Ransomware: Russia Is No Longer Safe For The Blackmailers

In Russia, many cyber extortionists are hiding because they don't have to fear prosecution. That seems to be changing. Or is that just a signal in the Ukraine conflict?

Probably for the first time, Russia has taken action against a cyber extortion group in its own country in a major operation based on foreign information. Russia's domestic intelligence agency FSB reported on Friday that it had dismantled the ransomware group known globally as REvil, arrested 14 members and seized approximately six million euros in rubles, dollars, euros and cryptocurrencies.

REvil no longer exists, the group's information infrastructure has been "neutralized," writes the FSB. The reason for the investigation was a request from American authorities. They have long seen ransomware as just as great a threat as terrorists and have significantly stepped up their investigations into the groups. 

Try This Free Method At Home

In the course of this, the US government has also been demanding that Russia do more against these criminal ransomware gangs for some time - because many of them operate out of Russia.

So far, the perpetrators have been able to blackmail companies and institutions all over the world unmolested, as long as they do not attack Russian targets.

German investigators, for example, have been complaining for years that Russian authorities regularly ignore requests for administrative assistance or cooperation when it comes to ransomware. It is said that even attempts at contact at government level would not achieve much on this issue. That seems to be changing now, possibly also due to increasing international tensions over Russian troop deployments on the border with Ukraine.

REvil: A Hacking Group

Ransomware, an artificial word from the English terms for ransom ( ransom ) and software, describes attacks in which computers are infiltrated, encrypted and thus rendered unusable. The perpetrators then demand a ransom in order to hand over the keys with which the data can be freed again. Criminal organizations have extorted billions with these attacks in recent years and have damaged many companies and authorities.

REvil alone extorted many millions

Ransomware is considered one of the greatest threats to IT, also because there are countless poorly installed systems that attackers can still penetrate using vulnerabilities that have actually been known for a long time. The software called REvil and the organizations behind it were particularly successful and also particularly bold. 

Wordle: K_L_O_N_E

The group published several attacks every week on its blog, threatening victims with revealing their data if they didn't pay. It hit many small and medium-sized companies, city governments, schools, hospitals. IBM security analysts put the group's earnings at $123 million in 2020 alone.

How to deal with it only changed after several major attacks that affected entire industries. A group called Darkside is said to be responsible for the hack against the US company Colonial Pipeline. A large part of all fuels on the American East Coast are transported through its pipelines. 

Twitter "Discover"

When his computer failed, gas stations and an airport were no longer supplied, the US government had to declare a regional emergency and distribute petrol with tank trucks. Some members of Darkside are also said to have previously been active with REvil . Then, in late May 2021, the world's largest meat producer, JBS, was attacked by REvil. Meat plants in Australia, the USA and Canada had to close.

The two attacks were just the latest and biggest in a long line. By this time, the United States had already significantly stepped up its investigations and, among other things, set up an investigative team at the Department of Justice. In May 2021, investigative cooperation between various countries and Europol was also set up in Europe. 

Fortnite Returns To The iPhone And iPad

In November 2021, Europol published the first results of this cooperation. A joint operation by Europol, the FBI and police forces from several countries, including Germany, arrested seven people and seized $6.1 million in cryptocurrencies extorted from victims.

However, the suspects were only so-called affiliates, i.e. partners. Because several ransomware groups run their business similar to McDonald's - they provide the software and the infrastructure, but the actual blackmailing is done by freelancers on their own account. 

Russia-Ukraine Conflict
Like rent, they then transfer part of the ransom to the people behind them – most of whom have so far remained anonymous.

"ransomware diplomacy"

Not much is known about the identity of those arrested in Russia. The Russian news agency Tass only named two names, Andrei Sergeyevich Bessonow and Roman Gennadyevich Muromsky. According to information from Reuters, the latter is a web programmer and not exactly rich.

The Washington Post, however, quotes an unnamed US government official as saying that among those arrested was a person involved in the Colonial Pipeline hack. According to their own statements, the Russian authorities had informed the American authorities about the course of the action.

Ukraine Conflict: Helpless Between The Powers

It is not known why Russia decided years later to take action against the group. At a summit in Geneva with Russian President Vladimir Putin in June 2021, US President Joe Biden had already demanded that Russia do more to combat ransomware. So far, there had been little sign of that happening.

"The most interesting thing about these arrests is the timing," quotes the IT security portal Krebs on Security Kevin Breen from the IT security company Immersive Labs. 

Ukraine Talks

The Russian government's policy towards cybercriminals has not been exactly proactive for years. "With Russia and the US currently negotiating at the diplomatic level, these arrests are likely part of a much broader, multi-faceted political negotiation."

"This is Russian ransomware diplomacy," Dmitry Alperovich also tweeted . He co-founded the IT security company Crowdstrike, which has also been investigating ransomware attacks for years. The arrests are a signal to the US, he continued: "If the US does not impose strict sanctions on Ukraine, we will continue to work with them on ransomware investigations."

Sports Fail: The Ultimate Compilation 

According to the AFP news agency, a representative of the US government said she was "pleased with these first measures". The government representative, who asked not to be named, also made it clear that Russia's actions against REvil had no bearing on the handling of tensions between Russia and Ukraine.

"We have always made it very clear that if Russia invades Ukraine again, we will make it pay a heavy price in cooperation with our allies and partners."

Do You Know What We Have Posted on

twitter facebook instagram reddit tumblr

Post a Comment