scispace - formally typeset
Search or ask a question
Proceedings ArticleDOI

Capacities of Western Balkan Economies (and Their Public Sectors) to Respond to Ransomware Attacks**

22 May 2023-
TL;DR: In this article , an overview of the regulatory framework in relation to Ransomware in Western Balkan economies (Albania, Bosnia and Herzegovina, North Macedonia, Montenegro, and Serbia), while an ethical and practical guidance will be proposed.
Abstract: Ransomware became a global cybersecurity threat affecting not only individuals and private companies, but governments and other public bodies. The paper will firstly introduce the concept of ransomware and emphasize the implications of the global rise of ransomware. Secondly, the paper will provide an overview of the regulatory framework in relation to Ransomware in Western Balkan (WB) economies (Albania, Bosnia and Herzegovina, North Macedonia, Montenegro, and Serbia), while an ethical and practical guidance will be proposed. Then, the paper will briefly present Western Balkan Case Studies, including recent key ransomware attacks occurred in the region. Lastly, the paper will provide recommendations regarding prevention and recovery from the ransom attack focusing on WB region.
References
More filters
Book ChapterDOI
01 Jan 2020
TL;DR: This chapter presents several ethical frameworks that are useful for analysing ethical questions of cybersecurity, and Nissenbaum’s ‘contextual integrity’ approach is introduced, which has become an important framework for understanding privacy, both descriptively and normatively.
Abstract: This chapter presents several ethical frameworks that are useful for analysing ethical questions of cybersecurity. It begins with two frameworks that are important in practice: the principlist framework employed in the Menlo Report on cybersecurity research and the rights-based principle that is influential in the law, in particular EU law. It is argued that since the harms and benefits caused by cybersecurity operations and policies are of a probabilistic nature, both approaches cannot avoid dealing with risk and probability. Therefore, the chapter turns to the ethics of risk, showing that it is a necessary complement to such approaches. The ethics of risk are discussed in more detail by considering two consequentialist approaches (utilitarianism and maximin consequentialism), deontological approaches and contractualist approaches to risk at length, highlighting the difficulties raised by special cases. Finally, Nissenbaum’s ‘contextual integrity’ approach is introduced, which has become an important framework for understanding privacy, both descriptively and normatively. A revised version of this framework is proposed for identifying and ethically assessing changes brought about by cybersecurity measures and policies, not only in relation to privacy but more generally to the key expectations concerning human interactions within the practice.

10 citations

Journal ArticleDOI
TL;DR: This paper argued that the state's duty to protect its citizens from murder grounds a defeasible obligation to pay ransoms, and argued that unless states can offset their contributions to such injustices, paying rANSOM is wrong.
Abstract: Should governments pay ransoms to terrorist organisations that unjustly kidnap their citizens? The United Kingdom and the United States refuse to negotiate with terrorist groups that kidnap and threaten to kill their people. In contrast, continental European countries, such as France and Germany, have regularly paid ransoms to rescue hostages. Who is right? This debate has raged in the public domain in recent years, but no sustained attempt has been made to subject the matter to philosophical scrutiny. This article explores this issue, focusing on the case of ransom payments to terrorist organisations. It contends that the state's duty to protect its citizens from murder grounds a defeasible obligation to pay ransoms. It considers the objection that a policy of paying ransoms endangers citizens abroad by increasing the likelihood of future kidnappings, and it explains why this objection is not sufficiently weighty. It then identifies a more powerful objection: namely, that a state's payment of ransoms makes the state complicit in the serious injustices that its ransom payments fund. It concludes that unless states can offset their contributions to such injustices, paying ransoms is wrong.

5 citations

Journal ArticleDOI
TL;DR: In this paper , the authors analyze financial implications of ransomware attacks, motivation of the ransomware victim to pay ransom, and legal, accounting and tax implications of such payment, and under which conditions is legal to pay any kind of ransom, including cyber ransom, as an organization as well as which other considerations victims should consider when deciding to pay ransomware.
Abstract: Ransomware is a prime cybersecurity threat at the moment. In this paper we analyze financial implications of ransomware attacks, motivation of the ransomware victim to pay ransom, and legal, accounting and tax implications of such payment. The methodological approach used in the study is a combination of formal-dogmatic method and argumentative literature review. First, we provide an overview of all potential losses which could be incurred by the ransomware attack. Further, we analyze under which conditions is legal to pay any kind of ransom, including cyber ransom, as an organization as well as which other considerations victims should consider when deciding to pay ransom. In that respect we analyze accounting and tax implications of losses inflicted by the ransomware attack, putting special attention to the ransom payments.

2 citations

Journal ArticleDOI
TL;DR: The authors posvećen analizi društvenih i krivičnopravnih aspekata fenomena zloupotrebe rensomver (ransomware) malvera.
Abstract: Rad je posvećen analizi društvenih i krivičnopravnih aspekata fenomena zloupotrebe računarskog rensomver (ransomware) malvera. Osnovna hipoteza autora je da nisu razvijeni adekvatni mehanizmi bezbednosne i krivičnopravne zaštite od ove specifične tehnike napada na računarske sisteme i podatke koji su u njima sadržani.Pregledom naučne i stručne literature i korišćenje pravno-dogmatskog i normativnog metoda autori su ustanovili da kriminalitet vezan za upotrebu rensomver-malvera ima potencijal da ozbiljno ugrozi pojedine segmente savremenog društva – privredu, osetljive lične podatke, nacionalnu i nadnacionalnu kritičnu infrastrukturu, a ukazali su i na nedostatke važećih zakonskih rešenja.Autori zaključuju da je neophodno sprovođenje ciljanih edukacija korisnika računarskih sistema i preduzimanje mera za unapređenje bezbednosne kulture, i iznose konkretne predloge za unapređenje krivičnopravnog okvira.

2 citations