Russian Ransomware Groups Rebranding to Evade Western Sanctions and Continue Operations
Russian ransomware groups have been rebranding themselves to avoid Western sanctions, according to recent reports. The move is seen as a response to the increasing pressure being applied by Western governments on Russia’s cybercriminals.
Russian Ransomware Groups Rebranding Themselves to Avoid Western Sanctions
In 2019, the United States imposed sanctions on a Russia-based group known as Evil Corp, which was accused of stealing over $100 million from more than 300 banks. Since then, there have been numerous instances of Russian ransomware groups being targeted by Western governments.
In October 2021, the US Cyber Command blocked the website of the Russia-based REvil ransomware group, depriving the group of the medium they used to extort and negotiate ransoms from victims. However, this move has not deterred other groups from continuing their activities.
According to reports, some Russian ransomware groups have rebranded themselves and changed their tactics to avoid being caught by Western governments. For example, the computer code behind the massive ransomware attack by the Russian-speaking hacking ring REvil was written so that the malware avoids systems that primarily use Russian.
One Russian ransomware strain, Ryuk, made an estimated $162 million last year encrypting the computer systems of American hospitals during the pandemic and demanding fees to release the data.
The rebranding of these ransomware groups is believed to be an attempt to stay ahead of Western sanctions and continue to operate with impunity. The move has made it difficult for Western governments to track and target these groups, which has led to an increase in ransomware attacks.
The nearly nonstop series of new US sanctions being levied in a bid to halt Russia’s war machine have complicated events for companies facing their own external threat: ransomware. Some have found themselves caught in the middle, unable to pay ransoms because of sanctions or blocked transactions.
The Russian government has denied any involvement in ransomware attacks and has accused Western governments of using cybercrime as a political tool to target Russia. However, the rebranding of Russian ransomware groups suggests that they are aware of the increasing pressure being applied by Western governments and are taking steps to evade detection.