February 12, 2022

Tracing the Regional Roots of Ransomware

Is it fair to call ransomware the new face of malware? Perhaps. It has, after all, rendered the classic  computer virus a mere afterthought. We’ve heard one horror story after another, but who is responsible for these malicious attacks, and where do they come from? Look no further than Russia. The former Soviet state has been labeled the global ransomware hub. 

Cyber security researchers in both the US and UK traced the origins of NotPetya, one of the most costly malware outbreaks in history, back to hackers within the Russian military. While Russia denies involvement in the attack that reportedly caused billions in damages, its inability to get a handle on the problem has seemingly spoken volumes in the eyes of world leaders. In fact, Russia was explicitly excluded from the 30-nation virtual conference the US recently organized to counter the growing ransomware threat. 

Despite remaining consistent in its pleas of innocence, one could say that history isn’t exactly on the side of the Russian Federation. The 2014 security breach that compromised more than 500 million Yahoo user accounts resulted in the indictment of two Russian government security agents. Among them, Dmitry Dokuchaev, who worked as an officer in the Federal Security Service (FSS) and received a six-year prison sentence for treason in 2019. Known Russian hacker Alexey Belan, still on the FBI’s infamous Most Wanted Criminals list, is also alleged to have participated in the attack. 

Supporting those bold claims of Russia’s direct involvement in cyber warfare is accusatory commentary from prominent US and UK officials, as well as data culled from cyber security focused research efforts. According to Microsoft’s Digital Defense Report, Russia accounted for 58 percent of state-based attacks, which primarily targeted government IT systems in the US, UK, and Ukraine. What’s more, the report highlights an alarming success rate of 32 percent for the aforementioned attacks.  

Fostering a Culture of Cyber Crime 

Hacking has become synonymous with Russia beyond the ransomware epidemic. Tales of collusion between the government and domestic cyber criminals date back to the last days of the KGB era, when proficient hackers were said to have been recruited to work for the Russian military as a way of avoiding prison. In modern times, tech savvy bandits have the benefit of an active underground community, empowered by a Dark Web littered with bustling marketplaces, lucrative opportunities, and plenty of tools to hone their craft. 

While leaders of the world have singled out a single source of ransomware origin, the state of Russia’s cybercrime culture may very well serve as inspiration for other countries. China and Iran, in particular, have similarly ripe foundations — a burgeoning IT workforce, convenient access to the black market, and if you’re into conspiracies, passive governments who wouldn’t lose a wink of sleep over economic rivals like the US being exposed in the onslaught. 

Russian’s Response to Ransomware 

If there is a bright side to the dark web of ransomware, it may lie in the one international suspect alleged to have put it on the map, finally stepping up to join the fight in a major way. The FSS recently announced the arrest of several key members of the infamous REvil Corp., which has been tied to a number of recent ransomware attacks on US companies, including the massive Colonial Pipeline breach. Russian authorities reported the seizure of $5.6 million and more than $600,000 in cryptocurrency, a haul the FBS claims will result in the complete dismantling of the criminal outfit. 

The REvil raid comes on the heels of immense pressure from the US. President Joe Biden directly challenged Russian President Vladimir Putin to make a more concerted effort to disrupt cyber criminal activity in the country. Whether the recent crackdown makes a noticeable impact on the threat landscape at large remains to be seen. It will surely be interesting to observe how the ransomware map evolves, if at all, over the coming months.   

Cybercrime can strike from anywhere, at any time. Contact DataLocker to learn more about how our encrypted USB drives can round out your ransomware defense strategy.