Current News

/

ArcaMax

Ransomware hackers remain largely out of reach behind Russia's cybercurtain

Del Quentin Wilber, Los Angeles Times on

Published in News & Features

The FBI said the hackers relied on malware provided by DarkSide, a Russia-based cybercrime group that sells hackers malware in exchange for a cut of ransom proceeds; Biden said the hackers were also believed to be located in Russia.

On June 2, the bureau attributed a ransomware attack on the U.S. and Australian computer servers of JBS, the world’s largest meat supplier, to a notorious Russia-linked cybergang that goes by the name REvil or Sodinokibi. The hack forced the company to idle plants, raising concerns about potential surges in meat price and shortages. JBS issued a statement on Wednesday saying it paid $11 million in ransom.

Identifying such hackers is not easy, former federal agents say. Capturing them is even tougher. Moscow refuses to extradite cybercriminals, and it alerts them when U.S. authorities file arrest warrants with international police agencies, former law enforcement officials said.

The Justice Department has successfully extradited 18 Russian hackers of the dozens wanted on computer crime charges — when they slipped up and visited other countries on vacation or business, officials said.

Yet even when such hackers are arrested outside Russia, they don’t always end up in U.S. courtrooms. Russia exerts enormous political pressure on foreign governments to block extradition to the U.S., and it has lodged competing charges in the hopes of convincing judges to send citizens home, where prosecutions are quickly dropped, according to former federal law enforcement officials.

 

Alexsey Belan, a Russian national, was arrested in Greece in 2013 on U.S. hacking charges but managed to make bail and slipped back to Russia, with Moscow’s assistance, federal law enforcement officials say.

Back home, Belan allegedly wasted no time getting back to his computer terminal. He was was indicted in the U.S. in 2017 on charges of orchestrating the massive security breach of Yahoo. Information from more than 500 million accounts were stolen in the cyberattack, which an indictment alleged was directed by two Russian government agents.

Robert Anderson, a former top FBI official, said that combating Russian hackers was among his most challenging jobs at the bureau.

“It is difficult to address this when the line between state and criminal is so blurry,” he said.

©2021 Los Angeles Times. Visit at latimes.com. Distributed by Tribune Content Agency, LLC.