U.S. officials allege Russians have long garnered support from a government that encourages their work because it generates intelligence for spy services and sows chaos and confusion in the West.
Experts pointed to the case of Maksim Yakubets, 33, as an example of a hacker seeking to profit from his crimes while helping out Moscow. In late 2019, the U.S. government indicted the flamboyant Ukrainian-born and Russia-based hacker, a leader of a cybergang called Evil Corp, on charges he helped develop malware that was used to steal tens of millions of dollars from banks and other financial institutions. Some of the malware created by Yakubets assists in the installation of ransomware, authorities say.
The Treasury Department went further when it announced sanctions on Yakubets, alleging he worked for a Russian intelligence organization and “provided direct assistance to the Russian government.” Starting in 2017, he was tasked by the Kremlin, the Treasury Department alleged, to acquire “confidential documents through cyber-enabled means and conducting cyber-enabled operations on its behalf.”
Yakubets, who resides in Russia, could not be reached for comment.
Hackers in Russia have spent decades penetrating computer networks of retailers, banks, hospitals, and other businesses to steal sensitive personal information to sell on the black market, cybersecurity experts say. About 10 years ago, hackers began turning to ransomware, a shift that cybersecurity experts likened to a U.S. crime wave in the 1920s and 1930s in which gangsters turned from robbing banks to more profitable and easier kidnappings.
It’s a fairly simple scheme. Hackers trick people into clicking on an attachment or a link in an email that contains malware. The malware infects the servers and encrypts the data, locking out legitimate users, and hackers then demand a ransom payment in exchange for a key that reopens the networks.
Thanks to the popularity in difficult-to-trace cryptocurrencies, the crime has steadily proliferated. In 2015, the FBI reported, U.S. victims paid about $25 million in cyber ransom. By 2020, such victims paid at least $350 million in ransom to hackers, a 300% increase over the previous year, according to a report issued by the Institute for Security and Technology.
Hospitals, school systems and police departments are frequent victims because they either rely heavily on digital records or have relatively lackluster defenses. Cybersecurity experts say hackers also target companies that operate critical U.S. infrastructure, which often have deep pockets and face immense pressure to limit disruption of their services.
“Russia loves this kind of hack because it disrupts everyday life for Americans,” said Frank Montoya, a former FBI counterintelligence agent.
Colonial Pipeline, which supplies about 45% of the jet fuel, gasoline and heating oil consumed on the East Coast, last month paid $4.4 million in bitcoin to hackers to unlock its networks after it was taken over by ransomware.