A handful if times, I was able to track down the guy distributing (not authoring) the malware via social media, youtube,discord, github and more (even opened a github issue respectfully asking them to stop distributing malware) and I was able to find the country they live in as well as their name (even a home address and cellphone in one case). I mention this because even with all that info there isn't much I can do that would be worth doing to take action against them. I have filed IC3 FBI complaints for far worse and they don't even so much as reply. I can get an "industry contact" to get me to relay that to an actual special agent but it would have to be something highly impactful like a ransomware, I can't do that for every small time crimeware I find.
Jurisdictions like Russia have a policy of looking the other way as well so long as you look the other way and in some countries, just having actual cybercrime laws and then the diplomatic relation strong enough to cooperate with their cops can be rare to find.
But focusing on the cost alone is a mistake, threat actor cost-benefit analysis is key here. In the 80s and early 90s for example, big cities were a crime horror show because cops couldn't catchup enough and the reward, relative to potential reward of law abiding life was dismal compared to today (well, that and lead babies!). I don't believe stop-and-frisk or "broken windows" policing made a difference nowhere near as much as better opportunities, entertainment, education and economy as well as "the internet" and tech making it harder to get away with crime did.
Jurisdictions like Russia have a policy of looking the other way as well so long as you look the other way and in some countries, just having actual cybercrime laws and then the diplomatic relation strong enough to cooperate with their cops can be rare to find.
But focusing on the cost alone is a mistake, threat actor cost-benefit analysis is key here. In the 80s and early 90s for example, big cities were a crime horror show because cops couldn't catchup enough and the reward, relative to potential reward of law abiding life was dismal compared to today (well, that and lead babies!). I don't believe stop-and-frisk or "broken windows" policing made a difference nowhere near as much as better opportunities, entertainment, education and economy as well as "the internet" and tech making it harder to get away with crime did.