How Russian sanctions may be helping US cybersecurity

Federal government officials say sanctions placed on Russia following its invasion of Ukraine may have positive effects on cybersecurity in the United States.

Leaders in both the National Security Agency (NSA) and FBI have said Russian sanctions are slowing down ransomware attacks and cyber attacks perpetrated by state-sponsored actors and cybercriminals since the beginning of its invasion. The White House issued wide-ranging economic sanctions against the country earlier this year. In addition, federal agencies have imposed cybersecurity sanctions on both the Russian government as well as private entities, including cryptocurrency exchanges and mixers, over ransomware activity and state-sponsored attacks stemming from the region.

Rob Joyce, the NSA’s director of cybersecurity, stated at the CyberUK event last month in Wales that from his perspective, ransomware has fallen over the last two months. He believes that Russian sanctions are one of several factors potentially impacting ransomware numbers.

Rob JoyceRob Joyce

“As we do sanctions and it’s harder to move money and it’s harder to buy infrastructure on the web, we’re seeing them be less effective — and ransomware is a big part of that,” Joyce said during a panel discussion. “We’ve definitively seen the criminal actors in Russia complain that the functions of sanctions and the distance of their ability to use credit cards and other payment methods to get Western infrastructure to run these [ransomware] attacks have become much more difficult.”

Joyce reinforced that message while speaking at RSA Conference 2022 last week.

“Sanctions related to Russia and their Ukraine problem have impacted the ransomware actors,” Joyce said during a session titled “State of the Hacks: NSA’s Perspective.” “They are finding it difficult to extract funds out of the ecosystem, get them converted as well as use payments that are accepted to buy the infrastructure they need to operate.”

Joyce said that the decrease in attacks caused by cybersecurity sanctions may lead to the Russian government going to ransomware as a service (RaaS) providers in order to gain access to their targets. He said that as threat actors become quicker at exposing…