Keys Takeaways:
- More ransomware hackers have been apprehended, and the effectiveness of the authorities in their investigation into REvil today demonstrates that the fight against ransomware is not as hopeless as it appears.
- Hackers who use ransomware to extort money from their victims were once thought to be challenging to catch.Â
- The term “affiliates” is well defined in the network economy.Â
“Affiliates” are publicists who use “affiliate links” to send their readers or site visitors to advertisers’ websites and then receive a commission when the readers become customers.
Affiliates are free advertising partners who make money only through commissions rather than broadcasting ads. As a result, affiliate programs have a wide range of profitability. Some are good prospects to have your work gilded, especially for major websites; others, on the other hand, only yield a few coffee groats at best.
Ransomware operators like REvil have the most profitable affiliate systems available today. For some years, ransomware developers have relied on affiliates to deliver the software to other techniques instead of doing it directly.
These affiliates from the hackers obtain the program. They enter victims’ systems and upload ransomware, partially through sophisticated hacking capabilities and spam emails.
The victim then receives a part of the proceeds when they pay, usually 70-80%. In the meantime, the ransomware creators may relax and watch the money pour in. Affiliate seized a million-dollar pocketbook.
These affiliates were recently pre-buttoned by the FBI in the United States. The detectives have located Aleksandr Sikerin, a Russian citizen in Saint Petersburg.
Sikerin is accused of gaining illegal access to other systems, installing the REvil ransomware, and then laundering money, according to the FBI. Based on these allegations, officials seized an Exodus wallet from Sikerin, which contained 39.9 bitcoins worth $ 2.3 million.
According to the indictment, Sikerin is responsible for ransomware assaults that have resulted in about $ 200 million in ransom payments. Some of the ransom payments can be traced back to Sikerin’s wallet, now in the FBI hands.
It’s still unclear how the FBI managed to get their hands on “an Exodus Wallet.” Exodus is a wallet that works on both desktop and mobile devices.
It has been criticized because not all of the code is open-source. However, it is highly doubtful that the wallet contains such a large backdoor that the US government can seize money at will. Instead, it’s more likely that access will be gained by confiscating a device or a hack.
An international strike against REvil is being planned. It’s also possible that the wallet as part of a larger heist a month ago. The US Department of Justice charged a Ukrainian and a Russian behind one of the deadliest ransomware assaults on Americans in early November.
In July, it was specifically about the REvil ransomware attack on software vendor Kaseya. The attack spread over the world due to the software’s widespread adoption. As a result, thousands of businesses were affected, including all Swedish co-ops.
Yaroslav Vasinsky, a Ukrainian, was detained in Poland in October of that year. He and his Russian colleague Yevgeny Polynin are suspected of getting into the victims’ computers and infecting them with the REvil ransomware. Polynin, unlike Vasinsky, is still on the loose.
US police have seized Bitcoins and Monero worth more than $6 million in the course of this investigation, which can be linked to ransom payments. Europol and other law enforcement agencies were also involved, in addition to the FBI.
Two more defendants were arrested in Romania in early November for distributing REvil ransomware, according to Europol, while three suspects were apprehended in South Korea, according to officials. Investigators chased 12 individuals in total, alleging that they were behind ransomware attacks in 71 countries. However, it is hardly a flawless crime.
For a long time, ransomware was regarded as the “ideal crime” because it appeared that catching the offender was nearly impossible. However, the tide appears to be steadily turning now. At the very least, the inquiry into REvil’s activities has yielded positive results.
The hack of a celebrity law firm prompted the US government to refer to “cyber terrorism”; ongoing attacks on local governments, hospitals, and universities are believed to have worn out the authorities’ patience; and the Colonial Pipeline and Kasey hacks were the overflowing drips.
The Darknet and Bitcoin are compelling law enforcement agents worldwide to collaborate beyond national borders. We already know this thanks to several impressive victories against darknet markets. As a result, the police constantly employ the resources and skills acquired to fight against ransomware.
A shift in tactics appears to be promising as well. According to Kimberly Goody, director of security firm Mandiant, cracking down on affiliates could be more effective than going after the ransomware gang’s core.
Because the affiliates are not only closer to the crime scene (they, not the ransomware creators, are hacking the computer), but they are also less careful, and “their abilities are more in demand than encryption software,” according to the report. In addition, some affiliates work for more than one gang. So it’s possible that the bottlenecks in the ransomware economy aren’t the software creators but the affiliates.
It appears that contacting the software’s creators is tough. After the Colonial Pipeline was hacked in the summer, REvil’s creators took a step back. They’ve probably understood that a limit has been reached.
