Last week, I did want to imply law enforcement is sitting idle, powerless to combat the problem posed by ransomware. There was encouraging news last month when Ukrainian law enforcement, in cooperation with South Korean and U.S. investigators, had arrested six suspects allegedly tied to the notorious Cl0p ransomware group. Cl0p had been responsible for the 2020 attacks on the University of California, Stanford University Medical School, and the South Korean online commerce giant E-Land.
The U.S. Federal Bureau of Investigation said, “Regardless of where a criminal resides, we will pursue. We will make traveling, business relations, and networking painful for those who commit these acts. We will stay on the case, and we will catch them when they slip up.” The occasion was the issuing of arrest warrants for Faramarz Shahi Savandi and Mohammad Shah Mansouri, who had masterminded the SamSam ransomware in 2015. The two had been tracked in part because Bitcoin is so easily traced. The problem is that the Bitcoins were traced to Iran. Currently, Iranian authorities have yet to arrest much less extradite anyone.
It seems that a majority of ransomware gangs are based in the Russian Federation. The Ryuk gang that successfully attacked U.S. hospitals in 2020, the DarkSide gang that took down Colonial Pipeline in May, and the REvil gang, which recently hit the global meat supplier JBS, are all Russian. Investigators have followed the Bitcoins to the crooks, and the U.S. Department of Justice has indicted Russian citizens, but so far, no arrests or prosecutions. Evil Corp mastermind Maksim Yakubets, under indictment in the U.S. since 2019, remains safely at home in Russia while tooling around in his $250,000 Lamborghini.
The problem, it seems, is political. Russia does not have an extradition treaty with the U.S. and seems to be going out of its way not to help. For years Russian President Vladimir Putin has said openly that if cybercriminals are not breaking Russian laws, he has no interest prosecuting them. His 2016 interview with NBC News where he says this can be found on YouTube.com. The situation has gotten so bad that U.S. authorities didn’t bother asking for assistance from Russia when the Darkside gang struck Colonial Pipeline in May this year.
Obviously, ransomware is not going away any time soon; it is simply too profitable for the criminals. While the legal and political situation appears hopeless, at least for now, there are steps you can take today to minimize paying a ransom to recover your data if you are attacked. It is simple, really: you only need to take responsibility for backing up the documents, photos, videos, and other data files you do not want to lose. If you have a backup copy of your files, you will never need to pay a ransom to get them back.
Charles Miller is a freelance computer consultant, a frequent visitor to San Miguel since 1981, and now practically a full-time resident. He may be contacted at 415 101 8528 or email FAQ8@SMAguru.com.