The ongoing chain of events seems to be more and more unpleasant to Russia. This time, the State Dept. confirmed the suspension of all cybersecurity cooperation with the aggressor country. In contrast to the Hydra Shop shutdown, this event is more likely an organised action against Russia. However, it still was not confirmed.
The U.S. suspended the cybersecurity cooperation with Russia
WASHINGTON (UrduPoint News / Sputnik – 07th April 2022) The United States has suspended the communication channel used to cooperate with Russia on criminal ransomware actors amid Moscow’s special operation in Ukraine, a State Department spokesperson told Sputnik on Thursday.
At first sight, this situation does not have any second or third interpretations. The United States already did a lot to punish Russian aggression in Ukraine, and seems to have enough capabilities to keep going. But the background of these events adds some uncertainty to that case. In January 2022, about a month before the war, the Federal Security Service (FSS) of the Russian Federation caught several significant persons from the REvil group. This action was highly awaited by U.S. executive authorities and in particular the FBI. REvil is known as a bold cybercrime organisation that attacked companies worldwide multiple times. Together with threat actors, FSS also seized 300 million rubles (~$3 mln), $950.000, almost €1 million, and a USB drive with 19.9 BTC (~$895.000). Crooks were accused of purchasing the equity for illegal money transfer, which, according to Russian law, promises up to 7 years in prison.
Background of the story
However, that was not a simple one-line story with a happy end. REvil chieftains reportedly have powerful patronage from Russian law enforcement agencies. Apparently, Maxim Yakubets, the leader of this ransomware group, is a close relative of an unnamed FSS colonel. In conditions of Russian traditional nepotism that gives Mr. Yakubets immunity to all possible punishments for crimes. And he used that ability at 100%. There were a lot of photos on the Internet where Maxim poses in front of his Lamborghini Huracan with number plates with a BOP (Russian for “thief”) letters. Russian mass media also claim that Yakubets have a close relationship with Dmitry Peskov, the Kremlin press secretary.
This or another way, the Russian FSS claimed to capture a significant part of the REvil group administration. Earlier, there were several arrests and deanonymization of distributors – but these actions did not inflate the group’s activity in any way. A lot of users who kept an eye on the situation around REvil thought that there was no chance to get those crooks – at least until they are in Russia. The arrest of Eugene Polyanin – one of the REvil chiefs, who recklessly decided to travel around the world – is just the other proof of it. However, this story is too long to tell there.
What is this all about?
From the position of an independent spectator, this situation looks like “reach the target and cut off all ties”. U.S. law enforcement did a lot of work catching the REvil crooks. However, the last steps were after Russian authorities. Sure, they did not capture key personalities, but certainly scared the latter. They understood that it will be quite hard to continue to hire the affiliates even in “loyal” countries. And for the ransomware-as-a-service model, which REvil used to run before its shutdown in October 2021, it equals to tied hands. However, Darknet forums prophesy that they will reborn and keep working as earlier. And there is a reason to think so – the cybersecurity world witnessed the predecessor of REvil – GandCrab ransomware.
Sure, after the withdrawal of Americans Russian law enforcement may easily reverse the sentence. But that will not reverse the fear of all threat actors who are present in Russia. This country is associated with numerous other ransomware groups, in particular Conti and Ryuk. Will that suspend the ransomware activity? No. But such an action will likely make them much more careful, because the “immunity” of the threat actors from Russia is now questionable.
User Review( votes)