On Wednesday, as US President Joe Biden and Russian President Vladimir Putin prepare to meet in Geneva, Ukrainian law enforcement authorities announced the arrest of six suspects allegedly linked to the infamous Cl0p. ransomware Collection. Working with South Korean and US investigators, Ukrainian authorities searched 21 residences in and around Kiev, confiscating computers, smartphones, and servers, and recovering the equivalent of $184,000, believed to be ransom money.
The Cl0p arrests are an extremely rare success story as the ransomware crisis continues to escalate. The group has drawn several high-profile victims since 2019, including Stanford University School of Medicine, University of California, and South Korean e-commerce giant E-Land. and hackers It appears to be collaborating with or having linksروا Other cybercrime organizations, including the Financial Crime Group FIN11 A malware distribution organization dubbed TA505. However, the collaborative law enforcement process that led to the removal, also underscores why stopping the broader ransomware threat remains a distant dream. Ukraine was willing to help this time, but until Russia does the same, little will change.
The majority of ransomware actors who have been wreaking havoc in recent months operate outside Russia, including بما Ryuk, which launched a massive hospital penetration spree in the US last year, The dark side, Which Take down the colonial pipeline In May, and REvil, which recently hit Global meat supplier JBS And the Apple Quanta Computer Supplier. The US Department of Justice has indicted the Russian ransomware actors but is struggling to catch them. Putin has said publicly for years — including in a 2016 interview with NBC — that as long as cybercriminals don’t break Russian laws, he has no interest in prosecuting them.
“If you have any area in any country where there is lax law enforcement, sure enough people who want to do illegal things will show up there,” says Craig Williams, director of communications for Cisco Talos. “We have these areas not only in Europe but in areas like South America where we have effectively safe havens for cybercriminals to operate. So what we end up with is this pattern of aggression being allowed to be carried out online against private companies and civilians with no end in sight” .
Turning a blind eye to cybercrime has been a problem for years, but brazen state-sponsored hacking of the Kremlin, from election interference to expansionist espionage operations, has usually drawn more attention. Despite this, over the past 18 months, the severity and frequency of ransomware attacks around the world have shifted from a persistent problem to an urgent crisis. Attacks on critical infrastructure and supply chains have painted a harrowing picture of how far ransomware attackers will make money.
Tracking down the perpetrators is often not as big a hurdle as capturing them. The United States has Many hackers accused in Russia It even managed to seize millions of dollars in Colonial Pipeline ransom paid. But acting on this information usually requires international cooperation. Russia does not have an extradition treaty with the United States and appears to be doing its best not to help. John Demers, the assistant attorney general for national security, said in a taped June 3 speech that the Department of Justice had not bothered to seek help from Russian law enforcement in tracking down the Colonial Pipeline hacker. released Wednesday.