[ad_1]
“I think I’m worried about Russia’s hidden motives [for conducting the REvil arrests] it’s perfectly reasonable, “said John Hultqvist, vice president of threat intelligence at security firm Mandiant. “It’s basically a feather in their hat, and you could definitely take a cynical look at it and think it’s all a signal. But I think in the end this is still good news. The actors needed to know that if you’re harassing thousands of people and stealing hundreds of millions of dollars, you can’t just run away at sunset. “
This is not the first time an alleged REvil member has encountered law enforcement action. In November, 22-year-old Ukrainian citizen Jaroslav Wasinski was arrested in Poland and charged with carrying out the attack on Kaseia. Vasinski allegedly misused a Kaseya product to implement REvil code, which then distributed the group’s ransomware through Kaseya’s networks, according to an indictment by the Ministry of Justice. Evgeny Polyanin, a 28-year-old Russian citizen, was also accused of deploying REvil’s ransomware – he is accused of carrying out 3,000 ransomware attacks – and seized $ 6.1 million of his assets.
Law enforcement agencies around the world, including in Ukraine, are increasingly working together to address ransomware. Since February 2021, Europol has arrested five hackers linked to REvil and says 17 countries are working on its investigations. These include the United States, Britain, France, Germany and Australia.
However, without Russian cooperation, officials have had some rigid restrictions on which gangs can target effectively. After reaching its zenith – or lowest – with a series of devastating and destructive attacks in the summer of 2021, REvil mostly darkened as international law enforcement compromised its infrastructure. However, other Russian-based bands, such as the infamous DarkSide band and its successor BlackMatter, continue to target, at least for now.
“The big question, I guess, is whether this is a real change in Russia’s intentions to deal with this problem, or is REvil just sacrificing in an attempt to mitigate some international pressure?” Said Brett Callow, a threat analyst at Emsisoft. “I would suspect the latter.”
However, Callow and others stress that while it will take time to learn more about the Russian government’s approach, the detention of so many REvil operators should provide some deterrent. And in an interconnected industry like the ransomware market, any disruption is significant.
“I agree that there must be a motivation other than ‘The United States has asked us well,’ but it will further disrupt the ransomware economy, at least in the short term,” said Jake Williams, a spokesman for the incident and a former NSA hacker.
In the long run, several ransomware groups operating outside of Russia remain highly active. The removal of REvil is a sign of progress, but what really matters will be the Kremlin’s appetite to pursue these other gangs.
More great WIRED stories
[ad_2]
Source link