Steering Clear of Russia's Menace of Cyber Extortion

In the digital age, ransomware attacks have become a significant threat to national security and economic prosperity worldwide. The Counter Ransomware Initiative Meeting, held in October 2021, marked a significant stride in global cooperation to address this issue. Over thirty countries and the European Union participated, aiming to enhance law enforcement collaboration, counter cyber criminals, and disrupt safe haven environments.

The initiative also focused on addressing the abuse of financial systems that facilitate laundering ransom payments. Hackers often avoid currency instability by extorting payments from Western victims in untraceable transactions using cryptocurrency. This anonymity makes it challenging to trace and prosecute the perpetrators.

The ransomware landscape is dominated by criminals based in Russia. Over 74% of financial payments from ransomware attacks are highly likely affiliated with these actors. Notably, the Conti ransomware group, based in Russia, has publicly supported Russian actions in Ukraine and threatened to use its resources to strike back at the critical infrastructures of an enemy.

The United States has responded to these threats. In addition to economic sanctions against Russia in response to its invasion of Ukraine, the country is investing in developing cyber capabilities with like-minded countries. Partnerships with nations leading in cybersecurity, such as Estonia and Israel, are particularly crucial.

The absence of government regulation means inconsistency among consumer data protection, content moderation, and software vulnerabilities. This gap provides an opportunity for ransomware hackers, who can exploit these vulnerabilities to launch attacks. The barrier to entry for ransomware hacking is relatively low due to the existence of ransomware-as-a-service (RaaS) models.

The Russian invasion of Ukraine has created a complex situation for the global community. While economic tools are being leveraged to shape Russian behavior, unintended consequences could potentially surface in increased criminal behavior that impacts national security and prosperity. The law of war and use-of-force decisions will be tested beyond just cyberspace as ransomware attackers become bolder.

In May 2019, the Israel Defense Forces launched an airstrike against Hamas cyber operatives, demonstrating the physical consequences of cyber warfare. A whole-of-nation approach to cybersecurity is needed, requiring private and public collaboration.

The arrest of the REvil operator named Yevgeniy Polyanin in January 2022 provides a glimmer of hope in the fight against ransomware. The United States stands to learn as much from its partners and allies as it can offer them in this fight. However, the battle against ransomware is far from over, and continued investment in cyber capabilities is essential.

It is important to note that the views expressed in this article do not reflect the official position of the United States Military Academy, Department of the Army, or Department of Defense, or that of any organization the authors are affiliated with, including the Marine Corps, Army National Guard, and United States Cyber Command.