Tag Archive for: sanctions

Russian hacking gang Evil Corp shifts its extortion strategy after sanctions

/in


A back-lit computer keyboard.

A back-lit computer keyboard. (Chris Ratcliffe/Bloomberg)

A notorious Russian cybercrime group has updated its attack methods in response to sanctions that prohibit U.S. companies from paying it a ransom, according to cybersecurity researchers.

The security firm Mandiant said Thursday it believes that the Evil Corp gang is now using a well-known ransomware tool named Lockbit. Evil Corp has shifted to using Lockbit, a form of ransomware used by numerous cybercrime groups, rather than its own brand of malicious software to hide evidence of the gang’s involvement so that compromised organizations are more likely to pay an extortion fee, researchers said.

The U.S. Treasury Department in 2019 sanctioned the alleged leaders of the Evil Corp gang, creating legal liabilities for American companies that knowingly send ransom funds to the hackers. While cybersecurity firms have associated Evil Corp with two kinds of malware strains, known as Dridex and Hades, the group’s use of LockBit could cause hacked organizations to believe that another hacking group, other than Evil Corp, was behind the breach.

Evil Corp is believed to be behind some of the worst banking fraud and computer hacking schemes of the past decade, stealing more than $100 million from companies across 40 countries, according to the U.S. government.

Alleged members are on the wanted lists of law enforcement across the U.S., UK and Europe, including accused mastermind Maksim Yakubets, who the Treasury Department said previously worked for Russia’s Federal Security Service. The 35-year-old Russian man is reported to own a tiger and drive a personalized Lamborghini with a license plate that translates to say “thief,” according to the U.K.’s National Crime Agency.

The U.S. has increasingly used sanctions to try to curb cybercriminal operations, including prohibiting American organizations from paying ransom fees to known groups like Evil Corp and cryptocurrency exchanges which are often used to funnel ransom payments.

Source…

NSA: Sanctions on Russia Having a Positive Effect on Ransomware Attacks, Attempts Down Due to Difficulty Collecting Ransom Payments

/in


National Security Agency (NSA) director of cybersecurity Rob Joyce told attendees of a recent UK security conference that ransomware attacks are down in roughly the last two months, and that trend can be traced directly to sanctions placed on Russia. Criminals that operate out of the country are struggling to find ways to cash out ransom payments and set up infrastructure, due in large part to sanctions attached to the invasion of Ukraine.

NSA director sees downward trend in ransomware attacks due to recent sanctions

The NSA cyber security director told the National Cyber Security Centre’s (NCSC) Cyber UK event in Wales that criminal attempts on government agencies and critical infrastructure had made ransomware attacks a national security priority, and that most of the serious players in this particular segment of the criminal underworld are based in Russia. New sanctions against entities in Russia are thus having a dampening effect on ransomware attacks, as the criminals lose options for doing business with the outside world.

Joyce said that this was likely not the only factor for the reduction in ransomware attacks, but was a significant contributor. Ransom payments are more difficult to process due to lack of access to assorted banking options, and inability to purchase necessary technology to set up the infrastructure for new ransomware campaigns.

Whether or not to formally ban ransomware payments has been a hot topic across the world for several years now, ever since ransomware attacks made a major resurgence. After a lull in the mid-2010s, ransomware roared back in 2017-2018 roughly concurrent with the massive rise in value of cryptocurrencies. Even larger spikes have occurred since the beginning of the Covid-19 pandemic, as both home and work internet traffic greatly increased. While there is some case to be made for cutting these attacks off at the source by banning ransom payments, an argument supported by this recent NSA announcement, many organizations feel that they have no option but to make a payment when they are unexpectedly caught by a breach. This is particularly true for companies that cannot afford even a small amount of downtime, such as health care…

Source…

Crypto an Unlikely Route for Russian Sanctions Evasion, Experts Say

/in


Cyberattack ransoms and cryptocurrency mining are unlikely to generate enough revenue to replace regular business activity in sanctioned nations, digital money experts and former law-enforcement officials told a U.S. Senate hearing Thursday.

The amount of cash needed to operate a major economy far outstrips the ability of crypto markets to handle such volumes, witnesses said in testimony to the Senate’s Committee on Banking, Housing and Urban Affairs.

“You can’t flip a switch overnight and run a G-20 economy on cryptocurrency, there just isn’t enough liquidity,” said

Michael Mosier,

former acting director of the Financial Crimes Enforcement Network, an arm of the U.S. Treasury Department.

The hearing was held as fears grow that Russia may turn to cyberattacks and cryptocurrency to prop up its economy, which has been battered by an array of economic sanctions during its continuing invasion of Ukraine.

On March 11, ratings agency

Moody’s Corp.’s

Investors Service unit warned that banks, crypto platforms and intellectual property could become targets for Russian state-sponsored hackers.

“There is a growing risk that Russian government and nongovernment cyber actors will try to perpetrate cyberattacks on entities across sectors and regions as an illicit means of raising money,” Moody’s said.

At Thursday’s hearing, Sen.

Elizabeth Warren

(D., Mass.) said she was introducing a bill immediately that would authorize the White House and Treasury Department to sanction cryptocurrency firms that do business with already-sanctioned Russian entities. The aim is to close…

Source…

Ukraine invasion: Could Russia turn to cryptocurrency and cyber crime to dodge sanctions? | Science & Tech News

/in


Sanctions imposed on Russia for invading Ukraine caused the rouble to plummet on Monday but as it dropped the value of cryptocurrencies including Bitcoin and Ethereum shot up.

Unlike the global financial system where central authorities can prevent Vladimir Putin’s regime from accessing the Kremlin’s foreign reserves, and Russian banks from using the SWIFT payments network, there are no technical means to block Russia and its oligarchs trading cryptocurrencies.

That doesn’t mean that unregulated cryptocurrencies provide a loophole for the country’s institutions and oligarchs, just that the enforcement mechanisms used by financial institutions to monitor transactions aren’t always available. Laws requiring cryptocurrency exchanges to verify their customers’ identities still apply in all jurisdictions where the sanctions have been issued.

Live updates on the Ukraine invasion

Caroline Malcolm, the head of international public policy for Chainalysis, said: “As with the traditional financial system, Russia can leverage cryptocurrency to evade the sanctions that are being put in place in response to their invasion of Ukraine. And as in the traditional financial system, the cryptocurrency ecosystem can put measures in place to identify transactions from identified sanctioned entities.”

The value of Bitcoin rose as the Rouble fell due to sanctions
Image:
The value of Bitcoin rose as the Rouble fell due to sanctions

Cryptocurrency not ideal for the ultra-rich

But for the volumes of trading that Russia would need to weather the sanctions covering $643bn in international reserves, there simply isn’t enough cryptocurrency available – and the volumes would be impossible to transfer covertly as the blockchain is, by design, a public ledger of all transactions.

Instead, as the country faces potential hyperinflation, the rise for Bitcoin and Ethereum is more likely to be caused by Russian citizens (rather than the government and oligarchs) looking to move their roubles into other currencies, or very possibly due to speculation from others about Russians doing so.

Source…