Sanctions thwart Russian hackers from waging ransomware attacks

Earlier this year, experts predicted the opposite, following a downturn in attacks.
Depiction of a hacker
By Susan Katz Keating

Despite predictions that Russian ransomware attacks would increase after that country invaded Ukraine, the incident number has significantly dropped, according to U.S. officials.

"We have seen a recent decline since the Ukrainian invasion," said Rob Joyce, the U.S. National Security Agency's director of cybersecurity. 

The reasons include a mix of defensive measures and the side effects of Western sanctions against Moscow, Joyce said last week while addressing a security forum.

Western sanctions, he reported, have prevented Russian hackers from accessing their own financial institutions.

"We've definitively seen the criminal actors in Russia complain that the functions of sanctions and the distance of their ability to use credit cards and other payment methods to get Western infrastructure to run these [ransomware] attacks have become much more difficult," Joyce said. "We've seen that have an impact on their operations."

The result, he said, is that "it's driving the trend down a little bit." 

Earlier this year, experts predicted the opposite, following a downturn in ransomware assaults.

Before the war started, the international cybersecurity community saw "steady, yet fragile" reductions in ransomware attacks, according to a report from Covewar, a Connecticut-based group that monitors such attacks. 

"Law enforcement operations had been ramping up, with multiple arrests, disruptions and seizures," the group wrote in a March report. "Even Russia had shown a glimmer of cooperation by arresting several high profile members of a notorious ransomware group."

But, Coveware warned, Western economic sanctions in response to the war would prompt Russian hackers to use ransomware attacks as a way to generate a basic income.

"The severity of the sanctions that continue to pile up have created an environment that could lead to an explosion in the volume of people that turn to ransomware as a means to support themselves," the group cautioned. "The isolation that Russia now faces has the potential to create a perfect safe haven for cyber criminals."

Instead, the hackers were thwarted by not being able to use their credit cards and banks, Joyce said. They also met added resistance from potential targets, he noted.

Shortly before Russia invaded Ukraine, cybersecurity officials were concerned about potential ransomware incidents, and urged private Western companies to beef up their  defenses. 

"Companies of any size and of all sizes would be foolish not to be preparing right now," U.S. Deputy Attorney General Lisa Monaco told the virtual Munich Cyber Security Conference in the days before the invasion. "They need to be shields-up and really be on the most heightened level of alert."

While Western companies heeded the warnings, the risk remains that Moscow could launch future attacks, officials said.

"Russia is continuing to explore options for potential cyberattacks," the Cybersecurity and Infrastructure Security Agency's Matthew Hartman said last week. 

Possible targets include U.S. infrastructure, such as energy, finance, and telecommunications, the FBI has warned. 

The FBI's director, Christopher Wray, will address cyber threats overall on Wednesday, at a conference at Boston College.