Wednesday, like United States President Joe Biden and Russian President Vladimir Putin prepare to meet in Geneva, Ukrainian law enforcement announces the arrest of six suspects allegedly linked to the infamous Cl0p ransomware group. Together with South Korean and American investigators, Ukrainian authorities raided 21 residences in and around Kiev, seized computers, smartphones and servers and recovered the equivalent of $ 184,000, which would be a ransom.
Cl0p’s arrests are far too rare an achievement as the ransomware crisis continues to worsen. The group has claimed several prominent casualties since 2019, including Stanford University Medical School, University of California and South Korean e-commerce giant E-Land. And hackers seem to collaborate or have links with other cybercriminal organizations, including the financial crime group END11 and the malware distribution organization dubbed TA505. The collaborative law enforcement process that led to the pullout, however, also underscores why stopping the broader threat of ransomware remains a distant dream. Ukraine was willing to help this time around, but until Russia does the same, very little will change.
The majority of ransomware players who have wreaked havoc in recent months are operating from Russia, including Ryûk, which saw a massive wave of hospital hacks in the United States last year, Dark side, which destroyed the colonial pipeline in May, and REvil, which recently hit the global meat supplier JBS and Apple Quanta Computer Supplier. The US Department of Justice has charged the Russian actors with ransomware but is struggling to apprehend them. And Putin has said openly for years – including an oft-cited 2016 interview with NBC – that as long as cybercriminals don’t break Russian laws, he has no interest in prosecuting them.
“If you have an area in a country where you have lax law enforcement, of course enough people who want to do illegal things will show up there,” says Craig Williams, director of outreach at Cisco Talos. “We have these regions not only in Europe, but in regions like South America, where we do have safe havens for cybercriminals. So we end up with this model of aggression that is allowed to be perpetrated online against private companies and civilians with no real end in sight. “
Russia’s blind eye on cybercrime has been a problem for years, but the brazen state-sponsored Kremlin hacking, from election meddling to massive espionage operations, has generally attracted more attention. Over the past 18 months, however, the severity and frequency of ransomware attacks around the world has grown from a constant problem to an urgent crisis. Attacks on critical infrastructure and supply chains have painted a dire picture of how far ransomware attackers will go to make money.
Tracking down the culprits is often not as big an obstacle as apprehending them. The United States has indicted several Russian-based hackers and even managed to grab millions of dollars from the paid Colonial Pipeline ransom. But acting on this information usually requires international cooperation. Russia does not have an extradition treaty with the United States and appears to be doing everything possible not to help. In fact, the Justice Department did not bother to seek the help of Russian law enforcement agencies in tracking down the Colonial Pipeline hackers, John Demers, deputy national security attorney general, said at the time. a conference recorded on June 3 and out wednesday.
