The Mercury News

How the Kremlin gives safe harbor for ransomware

Damage from global extortion attacks has cost tens of billions of dollars

- By Frank Bajak

A global epidemic of digital extortion known as ransomware is crippling local government­s, hospitals, school districts and businesses by scrambling their data files until they pay up. Law enforcemen­t has been largely powerless to stop it.

One big reason: Ransomware rackets are dominated by Russian-speaking cybercrimi­nals who are shielded — and sometimes employed — by Russian intelligen­ce agencies, according to security researcher­s, U.S. law enforcemen­t, and now the Biden administra­tion.

On Thursday, as the U.S. slapped sanctions on Russia for malign activities including state-backed hacking, the Treasury Department said Russian intelligen­ce has enabled ransomware attacks by cultivatin­g and co-opting criminal hackers and giving them safe harbor. With ransomware damages now well into the tens of billions of dollars, former British intelligen­ce cyber chief Marcus Willett recently deemed the scourge “arguably more strategica­lly damaging than state cyber-spying.”

The value of Kremlin protection isn’t lost on the cybercrimi­nals themselves. Earlier this year,

a Russian-language darkweb forum lit up with criticism of a ransomware purveyor known only as “Bugatti,” whose gang had been caught in a rare U.S.-Europol sting. The assembled posters accused him of inviting the crackdown with technical sloppiness and by recruiting non-Russian affiliates who might be snitches orundercov­ercops.

Worst of all, in the view of one long-active forum member, Bugatti had allowed Western authoritie­s to seize ransomware servers that could have been sheltered in Russia instead. “Mother Russia will help,” that individual wrote. “Love your country and nothing will happen to you.” The conversati­on was captured by the security firm Advanced Intelligen­ce, which shared it with the Associated Press.

“Like almost any major industry in Russia, (cybercrimi­nals) work kind of with the tacit consent and sometimes explicit consent of the security services,” said Michael van Landingham, a former CIA analyst who runs the consultanc­y Active Measures LLC.

Russian authoritie­s have a simple rule, said Karen Kazaryan, CEO of the software industry-supported Internet Research Institute in Moscow: “Just don’t ever work against your country and businesses in this country. If you steal something from Americans, that’s fine.”

Unlike North Korea, there is no indication Russia’s government benefits directly from ransomware crime, although Russian President Vladimir Putin may consider the resulting havoc a strategic bonus.

In the U.S. alone last year, ransomware struck more than a hundred federal, state and municipal agencies, upward of 500 hospitals and other health care centers, some 1,680 schools, colleges and universiti­es and hundreds of businesses, according to t he cybersecur­ity firm Emsisoft.

Damage in the public sector alone is measured in rerouted ambulances, postponed cancer treatments, interrupte­d municipal bill collection, canceled classes and rising insurance costs — all during the worst public health crisis in more than a century.

The idea behind these attacks is simple: Criminals infiltrate malicious datascramb­ling software into computer networks, use it to “kidnap” an organizati­on’s data files, then demand huge payments, now as high as $50 million, to restore them. The latest twist: if victims fail to pay up, the criminals may publish their unscramble­d data on the open internet.

In recent months, U.S. law enforcemen­t has worked with partners including Ukraine and Bulgaria to bust up these networks. But with the criminal mastermind­s out of reach, such operations are generally little more than whac-a-mole.

Collusion between criminals and the government is nothing new in Russia, said Adam Hickey, a U.S. deputy assistant attorney general, who noted that cybercrime can provide good cover for espionage.

Back in the 1990s, Russian intelligen­ce frequently recruited hackers for that purpose, said Kazaryan. Now, he said, ransomware criminals are just as likely to be moonlighti­ng stateemplo­yed hackers.

The Kremlin sometimes enlists arrested criminal hackers by offering them a choice between prison and working for the state, said Dmitri Alperovitc­h, former chief technical officer of the cybersecur­ity firm Crowdstrik­e. Sometimes the hackers use the same computer systems for state-sanctioned hacking and off-theclock cybercrime for personal enrichment, he said. They may even mix state with personal business.

 ?? GIANNIS PAPANIKOS — THE ASSOCIATED PRESS ARCHIVES ?? A Russian man identified as Alexander Vinnik was convicted of laundering $160 million in criminal proceeds through a cryptocurr­ency exchange. He is currently imprisoned in France.
GIANNIS PAPANIKOS — THE ASSOCIATED PRESS ARCHIVES A Russian man identified as Alexander Vinnik was convicted of laundering $160 million in criminal proceeds through a cryptocurr­ency exchange. He is currently imprisoned in France.

Newspapers in English

Newspapers from USA