The US Federal Bureau of Investigation (FBI) has laid the blame for escalating worldwide ransomware attacks squarely at Russia’s door.
Speaking at the 2024 Boston Conference on Cyber Security last week, FBI Cyber Division Assistant Director Bryan Vorndran said: “Almost all of the criminals developing sophisticated malware to enable ransomware attacks are based in Russian-speaking countries and operate as organized crime syndicates, similar to traditional organized crime elements.”
He focused on the FBI’s earlier this year disruption of Dark Web ransomware gang LockBit, stressing that organized cybercriminal gangs, particularly Russian ones, are essentially the same as old-school mafia mobsters. They differ only in their methods and avenues of attack.
“These LockBit scams run the way local thugs used to demand “protection money” from storefront businesses. LockBit affiliates steal your data, lock it down, and demand a payment to return your access to it. Then, if you pay the ransom, they return your access to your data. But they also keep a copy, and sometimes they demand a second payment to stop them from releasing your personal or proprietary information online,” said Vorndran.
Cyber-gangs have grown like Chicago mobs of old
But like the machine-gun-toting Chicago mobs of old, cybercriminal gangs such as LockBit have grown into formidable organizations – dark-mirror reflections of legitimate businesses.
“LockBit was set up by a Russian coder named Dimitri Khoroshev. He maintains the image of a shadowy hacker, using online aliases like “Putinkrab,” “Nerowolfe,” and “LockBitsupp.” But he is a criminal, more caught up in the bureaucracy of managing his company than in any covert activities,” said Vorndran.
He added that LockBit’s affiliate model allows less technically skilled criminals who are obscured from the enterprise leaders to deploy highly sophisticated malware for personal gain while paying a percentage of their proceeds to the highly skilled malware coders.
“Since September 2019, Khoroshev has leased-out his virus and enabled his affiliates to extort people all over the world. They have used LockBit ransomware to attack people and organizations in financial services, food and agriculture, education, energy, government and emergency services, healthcare, manufacturing, and transportation,” said Vordrun.
But Vordrun clarified that online Russian mobsters were not the only serious digital threat facing the US and its allies. He also highlighted the danger Chinese cyber-espionage now presents to American corporations.
“For China, this has been—and remains—simple math: What do American organizations possess that the Chinese want? You do not have to look further than China’s 14th Five-Year Plan published in English on the internet. Why is it published in English? so they can use every vector and sympathetic party to steal to support their growth,” said Vordrun
He added that China’s online spies are highly focused on stealing intellectual property associated with information technology, biotechnology, new energy, new materials, high-end equipment, new energy vehicles, quantum, environmental protection, aerospace, and marine equipment.
