Sanctions imposed on Russia over Ukraine invasion hit ransomware gangs

US cyber security official says criminals are struggling to move money and buy equipment from abroad

Sanctions imposed on Russia over the invasion of Ukraine have successfully affected ransomware gangs, US officials say. Reuters.
Powered by automated translation

Ransomware attacks have decreased in the last couple of months with cyber crime operations affected by sanctions imposed on Russia over its invasion of Ukraine, a senior US cyber security official said on Tuesday.

Rob Joyce, director of cyber security at the US National Security Agency, told a UK conference that difficulties in moving money and making purchases abroad, prompted by the unprecedented financial campaign against Moscow, had affected the operations of Russian hackers.

The use of ransomware – a form of malicious software that locks computers until the victim pays a fee to the criminals – has surged in recent years with criminals banking on a large return for little risk or outlay.

The US-led sanctions operations have aimed at banks, Russian institutions and associates of President Vladimir Putin ― but appear to have also affected criminal operations conducted largely in Bitcoin.

“[In the] last month or two ransomware is actually down,” said Mr Joyce.

“There are probably a lot of different reasons why that is but I think one impact is the fallout of Russia-Ukraine.

“As we do sanctions and it’s harder to move money and it’s harder to buy infrastructure in the West, we’re seeing them less effective, so that’s one of the knock-on effects.”

Russia was behind a series of cyber attacks this year including one on communications company Viasat in Ukraine on February 24, said the EU, UK and US. The operation led to a cut in services for several thousand Ukrainian customers and affected wind farms in central Europe.

UK Foreign Secretary Liz Truss said: "This is clear and shocking evidence of a deliberate and malicious attack by Russia against Ukraine, which had significant consequences on ordinary people and businesses in Ukraine and across Europe."

Ransomware has been identified as a national security threat to the West, highlighted by an attack last year on Colonial Pipeline, the operators of the largest fuel pipeline network in the US, which had to shut down its operations after a cyber attack. The attack sparked panic buying and a hike in prices.

“Ransomware is a huge aspect where we learnt cyber security is national security,” Mr Joyce told the CyberUK conference in Wales. “We are seeing the criminal element push through and impacting not only businesses but all the way into governments and society at large.”

Criminal cyber operations are based mainly in Russia and out of reach of western law enforcement. The majority of attacks are on businesses in the US.

Attacks have surged with the criminals successful in persuading victims to pay rather than the potentially higher cost and long-term process of rebuilding systems. Industry estimates suggest that between 10 and 33 per cent of victims pay the sums demanded.

The World Economic Forum said that attacks surged by 151 per cent worldwide in the first half of 2021 as cyber criminals sought to exploit businesses putting more of their operations online during the Covid-19 pandemic.

The attacks started in the early 2000s but have increased in sophistication and scale. Some operators have included a chat and support function to guide victims through the payment of ransoms.

Victory Day parade in Russia - in pictures

Updated: May 10, 2022, 1:31 PM