How Ransomware Criminals Are Protected in Russia


22 April 2021

Worldwide attacks of online extortion called ransomware is hurting local governments, hospitals, and businesses.

In such attacks, criminals infect the computer systems of organizations with bad software. The software hijacks data files and leaves them unreadable. The attacker then demands payment in exchange for returning the data to a readable state.

Law enforcement has been largely powerless to stop it.

This poster provided by the U.S. Department of Justice shows Maxsim Yukabets. Yakubets, 33, is best known as co-leader of a cybergang that calls itself Evil Corp. (U.S. Department of Justice via AP)
This poster provided by the U.S. Department of Justice shows Maxsim Yukabets. Yakubets, 33, is best known as co-leader of a cybergang that calls itself Evil Corp. (U.S. Department of Justice via AP)

Ransomware attacks mostly come from Russian-speaking cybercriminals. Security researchers and U.S. law enforcement say some of these criminals are protected, and sometimes even employed by, Russian intelligence services.

The administration of President Joe Biden has taken new action against Russia in an effort to reduce such crimes.

On Thursday, the U.S. placed sanctions on the Russian government. The Treasury Department said Russian intelligence has permitted ransomware attacks by supporting and protecting criminal hackers. The costs of ransomware attacks have reached into the tens of billions of dollars.

The value of Russian protection is not lost on the cybercriminals themselves. Earlier this year, experts found a Russian-language website about a cybercriminal known as "Bugatti." Bugatti's group of hackers had been caught by U.S.-Interpol investigators.

Members of the website accused Bugatti of being technically careless. Even worse, some said, Bugatti had permitted Western authorities to seize ransomware servers that could have been protected in Russia instead.

"Mother Russia will help you," the member wrote. "Love your country and nothing will happen to you."

"Like almost any major industry in Russia, (cybercriminals) work kind of with the tacit consent, sometimes explicit consent, of the security services," said Michael van Landingham. He is a former CIA computer expert.

Russian officials have one rule, said Karen Kazaryan, head of the Internet Research Institute in Moscow. "Just don't ever work against your country and businesses in this country," Kazaryan said. "If you steal something from Americans, that's fine."

There is no evidence that the Russian government receives money from ransomware crime. But experts say President Vladimir Putin may see the problems caused by attacks as helping Russia in some way.

Last year in the U.S. alone, ransomware attacked more than a hundred federal, state and local agencies. In addition, attacks hit about 500 hospitals and other health care centers, around 1,680 schools, colleges and universities and hundreds of businesses, said cybersecurity company Emsisoft.

Some cybercriminals have demanded as much as $50 million to give back data. If the victims do not pay, the criminals may publish their data on the internet.

The idea that the Russian government assists cybercriminals is nothing new, said Adam Hickey, a U.S. deputy assistant attorney general. He noted that cybercrime can provide good cover for espionage.

Back in the 1990s, Russian intelligence employed criminal hackers for that purpose, the Internet Research Institute's Kazaryan said. He added that many of those hackers are now working as ransomware criminals.

Russia sometimes hires arrested criminal hackers by offering them a choice between prison and working for the state, said Dmitri Alperovitch. He is the former chief technical officer for the cybersecurity company Crowdstrike.

A Russian Embassy spokesman would not answer questions about his government's possible ties to ransomware criminals.

At least one ransomware criminal has been linked to the Russian government. Maksim Yakubets is head of an organization called "Evil Corp." The 33-year-old worked for the FSB security service as a computer expert in 2017. The U.S. has accused him of being a major ransomware criminal and offered $5 million for information on his whereabouts.

The U.S. Treasury says he has stolen at least $100 million from cybercrimes in more than 40 countries.

Many experts believe that while this week's U.S. sanctions send a strong message, they will likely not lead to any changes unless there is a real financial cost to Russia.

Another possible way to stop cybercrimes has been identified: allied countries could identify the banks that accept ransomware money and cut them off from the worldwide banking system.

Following the money, and stopping criminals from getting it, would "go a long way in stopping ransomware attacks," said John Riggi. He is a cybersecurity expert at the American Hospital Association and a former FBI official.

I'm Susan Shand.

The Associated Press reported this story. Susan Shand adapted it for Learning English. Bryan Lynn was the editor.

_______________________________________________________________

Words in This Story

extortion – n. the crime of getting money from someone by the use of force or threats

sanctions – n. an action that is taken or an order that is given to force a country to obey international laws by limiting or stopping trade with that country, by not allowing economic aid for that country,

hacker – n. a person who secretly gets access to a computer system in order to get information, cause damage,

tacit – adj. expressed or understood without being directly stated

consent – n. to give permission for something to happen or be done

explicit adj. very clear and complete

espionage – n. the things that are done to find out secrets from enemies or competitors

We want to hear from you. Write to us in the Comments Section, and visit 51VOA.COM.