News Insights: Russian Intelligence Working with Prominent Ransomware Gangs

New research from Analyst1 has been published claiming that Russian Intelligence are working with prominent ransomware gangs to compromise U.S. government and government-affiliated organizations. The hacking group used a variation of the Ryuk ransomware called “Sidoh”, which was specifically created for espionage according to the report. An expert XSOC Corp. offers perspective.

News Insights:

Richard Blech, CEO and Founder, XSOC Corp says:

Despite President Biden’s meeting with Vladmir Putin attempting to subside the nations’ tensions with one another and reduce the organized cyberattacks upon the United States, Russia is clearly unabated and relentless. While Putin may not be the party behind this organized crime, his country is saturated with malicious cybergroups who are relentless with their attacks on the United States cyber infrastructure.

In the past, we’ve seen individual Russian cybergroups single-handedly execute colossal attacks and pridefully take ownership of these attacks, the most recent being REvil’s attack on Kaseya. However, now, Russian cybergroups are now thinking outside the box, working with intelligence bureaus to target the United States. Besides using ransomware for financial gain, we’re also seeing Sidoh for espionage. These collaborative efforts are for multiple gains are not something the United States government and businesses are even remotely prepared for. If one group solo can cause such extreme damage to SMBs, just imagine the severity of multiple organized cybercrime groups in partnership with Russian intelligence bureaus.

It doesn’t necessarily matter who is behind the constant barrage of attacks; what matters most is that we know the threats are ever-present. But the knowledge of these threats means nothing if we don’t arm ourselves with the proper security measures, recovery response plans, and technology in place to protect ourselves. As Russia’s efforts to attack increases, our ability to defend ourselves needs to increase as well.

These attacks continue to exploit our systems and how we manage data and how we store sensitive data. Mitigating this risk can be accomplished by stronger access controls to sensitive data as well as encrypting data at the file level and storing the encrypted data off-premise, separate from the decryption keys. Additionally, The US needs to respond reciprocally to Russia in the strongest possible manner, or else Russia will continue attacking us without fear of retribution. “