While there was no clear political message about the Medibank hack, the behavior of Russian ransomware gangs has changed over the past year, becoming more aggressive and brazen against Western targets.
The trend of cybercrime gangs embracing the Kremlin’s ideology or motives has accelerated since Vladimir Putin’s February invasion of Ukraine.
Speaking of Russian ransomware gangs in general, Internet 2.0’s co-CEO Robert Porter said: “They’ve been absorbed into the Kremlin’s ideology.”
This isn’t the first time the REvil ransomware gang has hit Australia. REvil was behind a ransomware attack on meat processor JBS in Australia and abroad last May.
Russian authorities arrested more than a dozen members of the REvil gang ahead of the Ukraine war, a move that was interpreted at the time as a gesture of Moscow’s concern for the United States About the Russian ransomware gang seriously.
The arrests “send a message of the benefits of cooperating with Russia, while highlighting the relationship deterioration” This Washington post reports.
Once the invasion began, Putin halted any efforts to restrict the gangs operating within Russian jurisdiction. Since then, as in many other areas of politics and society, a politicized polarization has gripped the world of hacking and cybercrime.
“We’ve been picking the ideology of ransomware gangs from the top, or tweaking the ideology from the bottom, through their messaging…” said Porter of Internet 2.0, an organization that tracks the activities of the web.
The devious nature of cybercriminal gangs, as well as their currency of choice, cryptocurrencies, complicates efforts to sanction those involved. Funds diverted from criminal hacking rings to regimes can undermine host country sanctions.
For example, the United Nations has concluded that North Korea has invaded approximately $5 billion in cryptocurrencies It was then used “to support its nuclear and ballistic missile programs to circumvent sanctions”.
At the same time, ransomware gangs can also relay information stolen by hackers to their own intelligence communities, creating another area of overlap between crime and geopolitics.
“They provide backdoors to all the victim organizations so that the intelligence community has immediate access,” Kellerman said.
Criminal gangs hacking and extorting for ransom schemes are aided by risk-averse companies unwilling to draw unwanted attention to intrusions. Historically, strong cybersecurity insurance policies have also made payment gangs an easier option.
Medibank refuses to pay ransomware gang.
The United States, Australia, and like-minded democracies have been adapting to this new form of cyber aggression, which thrives in part because it sits neatly outside any single commercial or law enforcement sphere.
The White House convened its second annual international anti-ransomware task force this month, bringing together representatives from 37 countries and the European Union. Their pledges include coordinating priority targets, aggressively sharing information on gang activity among governments, and applying anti-money laundering and counterterrorism rules for cryptocurrency providers.The task force will also “take joint steps to prevent ransomware actors from using Cryptocurrency Ecosystem get paid. “
Australia, as the inaugural chair of the international working group, will lead efforts to “coordinate resilience, disrupt and combat illicit financial activities” between member states.
Medibank hack and ransom follow High-profile hack of telco Optuswhere the identity documents of millions of customers were hacked.
Russian criminal gangs behind three-quarters of ransomware attacks Second half of 2021 In the United States.