Russia's Sway Over Criminal Ransomware Gangs Is Coming Into Focus

Thanks to an apparent safe harbor the Russian government gives to Russia-based gangs, they are some of the most prolific and aggressive in the world. The Kremlin doesn't cooperate with international investigations and doesn't prosecute cyber criminals unless they don't attack domestic targets. The question of whether the gangs are connected to the Kremlin's hacking is a longstanding one. The answer is getting more clear.

New research presented at the Cyberwarcon security conference in Arlington, Virginia, today shows that organizations based in the United States, Canada, the United Kingdom, Germany, Italy, and France are at higher risk of being attacked by ransomware in the run up to national elections. According to the findings, there is a loose but visible alignment between Russian government priorities and activity and cyberattacks leading up to elections in six countries.

The project analyzed a database of over 4,000 attacks against people in over 100 countries. The analysis showed a significant increase in the number of attacks from Russia-based gangs against organizations in the six countries ahead of their national elections. Three-quarters of all the attacks were committed by these nations.

The data was used to compare the timing of attacks before the elections for groups attributed to being based out of Russia and elsewhere. Based on our findings about the increase of attacks before elections, our model looked at the number of attacks on a daily basis.

The data set was culled from dark web sites where gangs try to shame and blackmail victims into paying up. A researcher and a scholar at the internet observatory focused on popular double extortion attacks in which hackers break into a target network and steal data before planting a piece of software to make it harder to recover. The attackers demand a large amount of money in order to keep the data private. The data collection was thorough and the groups typically have an interest in publicizing their attacks.

There was no statistically significant increase in attacks in the lead up to the elections. The researchers found that organizations in the top six victim countries were more likely to be attacked by a Russia-based gang than the baseline.