Is your business being shut down by ransomware? Then there is a good chance that the perpetrators will never be brought to justice. Not because it is not known who they are, but because the country where they live makes little sense.
Many ransomware groups are linked to Russia by researchers and governments, and the fact that the country is doing little about this is causing more and more irritation. On Friday, US President Biden telephoned his Russian counterpart Putin, with the message that Russia really needs to do more against Russian hacker groups that attack American companies.
“Russia does not hinder these kinds of criminals, as long as they do not attack Russian companies and institutions,” says Sico van der Meer of the Clingendael Institute.
This is how a ransomware attack works:
Security researcher Frank Groenewegen of Deloitte often encounters traces of hacked companies that point in the direction of Russian attackers. “Certainly in more than half of the cases.” Last week’s major ransomware attack is also suspected to be from Russia.
“Some ransomware criminals are on the Most Wanted List of the FBI, but continue to live undisturbed in Russia,” says Groenewegen.
It should be noted, however, that it is sometimes difficult to distinguish between Russian speakers and people who actually have Russian nationality. Moreover, it is difficult to trace a digital attack: it is possible for attackers to lead astray and mislead researchers.
Russia under fire
“Cybercrime is in any case strongly Eastern European oriented,” says John Fokker, who is researching digital attacks and the criminals behind them for security company McAfee. And the persecution could also be improved in other former Soviet countries.
However, it is mainly Russia that is now under attack. What doesn’t help is that, in addition to harboring criminal attackers, the country has been under fire for some time for hacks allegedly carried out by the government.
For example, Russia tried to influence the American elections. Only last week, Russian government hackers are said to have cracked the Republican party, although the party denies that data was stolen.
The ransomware attacks by criminals are on top of that, and they are increasing in size. If parts of critical infrastructure are attacked, it could even pose threats to national security, the NCTV recently warned.
Close your eyes
Russia is turning a blind eye to criminal attackers for several reasons, says Van der Meer van Clingendael. “Weakening society is a goal of Russia,” said Van der Meer. “Sowing disinformation and unrest, but also hurting business, is part of that.”
In addition, according to him, the Russian government also benefits directly from the attackers: “If criminals are arrested, they can choose: go to jail, or give the Kremlin a hand now and then. If they then attack on behalf of the Kremlin and they caught, the Kremlin can easily say: we don’t know anything.”
That is why, according to Groenewegen, it is often pointless to ask the Russian authorities for help if there are indications towards Russian criminals in a Dutch cybercrime case.
Van der Meer: “You can identify and track down the criminals, but nothing happens. They can just continue without any punishment.”
The Kremlin, meanwhile, denies everything. “According to the Russian government, these are criminal hackers who have nothing to do with the government,” said Iris de Graaf, correspondent in Russia for the NOS. “And so the Kremlin maintains that the hacking attacks are being used by the West to put Russia in a bad light.”