On January 14, 2022, the Russian government has said they’ve arrested 14 alleged cybercriminals working for a ransomware group called REvil, which has effectively crippled the group and any infrastructure they’ve used[2]. The reason for arresting these criminals was a previous request from the US government for action against cybercriminals like REvil. [1]
The Group which was notorious for hacking has previously targeted many large American companies and American businesses, some notable ones being involved in the Colonial Pipeline cyberattack[3] and an attack on an American food processor JBS[1]. These attacks primarily used Ransomware where they would hold a system hostage and prompt the victim to send money usually via cryptocurrencies to a wallet in exchange for a decryptor[3]. As a result of these cyberattacks this group caused millions in damages and made millions as a result of these said attacks[3]. Many assets were seized when the Russian government raided and arrested these criminals, the amount of which was worth more than 5.6 million dollars. [1]
Why did the arrests come now? as it seems like the US requested Russian to act and provided information to Russia last fall[4]. It seems like the arrest of prominent Russian cybercriminals comes at a time of high tension over border issues with Ukraine, as Russia is currently building up troops on the border with the excuse of joint exercises with Belarus[5], in addition there have been many cyberattacks on Ukrainian governmental sites[7]. This may be a sort of way of bargaining politically with the US. As it seems to a lot of people that Russia is using the potential arrest of cybercriminals as leverage in political discussion. These arrests may be a potential negotiation point with the US involving the discussion of Ukraine where if the US slightly backs off from Ukraine in exchange for cooperation in capturing cybercriminals based in Russia, as a large number of cybercriminals that attack the US reside in Russia[6].
What doe this mean for cybersecurity?
Now it seems like cybercriminals cannot act without impunity anymore even if they are outside the jurisdiction of the victims country, as Russian cybercriminals previously seemed untouchable as US law enforcement could not persecute them in sovereign Russian territory. This was terrible for dissuading cyberattacks and allowed for large ransomware organizations to grow in Russia which primarily attack the US. Groups like Darkside, REvil, and GandCrab and more to target American cyberspace. It seems now that with Russian cooperation large cybercriminal groups will be forced to be more discrete and will be persecuted if they create a cyberattack which affect people in democratic countries. This overall would increase cybersecurity if Russia cooperates with American authorities persecuting cybercriminals in Russia. However, it would need to have a Russia would need to cooperate long term for the effects to last which I highly doubt would happen.
References
- https://threatpost.com/russian-security-revil-ransomware/177660/
- https://www.wired.com/story/russia-revil-ransomware-arrests-ukraine/
- https://krebsonsecurity.com/2022/01/at-request-of-u-s-russia-rounds-up-14-revil-ransomware-affiliates/
- https://www.cnbc.com/2021/07/09/ransomware-biden-presses-putin-to-disrupt-cybercriminals-in-russia.html
- https://www.theguardian.com/world/2022/jan/17/russia-moves-troops-to-belarus-for-joint-exercises-near-ukraine-border
- https://www.theguardian.com/technology/2021/oct/11/russia-and-nearby-states-are-origin-of-most-ransomware-says-uk-cyber-chief
- https://www.bloomberg.com/news/articles/2022-01-14/several-ukraine-ministry-websites-struck-by-likely-cyberattack
Hey,
Great post! Its interesting to see Russia abide and help the US in tracking down these hackers. My post and several others I have read have discussed the use of these hackers by nation states against other nation states and institutions. What I wonder is whether these hackers will actually face extradition to the US or jail time in Russia. If its the latter I wonder if it is a slap on wrist given that Russia themselves have deployed their own hackers (Ukraine). It seems disingenuous and like you mentioned is it merely political baiting on Russia’s part (losing a small team for all of Ukraine).
Good post!
Cybercrimes are always related to politics. In my opinion, I don’t think the Russian government is willing to arrest those 14 cybercriminals, like what you said “This may be a sort of way of bargaining politically with the US”. In fact, depending on what I learned about cybercrimes on the Internet, The US and Russia both own some “legal” cybercriminals and support them to cyberattack to the other side. So, I am wondering if REvil has some kind of relationship with the Russian government, and the Russian government has sacrificed REvil for the political issue in Ukraine. This is only my guess. Anyway, destroying cybercrime groups is always a good thing for our society, because nowadays we truly need a safe online society.
It’s interesting that you mention they potentially want to use this fact to bargain politically. The market for cybercriminals (not just hackers) is quite large in Russia, and thus the arrest of a major group could send shivers down the spines of those not yet prosecuted. Meaning that they may reduce their movements for the time being to avoid detection, or they will evolve their techniques to be less easy to detect (which is worse than the aforementioned result). Either way, this (potential) facade is not necessarily convincing, but perhaps Russia plans on being more cooperative in the future and maybe these attacks will occur less frequently.
Very interesting post. It’s interesting that Russia is complying with us demands to arrest hackers in their own country. From an objective point of view, these hacks have really hurt the United States. I’m more interested in what happens to hackers. Nowadays with the development of science and technology, it is easier and easier for people to surf the Internet. Now all you need is a phone, a watch or even glasses. When these hackers are released from prison, how do you make sure they don’t touch the network?
Hey, great post! I know another individual talking about REvil. The same sounds like a Resident evil franchise spin-off. Nonetheless, I think their arrest was a good thing because it shows that governments are willing to take action against hackers. Similarly, their downfall could potentially lead to the arrest of other groups that engage in similar activities. Furthermore, what concerns me the most is that they were arrested in Russia as they are known for sponsoring such groups to destabilize regions and countries to achieve their goals. I wrote a blog post on a similar topic and I highly encourage you to check-in out. The post concerns Russia’s role in cyber espionage on a global scale and how they make use of group like REvil to achieve their agenda.