Boston Herald

The russian problem

How the Kremlin gives a safe harbor for illegal ransomware

-

A global epidemic of digital extortion known as ransomware is crippling local government­s, hospitals, school districts and businesses by scrambling their data files until they pay up. Law enforcemen­t has been largely powerless to stop it.

One big reason: Ransomware rackets are dominated by Russian-speaking cybercrimi­nals who are shielded — and sometimes employed — by Russian intelligen­ce agencies, according to security researcher­s, U.S. law enforcemen­t, and now the Biden administra­tion.

On Thursday, as the U.S. slapped sanctions on Russia for malign activities including state-backed hacking, the Treasury Department said Russian intelligen­ce has enabled ransomware attacks by cultivatin­g and co-opting criminal hackers and giving them safe harbor. With ransomware damages now well into the tens of billions of dollars, former British intelligen­ce cyber chief Marcus Willett recently deemed the scourge “arguably more strategica­lly damaging than state cyber-spying.”

The value of Kremlin protection isn’t lost on the cybercrimi­nals themselves. Earlier this year, a Russianlan­guage dark-web forum lit up with criticism of a ransomware purveyor known only as “Bugatti,” whose gang had been caught in a rare U.S.-Europol sting. The assembled posters accused him of inviting the crackdown with technical sloppiness and by recruiting non-Russian affiliates who might be snitches or undercover cops.

Worst of all, in the view of one long-active forum member, Bugatti had allowed Western authoritie­s to seize ransomware servers that could have been sheltered in Russia instead. “Mother Russia will help,” that individual wrote. “Love your country and nothing will happen to you.” The conversati­on was captured by the security firm Advanced Intelligen­ce, which shared it with the Associated Press. “Like almost any major industry in Russia, (cybercrimi­nals) work kind of with the tacit consent and sometimes explicit consent of the security services,” said Michael van Landingham, a former CIA analyst who runs the consultanc­y Active Measures LLC.

In the U.S. alone last year, ransomware struck more than a hundred federal, state and municipal agencies, upward of 500 hospitals and other health care centers, some 1,680 schools, colleges and universiti­es and hundreds of businesses, according to the cybersecur­ity firm Emsisoft.

Damage in the public sector alone is measured in rerouted ambulances, postponed cancer treatments, interrupte­d municipal bill collection, canceled classes and rising insurance costs — all during the worst public health crisis in more than a century.

A Russian Embassy spokesman declined to address questions about his government’s alleged ties to ransomware criminals and state employees’ alleged involvemen­t in cybercrime.

?? AP FILE ?? CONTINUING PROBLEM: A Russian man identified as Alexander Vinnik, center, is escorted by police from the courthouse in Thessaloni­ki, Greece, in this 2017. He was convicted of laundering $160 million in criminal proceeds through a cryptocurr­ency exchange and it was hoped he would provide additional informatio­n about the intersecti­on of organized cybercrime and the Russian state.
AP FILE CONTINUING PROBLEM: A Russian man identified as Alexander Vinnik, center, is escorted by police from the courthouse in Thessaloni­ki, Greece, in this 2017. He was convicted of laundering $160 million in criminal proceeds through a cryptocurr­ency exchange and it was hoped he would provide additional informatio­n about the intersecti­on of organized cybercrime and the Russian state.
?? GETTY IMAGES ?? SANCTIONS: President Biden declares new sanctions against Russia Thursday, plus sanctions against 32 companies and individual­s aimed at choking off lending to the Russian government in response to the 2020 hacking operation that breached U.S. government agencies and companies.
GETTY IMAGES SANCTIONS: President Biden declares new sanctions against Russia Thursday, plus sanctions against 32 companies and individual­s aimed at choking off lending to the Russian government in response to the 2020 hacking operation that breached U.S. government agencies and companies.
?? AP ?? CURRENT SQUABBLE: Russian Foreign Minister Sergey Lavrov said Friday Moscow will order 10 U.S. diplomats to leave Russia in response to U.S. sanctions.
AP CURRENT SQUABBLE: Russian Foreign Minister Sergey Lavrov said Friday Moscow will order 10 U.S. diplomats to leave Russia in response to U.S. sanctions.

Newspapers in English

Newspapers from United States