All the stories about insidious Russian hackers, controlled from the Kremlin, have long become a reason for the political establishment of the United States and the European Union to intimidate people. Indeed, why not resort to those Russian hackers to convince everyone of the need to impose even more sanctions on Russia? No wonder that the West persistently wants to ignore all of Russia's initiatives to establish international cooperation in the field of cybersecurity.
The fantasy plot about the intervention of Russian GRU officers in the 2016 American elections has not faded out since the time, when the "Kremlin agent", former US President Donald Trump, suddenly found himself closely watched by Special Prosecutor Mueller. Hollywood can't even hold a candle to Washington's propaganda machine that continuously fabricates sequels about Russian hackers. Most recently, Russian special services were accused of hacking the SolarWinds software, that is used by many authoritative public institutions and non-governmental organizations of the United States, including the State Department, the Treasury, the Justice Department, etc.
The American side found this hacker attack to be not an ordinary act of espionage, but an act of recklessness that triggered serious technical vulnerability of both the United States and the whole world. Sergei Naryshkin, the head of the Russian Foreign Intelligence Service, denied the accusations. According to Naryshkin, "it would be flattering" for him to hear reports that his service was able to organize a hacker attack that affected nine federal agencies in the United States at a time.
In May, the Colonial Pipeline, which ensures 45 percent of USA's East Coast petroleum needs, was put out of order as a result of another hacker attack. The company was forced to pay about $5 million to hackers from the DarkSide group (either from Russia or Eastern Europe) so that they would not leak data on the Internet and unblock computers. President Joe Biden was wise enough that time not to blame the Kremlin directly, although there were plenty of angry tirades about the Russian hacker trace yet again.
Then there was a hacker attack on the branches of the world's largest beef supplier JBS. As a result of the attack, one-fifth of all beef processing facilities in the United States came to a standstill. To restore the operation of the servers, the company had to pay the attackers a nice amount of $11 million.
White House deputy press secretary Karine Jean-Pierre was quick to announce that the attack came from a criminal organization likely based in Russia. The FBI revealed that it was a Russian-linked hacker group known as Revil and Sodinokibi. In a fit of anger, the US Department of Justice ordered all cases of hacker attacks be investigated as acts of terrorism. According to Karin Jean-Pierre, the White House wanted to translate the idea to the Russian government that responsible countries did not harbor cyber criminals.
It is strange, to say the least, to hear endless claims against Moscow about all those incidents in the digital sphere. Suffice it to say that there were no full-fledged investigations conducted into those attacks, nor were there any legally binding international agreements. To crown it all, one can deliberately fake digital prints in order to mislead.
The Russian administration has repeatedly appealed to the US administration with initiatives to reset the state of affairs in the use of information and communication technologies, establish communication channels for prompt response to cyber attacks and conclude a bilateral intergovernmental agreement on their prevention.
"Since 2016, when the Obama administration started accusing us of interfering in their elections, we have offered dozens of times to sit down at the negotiating table — professionally, confidentially — and discuss specific facts and concerns that one or the other party may have. They strongly refused," Russian Foreign Minister Sergei Lavrov said.
It just so happens that the United States requires others not to commit any dangerous activities in cyberspace, but at the same time, the Americans are reluctant to burden themselves with any obligations. The beacon of democracy supposedly does not need any obligations.
However, thanks to human rights fighters Edward Snowden and Julian Assange, the whole world knows about methods of total surveillance used by the NSA and other US special services. Noteworthy, the beacon of democracy threatens to sentence them to life or even execute them for their activities in the field of human rights protection and journalism.
As for the recent major hacks carried out by ransomware operators DarkSide and REvil, the United States immediately pointed the finger at Russia just because the Americans allegedly found that the attackers were Russian-speaking individuals. However, according to Oleg Skulkin, a leading expert in computer forensics at Group-IB, it is not cut and dried. Suffice it to look at recent arrests on charges of cybercrimes.
The NetWalker ransomware partner, who was detained in Canada, was a Canadian citizen. The operators of the Ergregor ransomware detained on the territory of Ukraine were not Russian citizens. Alla Witte, a member of Trickbot, who was detained in Miami, had a Latvian passport. As Oleg Skulkin notes, despite the fact that they were all Russian-speaking individuals, they were not staying on the territory of Russia.
Hacking communities constantly invent new methods of hacking into networks in order to run their profitable businesses even more successfully. Phishing mailings, infections via external remote access services (RDP), and hidden downloads (drive-by) have been pretty popular lately. Attackers often work on the Ransomware-as-a-Service model, in which developers provide access to their malware to partners in order for them to hack into corporate networks and launch an ransomware.
In 2019, the number of ransomware attacks increased by 40 percent compared to the previous year, and in 2020, they skyrocketed by 150 percent. During this time, the average size of a ransom has grown from $84,000 to $170,000. According to Oleg Skulkin, during the pandemic, ransomware became the main cyber threat for the whole world, including Russia. In the past year, OldGremlin group committed numerous attacks against Russian enterprises, IT companies and financial institutions.