' identities. Other tactics that may have ensured honesty in informants included clearly communicated anonymity procedures, an option to change or delete parts of text in the transcripts (Sunchalin et al, 2019;Gura et al., 2020;Prosekov et al., 2020).
With respect to the respondents' confidentiality, aliases are used for the informants and ransom amounts are concealed, as the latter could otherwise be used to identify some of the interviewees (Table 1). The data was used between January and December 2018. The interview questions are as follows:

ENTREPRENEURSHIP AND SUSTAINABILITY ISSUES
Can you please describe the experience of the ransomware incident? What made you understand that a ransomware ransomware attack took place? What was the source of the ransomware? In your opinion, why was the ransomware effective in infecting the network? Does your organization have ransomware policies and provide specific training? Does your organization backup its files and electronic documents? Does your organization utilize antivirus software? Does your organization have cybersecurity insurance that overs ransomware? What did you learn from this experience? What changes have been made in the organization following the ransomware attack? The research targeted the speacilists' reaction during the cybercrime incidents and has 3 phases of analysis (Fig.  1). The paper classifies answers and obtained results of the ransomware attacks. The ransomware attack time horizon is from the years of 2014 until 2018. These ransomware attacks were structured by the types of cryptoransomware. The aim is to find a balance between using specific humans or machine systems as initial targets. (Ivanyuk and Soloviev, 2019;Ivanyuk, 2018;Radosteva et al., 2018;Elizarov et al., 2017).
Furthermore, statistics on e-mail spam and phishing rates (Appendix) are used to confirm the thesis that they are both correlated in infecting computer systems with ransomware. It is noteworthy that the analysis of variance (ANOVA) in particular is used in order to find possible discrepencies and differences between the cases. The tables are used as samples and the discovery of variance. Whilst related methods, such as the t-test are similar, and can also be used, the decision to use the ANOVA specifically was made due to familiarity of the authors with it (

Results
As we have already reviewed, the behavior of people is incredibly important in situations regarding the prevention of infections in cyberspace and the successful reolvement of problems which may arise. The interview that was conducted is meant to understand what methods organizations utilize to keep their data and systems safe.

ENTREPRENEURSHIP AND SUSTAINABILITY ISSUES
ISSN 2345-0282 (online) http://jssidoi.org/jesi/ 2020 Volume 8 Number 2 (December) http://doi.org/10. 9770/jesi.2020.8.2(47) 784 The collected data shows that over half of victims are able to retrieve lost data using backups. This method, as described by the interviewees themselves, allowed them to avoid some damage caused by the attack, whilst simultaneously not succumbing to the criminals' demands. This has proven to be incredibly effective.
An aspect that had been vital to understanding the scale and consequences of ransomware infections is insurance. Figure 1 presents data on countries with cybersecurity insurance and contrasting insurance which covers ransomware attacks in 2019. This data directly parallels with the study's first stage of analysis titled "Factors that helped recovery" and the subsequent stages. As evident by the Figure, the choice of obtaining insurance that covers ransomware is inconsistent among the examined countries. Some countries decide to "go the extra mile" and also protect themselves from Ransomware. In order to understand the reason behind some countries' organizations valuing ransomware insurance more than others, the study observes the states in which ransomware attacks are more frequent (Figure 3). As you can see, India has been targetted most often, which explains the neccessity to buy not only cybersecurity insurance, but also that which protects from ransomware. Of curse, this may lead to subsequent problems, which is based on the ransom being paid (Figure 4).

786
It is not surprising that the country with the most intense insurance-policy pays the ransom far more often than many other states. This method of dealing with ransomware, as stated by our interviewees, proves to be effective, as almost every organization that was attacked by ransomware and paid the fee had the ransom paid by insurance. Subsequently, this often resulted in data and systems being unlocked.
The sums of money paid should also be put in perspective. The figure 5 below shows the average fee among ransomware infections contrasted with one of the most expensive types of ransomware -Ryuk. The key takeaway from this graph is that this volume of money ends up in the hands of criminals, that may use these new resources to continue harming other computer systems. Regarding the ANOVA test, a strong correlation (F=10019) was found between email spam rate and email phishing rate (Table 2). These methods are both common, and thus users should be informed about the possible dangers of both methods in which hackers can take advantage of vulnerebilities in their systems. These results also parallel with the results of our interview, where most infections were said to happen through e-mail messengers.

Discussion
Commercial companies have given employees short seminars about these problems. There are programs for theoretical studies and practical experiences of law enforcement in big cities (Malecki, 2019;Yaqoob et al., 2017).
In rural areas and provinces, only a few law enforcements officers have specialized training in computer crime investigation. But this situation is slowly improving. Crime scene patrol officers are some of the most trained individuals in this area of expertise. They are first to produce and store (or destroy and approve the destruction of) valuable digital evidence. Ideally, all members of the justice system should receive basic information technology education and, better yet, the level of training that these officers have. However, this goal cannot be achieved in a short time period, but requires revamping the system of guides that are followed by officials (Mansfield-Devine, 2016).
As for the results of scientific methods used: businesses in particular are interested in ensuring the security of their data, documents and files, as the damages can be overwhelming. This has led to the development of different plans meant to resolve possible issues. Among them, as we have noted, is insurance along side file backup. Insurance is a form of "temporary solution", as the criminals are still able to gain their desired resources. Backups on the other hand, do not resolve the issue of "bricked" hardware, as it allows to replace previous systems with newer. However, this has the potential to save a business large funds compared to insurance or plainly paying the ransom. Moreover, insurance-paid ransom is not guaranteed to be unlockedbackups are more reliable in this situation.

ENTREPRENEURSHIP AND SUSTAINABILITY ISSUES
ISSN 2345-0282 (online) http://jssidoi.org/jesi/ 2020 Volume 8 Number 2 (December) http://doi.org/10. 9770/jesi.2020.8.2(47) 788 This brings us to arguably the most important point of the studypreventing ransomware attacks from happening in the first place. This is obviously the most beneficial situation, but it requires training and increased attention from usersa change in their behavior in cyberspace in general.
Users are capable to prevent thousands of dollars in damages if they simply add discipline, control, awareness to their browsing and Internet-surfing experience. This is the exact reason many organizations that have faced ransomware attacks intensify their programs to educate employeesas they, individuals, are also responsible for vulnerability exploitation (Ye et al., 2016).

Conclusion
Nowadays, very few organizations, governments and persons work and function without the use of gadgets, IT devices, computer systems. Because technology has integrated in to our lives as much as it has, it becomes progressively more important to invest in making cyberspace safe.
The study has reviewed how different methods of resolving the attack impacts the spread of ransomware across the Internetbe it insurance policy, backups or simply paying the ransom. Furthermore, the possible gateways to infection have been analyzed and examined. A strong connection between e-mail spam and phishing has been found, which reinforces these two methods of infection as one of the most commonmaking them essential to be learned in group seminars and courses about safety in cyberspace.
The research paper has also drawn results from interviewing persons with first-hand experience of facing ransomware attacks. These attacks emphasize vulnerabilities in the organization's computer system and can lead to permanent damage and file-loss. In the aftermath of the attack, organizations' and persons' weak spots are put on display, and they begin to take cybersecurity in a more serious manner, as it is an urgent mannerno one can know if they will be attacked today, tomorrow or in a month.
Despite paying much attention to ways that ransomware can be dealth with, this study values prevention tactics the most: making sure that infections do not occur in the first place. There are This study, just as any other, has its limitations. For example, there are other common ways users can get infected with unwanted virii, such as visiting suspicious websites and downloading hazardous files and documents. these methods were reviewed, but were not researched in further detail. Furthermore, mobile users have been facing the issues of ransomware infections at an increasing alarming rate. This type of virus has become more common on gadgets and this should be a topic for future extensive research. There are numerous studies discussing machine learning methods of detecting ransomware, which is a topic that can be successfully utilizied by big corporations as well as governments.

Contribution to the body of knowledge
This paper summarizes the literature review on the growing problem of ransomware attacks across the world. The principals of infection have also been discussed and analyzed. Furthermore, the article emphasizes the causes and sources of users' vulnerability. It has evaluated that the industry of Information Technology has potential to become safer not only through means of regulation, but also by changing the mentality that people have when browsing the internet. The research paper has reported on actions to prevent the spread of ransomware can and should be done by all social institutions: governments, organizations and households. Governments have numerous levers to not only detect attacks and resolve issues, but bring criminals to justice. The state has a monopoly on this, as no other institution, be it a business or individual person, can "get revenge" for the damages.
In order to do this, laws must be passed to build a legislative base for counteracting cybercrime and punishments  (2019) in the Financial University under the Government of the Russian Federation. He is the author of several articles that have been published by journals indexed in SCOPUS, addressing topics, such as economic relations, policy and energy potential. Main scientific interests are: energy, resource conservation, region, energy-efficient development, energy indicators, modeling, forecasting, strategic planning, independence of network operation. ORCID ID: https://orcid.org/0000-0002-8708-132X Diana STEPANOVA is Associate Professor of the Department of Finance and Prices, a leading researcher at the Plekhanov Russian University of Economics, Moscow, Russia. She is the author of more than 50 scientific papers and conference materials indexed in Russian and international scientific databases (more than 20 SCOPUS and WoS articles in total) on problems of Economics and Finance both at the macro level and at the level of individual industries and companies. She teaches the cources: Finance, Global financial markets, Foreign exchange market, Company credit policy, International finance, International financial market, Pricing, Financial markets and financial instruments, International pricing. ORCID ID: https://orcid.org/0000-0001-5981-6889