The war against hackers has always been arduous.
The rules of engagement are very different from most crimes. If someone breaks into your car, you report it, law enforcement investigates, suspects are identified, someone is found guilty, the end.
With cybercrime, someone breaks into your computer, and you report it; in most cases, that’s about it.
It’s not the fault of law enforcement as the criminals behind the crime are not in the jurisdiction where the crime is reported and in some cases are harbored by foreign governments.
That brings us to REvil, a ransomware gang out of Russia that has been wreaking havoc since 2019.
If you’ve heard of the Colonial Pipeline attack, the one against Apple, the one against the JBS meatpacking plant, and in Florida, the attack against IT giant Kaseya and even the attack against Lady Gaga.
All these attacks are alleged to be from REvil.
Law enforcement had indeed been gathering a list of suspects, they just couldn’t get to them. That is until they left Russian soil. Meet Yaroslav Vasinsky. He was arrested last month while traveling to Poland. He has been indicted along with another man in a federal court in Texas where REvil ransomware caused massive outages in 20219.
Monies have also been seized in these efforts, over $6 million (by the last count) and the State Department has put out a $10 million reward for anyone reporting on this gang.
Also, the Treasury Department got in the fight with sanctions against the virtual currency exchanges involved.
Globally, over 17 hackers have been arrested in this massive operation, which spanned 17 nations and took several months.
The cyberwar appeared to be a fight we would just keep losing, but we are finally getting some jabs in.
The first was that in the Colonial Pipeline attack, part of the ransom demanded was recovered and now actual arrests. These wins are crucial as the REvil bad actors themselves are not just the problem, they are the head of the snake — they sell their code to others and take a cut of any proceeds.
But if you cut off the head of a snake, no more snake.
You’ve heard of software as a service (a subscription)? Well, this is ransomware as a service.
Anyone can become a hacker overnight.
Another hacking gang announced it was shutting its doors.
BlackMatter said due to pressure from the authorities, they are closing down. Like REvil they also provided RAAS toolkits to other hackers (Ransomware as a Service), so this is another solid win.
Maybe these folks were actually detained, maybe they are shutting down before they get busted (like the dark web markets I wrote about last week). Either way this is good news for you and me.
So as REvil and BlackMatter go down, we now have to focus on the others: Conti, CLOP, Astro, Hotarus (sounds like a wonky group of superheroes), and the other gangs who continue to try and steal our dollars with cyberattacks.
For someone working in technology, I have seen the front lines of this war for the last 10 years, it is a huge positive to see global cooperation and all these U.S. agencies fighting the good fight together.
Just like Colonel Kilgore said in “Apocalypse Now”: Someday this war is gonna end.
Indeed, and just maybe 2021 was the tipping point in the cyberwar. Stay safe out there and despite these wins do not let your guard down.
Use two-factor authentication, advanced threat protection, robust and unique passwords for all sites, redundant backups, phishing simulations and training for your team, enterprise-level firewalls, cyber insurance, and up-to-date antivirus and anti-spam services.
As a courtesy, here is a 15-minute crash course on all things cybercrime that our office put together:
Blake Dowling is CEO of Aegis Business Technologies and the author of the book Professionally Distanced. He can be reached at [email protected] and you can pick up Blake’s book online from our friends at Midtown Reader in Tallahassee — to make your Christmas shopping