Wednesday, like U.S. President Joe Biden and Russian President Vladimir Putin are set to meet in Geneva, Ukrainian law enforcement has announced the arrest of six suspects allegedly linked to the notorious Cl0p ransomware group. In collaboration with South Korean and US investigators, Ukrainian authorities searched 21 residences in and around Kyiv, seized computers, smartphones and servers, and recovered the equivalent of $ 184,000, believing it to be ransom money.
Cl0p arrests constitute a success story too rare as the ransomware crisis continues to spiral. The group has accumulated several high-profile casualties since 2019, including Stanford University Medical School, the University of California, and South Korean e-commerce giant E-Land. And the pirates seem to collaborate or have ties with other cyber organizations, including the financial crimes group FIN11 is the dubbed malware distribution organization TA505. The collaborative law enforcement process that led to the removal, however, also underscores why stopping the wider threat of ransomware remains a distant dream. Ukraine was ready to help this time around, but as long as Russia does the same, it will change little.
Most of the ransomware players that have wreaked havoc in recent months operate outside of Russia, including Ryuk, which went on a massive rampage in the United States last year, DarkSide, which one took the Colonial Pipeline of May, and REvil, which did little to make the JBS global meat supplier and Apple Supplier How Many Computers. The U.S. Department of Justice has accused Russian ransomware actors but is fighting to arrest them. And Putin has said openly for years – including a frequently quoted interview in 2016 with NBC – that, as long as cybercriminals don’t violate Russian laws, he has no interest in prosecuting them.
“If you have a region in a country where you have lax information, there are certainly enough people who want to do illegal things,” says Craig Williams, director of outreach at Cisco Talos. “We have these regions not only in Europe but in regions like South America where we effectively have safe havens for cybercriminals to operate. So, what do we end up with this model of aggression that is allowed to be carried out in line against ‘ to private companies and civilians with no real end in sight ”.
Russia’s blind eye to cybercrime has been a problem for years, but the Kremlin’s outspoken piracy, from electoral intrusion to expansive espionage operations, has generally attracted more attention. However, in the past 18 months, the severity and frequency of ransomware attacks worldwide have shifted from a consistent problem to an urgent crisis. Attacks on critical infrastructure and supply chains have made a terrible picture of how far ransomware attacks are going to make money.
Tracing the culprits is often not as big an obstacle as learning them. The US has accused more pirates based in Russia and even managed to withdraw millions of dollars from the paid Colonial Pipeline ransom. But acting on this information typically requires international cooperation. Russia does not have an extradition treaty with the United States and is apparently going out of its way not to help. In fact, the Justice Department has not bothered to ask for help from Russian law enforcement in tracking down Colonial Pipeline pirates, said John Demers, the assistant attorney general for national security, in a recorded discussion on June 3 and released Wednesday.