Analysis of dark web chatter suggests that some ransomware affiliates worry law enforcement might come for them next.
Cyber criminals are becoming anxious about being tracked down by law enforcement agencies following the high-profile arrests of suspected members of one of the most notorious ransomware groups.
There's a consensus among cybersecurity experts that
many of the major ransomware operations work out of Russia, with the authorities willing to turn a blind eye towards attacks targeting the West. But following arrests throughout the region, some cyber criminals are wondering if the risk is worth it.
"This is a big change. I have no desire to go to jail," wrote one forum member.
"In fact, one thing is clear, those who expect that the state would protect them will be greatly disappointed," said another.
There's even concern that administrators of the dark web communities – who would have details about their users – could be coerced into working for law enforcement following arrest.
Such is the paranoia among some forum members and ransomware affiliates that they suggest moving operations to a different jurisdiction, although this is unlikely to be a realistic option for many.
"Those that are seasoned in cybercrime understand that by moving outside of Russia, they'll be taking on an even greater risk of being arrested by international law enforcement agencies. These agencies that are keeping tabs on cyber criminals will be watching for such potential moves," Ziv Mador, VP security research at Trustwave SpiderLabs, told ZDNet.
"Also, there is a large talent pool in Russia already, so more members and affiliates can always be recruited. Recruiting can become more difficult in other geographies. There is a level of trust that is required, and that trust diminishes the further away a prospective member is from 'home base'," he added.
"It was necessary to think before climbing and encrypting multi-billion-dollar companies, schools, states. With whom did they dare to compete?" one user wrote.
"They climbed everywhere indiscriminately without understanding which country [they were attacking]," said another.
"Some cyber criminals may feel like REvil spoiled the ability to earn a living by attracting too much law enforcement attention and political powers. This kind of activity may have triggered a lack of sympathy by forum members," said Mador.
Source - Danny Palmer – January 22 2022 - ZDNet