Ransomware is a global threat as it targets governments, hospitals, educational institutions and businesses worldwide, "locking" or stealing their data files until they pay the ransom required. Even law enforcement cannot stop it. According to security researchers, US law enforcement and now the government Bidenransomware rackets are dominated by Russian-speaking hackers who are protected - and sometimes employed - by Russian intelligence services. But how is the Kremlin a "safe haven" for ransomware criminals?
On April 15, as the US imposed sanctions on Russia for malicious activities - including hacking Russian government-backed attacks - the US Treasury Department said the Russian intelligence service allowed ransomware attacks disguised as hackers.
With ransomware losses now reaching tens of billions of dollars, the Marcus Willett, the former head of Britain's government intelligence service, recently said the scourge was "arguably strategically more harmful than state cyber espionage".
"Like almost every major industry in Russia, cybercriminals with the tacit - and sometimes explicit - consent of the security services", he said Michael van Landingham, former CIA analyst, who runs the consulting firm Active Measures LLC.
The Russian authorities have a simple rule, according to him Karen Kazaryan, His CEO Internet Research Institute in Moscow: "If you steal something from the Americans, that's fine", he added.
Unlike North Korea, there is no indication that the Russian government is directly benefiting from ransomware attacks, although Russian President Vladimir Putin may see the chaos caused by this crime as a strategic advantage.
Only in the USA in 2020, ransomware hit more than 100 federal, state and municipal services, over 500 hospitals and other healthcare facilities, approx 1.680 schools, colleges and universities and hundreds of businesses, according to Emsisoft.
The ransomware attacks that hit these sectors have led - among other things - to redirect ambulances, postpone cancer treatments, stop collecting municipal bills, cancel courses and increase insurance costs. All of this has happened in the worst health crisis in the last century or so.
The idea behind these attacks is simple: Criminals distribute maliciously data-scrambling software in computer networks, use it to steal the data files of an organization and then require huge amounts of ransom - which can reach up to 50 million - to return or recover the stolen data to the respective victim. If the victims do not pay the ransom, criminals can post their unscrambled data online.
Collusion between criminals and the government is not new in Russia, he said Adam Hickey, US Deputy Attorney General, who noted that cybercrime can provide good "cover" for espionage.
In his decade 1990, the Russian intelligence service often recruited hackers for this purpose, Kazaryan said.
The Kremlin sometimes attracts arrested criminal hackers and gives them a choice between jail time and working for the state, he said. Dmitri Alperovitch, former chief technical officer of the cybersecurity company Crowdstrike. Sometimes, hackers use the same computer systems for state-sanctioned hacking and off-the-clock cybercrime for even personal gain.
This happened in one Yahoo hack in 2014, by which more than 500 million accounts were breached users, among whom were allegedly included accounts of Russian journalists and US and Russian officials. A US survey led in 2017 in charges against four men, including two officers of Russia's FSB security service (KGB successor). One of them, o Dmitry Dokuchaev, worked in the FSB office that works with the FBI on cybercrime. Another defendant, o Alexsey Belan, allegedly carried out the hack for personal gain.
A Russian embassy spokesman declined to comment on questions about his government's alleged links to ransomware criminals, as well as the alleged involvement of government officials in cybercrime. "We do not comment on accusations or rumors", he said Anton Azizov, Deputy Spokesman in Washington.
Providing Russian state links to ransomware gangs is not easy. The criminals are hiding behind aliases and the names of malware executives change periodically that they develop, to confuse the law enforcement of the West.
But at least one ransomware vendor has been linked to the Kremlin. The 33-year-old Maksim Yakubets, is better known as the co-leader of a gang known as Evil Corp. Ukrainian-born Yakubets lead a luxurious life, driving a Lamborghini with a personalized license plate that translates to «Thief», according to the British National Crime Agency.
Ο Yakubets started working for her FSB in 2017, then assigned tasks such as obtaining confidential documents through cyber-enabled media, and conducting cyber-enabled operations, according to the U.S. indictment in December 2019. At the same time, the U.S. Treasury Department imposed sanctions on the Yakubets and offered $ 5 million fee for information leading to his arrest.
The indictment indicted Evil Corp. to develop and distribute ransomware used to steal at least $ 100 million in more than 40 countries over the past decade.
By the time Yakubets was indicted, Evil Corp. had become a major ransomware player, say security researchers. By May 2020, the gang had distributed a strain of ransomware used to attack eight Fortune 500 companies, including the manufacturer of GPS devices Garmin, whose network was down for a few days after an attack, according to Advanced Intelligence.
Yakubets remains free. Another Russian jailed in France could give a clearer picture of the cybercrime deals with the Russian state. THE Alexander Vinnick was convicted of laundering $ 160 million in criminal proceeds through a cryptocurrency exchange called BTC-e. A 2017 U.S. indictment alleges that "some of the largest known ransomware vendors" used it to launder $ 4 billion. However, Vinnick cannot be extradited until he completes his 5-year prison sentence in France in 2024.
The sanctions announced by the White House against Russia on April 15 send a strong message, but it is difficult to prevent such attacks in the future.
Source of information: Washington Post