Friday, March 29, 2024

Cl0p Bust shows why the ransomware does not disappear

Must Read

Wednesday, as US President Joe Biden and Russian President Vladimir Putin are preparing to meet in Geneva. Ukrainian law enforcement agencies announced the arrest of six suspects in connection with the notorious Cl0p Ransomware group. The Ukrainian authorities, in cooperation with South Korean and American investigators, searched 21 homes in and around Kiev, seized computers, smartphones and servers, and recovered US$184,000, believed to be a ransom.

As the ransomware crisis continues to escalate, Cl0p’s arrest constitutes a very rare success story. Since 2019, the organization has accumulated several high-profile victims, including Stanford University School of Medicine, the University of California, and South Korean e-commerce giant E-Land.And hackers Seems to cooperate or have contact with them Other cybercriminal organizations, including financial crime groups FIN11 And what is known as a malware distribution organization TA505However, the collaborative law enforcement process that led to the deletion also underscores why blocking the wider ransomware threat is still a distant dream. This time Ukraine is willing to help, but until Russia does so, this situation will hardly change.

Most of the ransomware actors that have caused severe damage in recent months have been operating outside Russia, including Luc, A large-scale hospital hacking was conducted in the United States last year, Dark side, which one Dismantled the colonial pipeline In May, REvil, recently hit Global meat supplier JBS with Quanta ComputerThe US Department of Justice has prosecuted Russian ransomware participants, but it is difficult to arrest them. Putin has stated publicly for years—including an interview that was frequently quoted in an interview with NBC in 2016—as long as cybercriminals have not violated Russian law, he has no interest in prosecuting them.

Photo: Ukrainian National Police Cyber ​​Police Department

“If you are not strict in law enforcement in any area of ​​any country, then there will definitely be enough people who want to do illegal activities there,” said Craig Williams, Cisco Talos Outreach Director. “We have these areas not only in Europe, but also in South America and other regions, where we provide an effective safe haven for cybercriminals. So what we end up with is this aggressive model, which is allowed to target private companies online Go with civilians, and there really is no end in sight.”

Russia has turned a blind eye to cybercrime for many years, but the shameless state-backed hacking of the Kremlin, from election interference to widespread espionage, has generally attracted more attention. However, in the past 18 months, the severity and frequency of global ransomware attacks have changed from an ongoing problem to an urgent crisis. Attacks on critical infrastructure and supply chains paint a dire prospect for ransomware attackers to make money.

Tracking down the culprits is usually not as difficult as arresting them.U.S. has Prosecute multiple Russian hackers He even managed to seize millions of dollars in ransoms paid by colonial pipelines. But acting on this information usually requires international cooperation. Russia does not have an extradition treaty with the United States, and it seems that it deliberately does not provide assistance. The Assistant Attorney General for National Security Affairs John Demers said in a conversation recorded on June 3 and June 3 that, in fact, the Ministry of Justice did not bother to seek help from Russian law enforcement to track colonial pipeline hackers. Released on Wednesday.


Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

Jacob Zuma election ban: How does it affect South Africa’s election? | News

South Africa’s election authorities have barred former President Jacob Zuma from standing in the country’s May election, heightening...

More Articles Like This