It is clear that ransomware gangs are not careful to target the forces that shelter them. Security analysts found that the REvil code was written so that the malware avoids any computer whose default language is Russia, Ukraine, Belarus, Tajik, Armenia, Azerbaijan, Georgia, Kazakhstan, Kyrgyz, Turkmen, Uzbek, Tatar, Romanian or Syriac.
Finding the criminals is not the problem. The US government has the capacity to identify and arrest cyber fraudsters in its own country and to help allies find them. In fact, Washington has identified and prosecuted many Russian cybercriminals — the FBI, for example, offered a $3 million reward for information leading to the arrest of a hacker Evgeniy Bogachev, aka “lucky12345,” a hacker. master in southern Russia has malware. resulting in financial losses of more than $100 million.
The key is to force Mr. Putin to act against them. At his summit with him in June, Mr. Biden said he asked Russia to take down the ransomware gangs it harbors and identify 16 critical sectors of the US economy where the attacks would hit. out reaction.
However, two weeks later, REvil carried out its largest-ever attack, hitting Kaseya, a company that provides management software for the IT industry, and attacking hundreds of small business customers. mine. That prompted Mr. Biden to call Putin and then say “we expect them to act.” Asked by a reporter if he would take down REvil’s server if Mr. Putin did not, Mr. Biden simply said: “Yes.” Right after that, REvil suddenly disappeared from the dark web.
Given that Biden convinced the Russians to act or take down the band’s servers with American means, it’s also possible that REvil went into the dark on its own, intent, as it often happens. in its shadow world, to reappear later in other guises.
As long as the hackers focus on commercial extortion abroad, Mr. Putin probably has no reason to shut them down. They do no harm to him or his friends, and they can be used by his ghost as needed. Unlike “official” hackers working for military intelligence, who have been sanctioned by Washington and Europe for meddling in elections or participating in the government system, Mr. responsible for what criminal gangs do. “It is just pointless. It’s funny,” he said in June when asked about Russia’s role in ransomware attacks. “It makes no sense to accuse Russia of this.”
The Russians also clearly believe they can turn their control over ransomware gangs into bargaining power with the West. Sergei Rybakov, Deputy Foreign Minister who led the Russian side in the strategic stability negotiations launched at the Biden-Putin summit, pointed out a lot when he complained recently that the United States was focusing on ransomware is separate from other security issues. Ransomware, he implied, was part of a larger pile of bargaining strategies.