Why Haven’t Ransomware Groups Assisted Russia’s Invasion?

When Russia launched its all-out war against Ukraine in February 2022, many cybersecurity watchers feared ransomware groups would serve as a proxy force. But Moscow doesn’t appear to have deputized cybercrime-driven crypto-locking malware brigades.

See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources

So said participants in a panel held Friday by the Institute for Security and Technology on the ransomware implications of the Russian invasion of its European neighbor.

Rather than enlisting criminal ransomware groups into Russia’s cyber military operations against Ukraine, the invasion fractured major ransomware groups.

In particular, “political fissures” began to be seen in ransomware groups such as Conti, “as the world understood what Ukraine was about to suffer and started suffering and what Russia was doing in that,” said panelist Laura Galante, who has served as the U.S. intelligence community’s cyber executive and director of the Cyber Threat Intelligence Integration Center since May 2022. Ransomware hackers picked sides, she said.

The panelists were gathering to celebrate the two-year anniversary of the ITF’s Ransomware Task Force recommendations for combating ransomware syndicates, including coordinating international cooperation, having the White House lead by example by launching a “whole of…