Ransomware hackers remain largely out of reach behind Russia’s cybercurtain

Fuel holding tanks are seen at Colonial Pipeline's Linden Junction Tank Farm on Monday, May 10, 2021, in Woodbridge, New Jersey. — Getty Images/TNS

WASHINGTON: US authorities are running into a major obstacle in holding hackers responsible for an onslaught of ransomware attacks: The extortionists remain out of reach in Russia, safely ensconced behind a cybercurtain as difficult to penetrate as the iron one that defined the Cold War.

Recent high-profile ransomware assaults have added urgency to US government efforts to combat Russia-linked hackers who have disrupted East Coast US fuel supplies, raised fears about nationwide meat shortages and exposed sensitive files from a Southern California police force. The problem, Justice Department officials say, is that the Kremlin believes it benefits from allowing such hackers to target US interests, gathering valuable intelligence in the process.

“The criminal hacking the Russian government is willing to tolerate and take advantage of is beyond what we see in virtually every other country,” said John Demers, the Justice Department’s top national security prosecutor who has battled ransomware since 2017.

“It is very difficult to stop hacking when it is occurring in a country that is more than just tolerating it, but is quite happy with it.”

President Joe Biden is expected to discuss Russian ransomware attacks with allies during his European trip, hoping to find common ground in confronting the Kremlin. Advisers say he will also seek to pressure Russian President Vladimir Putin during a June 16 meeting in Geneva to rein in hackers.

Biden issued an executive order last month that White House officials say will enhance cybersecurity of federal government networks and enhance security standards for commercial software.

The Justice Department is also seeking new ways to combat what a top agency official called an “epidemic” and Attorney General Merrick Garland told Congress was a “very, very serious threat” that is “getting worse and worse.”

The FBI on Monday managed to recover US$2.3mil (RM9mil) in difficult-to-trace cryptocurrency that a pipeline company paid in ransom to Russia-linked hackers to unlock its systems, a move that Deputy Attorney General Lisa Monaco said showed the Justice Department will use “all available tools to make these attacks more costly and less profitable for criminal enterprises.”

Cybersecurity and foreign policy experts are less than sanguine the Biden administration efforts will put a real dent in ransomware assaults launched from Russia. Curtailing the attacks, they say, will require a worldwide pressure campaign that has yet to materialise because previous US administrations and foreign governments didn’t take the threat seriously enough or feared intensifying tensions with Putin.

“The Russians have to be afraid of us,” said James Lewis, a senior vice president at the Strategic Technologies Program at the Centre for Strategic and International Studies.

The Russian government, for its part, has denied it directs cybercriminals to attack US interests, or protects them from US prosecution. Putin told Russian state TV Channel One last week that accusing his government of involvement was ridiculous.

“It’s just nonsense, it’s funny,” Putin said. “It’s absurd to accuse Russia of this.”

US officials allege Russians have long garnered support from a government that encourages their work because it generates intelligence for spy services and sows chaos and confusion in the West.

Experts pointed to the case of Maksim Yakubets, 33, as an example of a hacker seeking to profit from his crimes while helping out Moscow. In late 2019, the US government indicted the flamboyant Ukrainian-born and Russia-based hacker, a leader of a cybergang called Evil Corp, on charges he helped develop malware that was used to steal tens of millions of dollars from banks and other financial institutions. Some of the malware created by Yakubets assists in the installation of ransomware, authorities say.

The Treasury Department went further when it announced sanctions on Yakubets, alleging he worked for a Russian intelligence organisation and “provided direct assistance to the Russian government.” Starting in 2017, he was tasked by the Kremlin, the Treasury Department alleged, to acquire “confidential documents through cyber-enabled means and conducting cyber-enabled operations on its behalf.”

Yakubets, who resides in Russia, could not be reached for comment.

Hackers in Russia have spent decades penetrating computer networks of retailers, banks, hospitals, and other businesses to steal sensitive personal information to sell on the black market, cybersecurity experts say. About 10 years ago, hackers began turning to ransomware, a shift that cybersecurity experts likened to a U.S. crime wave in the 1920s and 1930s in which gangsters turned from robbing banks to more profitable and easier kidnappings.

It’s a fairly simple scheme. Hackers trick people into clicking on an attachment or a link in an email that contains malware. The malware infects the servers and encrypts the data, locking out legitimate users, and hackers then demand a ransom payment in exchange for a key that reopens the networks.

Thanks to the popularity in difficult-to-trace cryptocurrencies, the crime has steadily proliferated. In 2015, the FBI reported, US victims paid about US$25mil (RM102mil) in cyber ransom. By 2020, such victims paid at least US$350mil (RM1.4bil) in ransom to hackers, a 300% increase over the previous year, according to a report issued by the Institute for Security and Technology.

Hospitals, school systems and police departments are frequent victims because they either rely heavily on digital records or have relatively lackluster defences. Cybersecurity experts say hackers also target companies that operate critical US infrastructure, which often have deep pockets and face immense pressure to limit disruption of their services.

“Russia loves this kind of hack because it disrupts everyday life for Americans,” said Frank Montoya, a former FBI counterintelligence agent.

Colonial Pipeline, which supplies about 45% of the jet fuel, gasoline and heating oil consumed on the East Coast, last month paid US$4.4mil (RM18mil) in bitcoin to hackers to unlock its networks after it was taken over by ransomware.

The FBI said the hackers relied on malware provided by DarkSide, a Russia-based cybercrime group that sells hackers malware in exchange for a cut of ransom proceeds; Biden said the hackers were also believed to be located in Russia.

On June 2, the bureau attributed a ransomware attack on the US and Australian computer servers of JBS, the world’s largest meat supplier, to a notorious Russia-linked cybergang that goes by the name REvil or Sodinokibi. The hack forced the company to idle plants, raising concerns about potential surges in meat price and shortages. JBS issued a statement on Wednesday saying it paid US$11mil (RM45mil) in ransom.

Identifying such hackers is not easy, former federal agents say. Capturing them is even tougher. Moscow refuses to extradite cybercriminals, and it alerts them when US authorities file arrest warrants with international police agencies, former law enforcement officials said.

The Justice Department has successfully extradited 18 Russian hackers of the dozens wanted on computer crime charges — when they slipped up and visited other countries on vacation or business, officials said.

Yet even when such hackers are arrested outside Russia, they don’t always end up in US courtrooms. Russia exerts enormous political pressure on foreign governments to block extradition to the US, and it has lodged competing charges in the hopes of convincing judges to send citizens home, where prosecutions are quickly dropped, according to former federal law enforcement officials.

Alexsey Belan, a Russian national, was arrested in Greece in 2013 on US hacking charges but managed to make bail and slipped back to Russia, with Moscow’s assistance, federal law enforcement officials say.

Back home, Belan allegedly wasted no time getting back to his computer terminal. He was was indicted in the US in 2017 on charges of orchestrating the massive security breach of Yahoo. Information from more than 500 million accounts were stolen in the cyberattack, which an indictment alleged was directed by two Russian government agents.

Robert Anderson, a former top FBI official, said that combating Russian hackers was among his most challenging jobs at the bureau.

“It is difficult to address this when the line between state and criminal is so blurry,” he said. – Los Angeles Times/Tribune News Service

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 46
Cxense type: free
User access status: 3
Join our Telegram channel to get our Evening Alerts and breaking news highlights

Next In Tech News

Ferrari boss has no fears over electric future
Facebook's Kustomer deal may hurt competition, EU regulators say
Uber, Lyft seen boosted by return of riders, but driver shortage, stubborn virus cloud outlook
Hong Kong police arrest two men in crackdown on website selling more than 30,000 upskirt photos and videos
Teenage girls in northern Nigeria ‘open their minds’ with robotics
Grab's sales jump 39% in Q1, ahead of record SPAC deal
The robot apocalypse is hard to find in America's small and mid-sized factories
Australia Tesla battery blaze under control after three days
Cryptocurrency crime in Hong Kong hits record levels, with one victim losing HK$124mil to fraudsters
Dorsey-led $29 billion deal delivers prompt payday for Afterpay founders

Stories You'll Enjoy