Ransomware has been viewed as a digital crisis of international proportions by cybersecurity experts. The form of digital extortion has become highly sophisticated to extent of bringing entire organizations, government institutions, school districts, and private sector establishments to their knees.
Law enforcement agencies have been scrambling to deal with cases of ransomware attacks even as victims struggle to free up their captured data files through top dollar payments and corrective maneuvers.
In the wake of all the drama, one reality remains: the world of ransomware attacks are largely dominated by Russian-speaking cybercriminals who are reportedly protected – and sometimes hired – by Kremlin.
The above sentiment has been shared by some of the world’s most respected security researchers, law enforcement agencies and, just recently, the Biden administration.
The U.S. government has since delivered sanctions against Russia on grounds of accusations about the Russian government’s alleged tendency to support hacking activities. An April 15 press release reported on the latest sanctions, and went on to accuse the Russian intelligence services of enabling ransomware attacks through cybercriminal protection and actual support.
Just to understand the extent of damage that ransomware campaigns cause, the U.S. suffered attacks in more than one hundred federal, state and municipal establishments, more than five hundred hospitals and other categories of health care entities, more than 1,500 academic institutions, and businesses in the hundreds.
According to a report published by the cybersecurity company Emsisoft, the year 2020 was particularly lucrative for ransomware. As countries struggled to remain standing amid the raging tempest of a global health crisis, cybercriminals were keen to take advantage of the situation to make money.
The COVID-related government restrictions on movement and social interactions led to an expansion of attack surfaces for cybercriminals to plug into. The most obvious opportunity would turn out to be the work-from-home policy – remote staff were expectedly taking shortcuts on standard security procedures when handling sensitive organizational data.
Does the Russian Government Benefit From Cybercrime?
At this point, the question about whether and how the Russian government benefits from cybercriminal activities is a natural inclination. This assumption follows the observation about how Russian hackers are treated by Kremlin.
Factually, there’s no evidence showing that the Russian government directly benefits from ransomware schemes. This aspect contrasts sharply from the North Korean context where the government of the day has been known to have a stake in the profits made by its cybercriminals.
Still, this is not to rule out the advantageous strategic implications of Russian cybercriminal activity – it is highly likely that President Vladimir Putin basks in the glory of the chaos that result in some of the most high profile hacking attacks that have been orchestrated by Russian threat actors.
It would be safe to say that the Russian government stands by one simple rule: hackers can target whoever they want as long as such an action does not hurt Russian interests and national security in any way.
Otherwise, collusion between cybercriminal elements and Kremlin is not news in Russia. Cybersecurity experts believe that the practice has been a common occurrence whenever the government of Russia seeks an ideal cover for espionage.
Looking back, in the 1990s, Russian intelligence officers were reported to have hired hackers for the purpose of covertly harvesting sensitive information from foreign governments. Today, is would be easy to assume that some of the currently-existing Russian cybercriminals are but operating under state orders.
Finally, one way that the Russian government ends up harnessing hacker talent is during high profile cybersecurity cases. When hackers are apprehended, Kremlin may cut deals with the defendants where they’d be given two options: get imprisoned or work for Russia.
