Another Trickbot developer, Latvian Alle Witte, was handed a two-year eight-month sentence in June last year. That matters as Trickbot was a real threat, and used to deploy the Ryuk ransomware. It was serious enough that the US Department of Defence felt the need to tackle it.
Patience is clearly required when it comes to dealing with cyber criminals. One of the most wanted criminals by the US Federal Bureau of Investigation, Ukrainian Vyacheslav Penchukov pleaded guilty to deploying the Zeus malware in February.
Zeus has caused millions of dollars in damages and has been around since 2007, with the authorities trying to stamp out its use since 2014.
Going through the US Department of Justice announcements since December 2023 on cybercrime takedowns, you can’t help noticing that a large number of cryptocurrency cases are mentioned.
Like the alleged US$1.9 billion HyperFund/HyperVerse fraud case in which charges were laid against
Australian Sam Lee along with two Americans, “Bitcoin Rodney” Burton and Brenda “Bitcoin Beautee” Chunga who promoted the scheme. Chunga has pleaded guilty already.
It’s possibly not related, but given how prominent cryptocurrency is in the ransomware business, it’s not beyond the realm of imagination that what the cops have learnt when tracking fraudsters in that field has been put to good use against other cyber criminals.
Two big ransomware gangs look like they got a deserved kicking recently as well. The first one, ALPHV or BlackCat, which was thought to be the second-most prolific ransomware-as-a-service operation currently, active since 2021 and which has brought in millions of dollars in extortion money.
ALPHV/BlackCat hit MGM Resorts, healthcare organisations and government agencies, and the FBI said it had managed to seize some of the gang’s infrastructure in December last year. There’s more to come, with the gang leaders yet to be identified and charged.
An even bigger win for law enforcement was against the LockBit gang, announced this month. LockBit is another ransomware for rent, with affiliates buying access and being behind the attacks.
It is the most prolific ransomware currently, responsible for something like 44 per cent of recorded attacks in 2023, bringing in well over $100 million from victims desperate to get access to their data.
This time around, UK and European police forces infiltrated the LockBit operation and were able to identify and charge several of the criminals. Three people have been arrested, and two Russians named are still at large.
Better yet, police were able to get hold of the LockBit source code along with decryption keys, which could be used to unscramble attack victims’ files.
Plenty of LockBit infrastructure was seized, along with 2200 Bitcoin worth something like NZ$183 million.
As a reminder that paying a ransom guarantees nothing, police discovered that LockBit didn’t delete the data it had exfiltrated with the StealBit application, despite promises to do so.
Apart from patience and diligent intelligence gathering, law enforcement is “hacking back” against criminals through greater collaboration and information sharing which is now becoming formalised.
For example, the US and Australia agreed to provide access for authorities in both countries to “electronic data for the purpose of countering serious crime” in 2021. The agreement came into effect at the end of January this year, and Australia has a mandatory data retention regime for service providers.
Cyber criminals on the other hand have limits in that respect. There is a level of collaboration with developers being involved in several different ransomware families, security researchers have found, but the saying “no honour among thieves” applies.
Even so, ransomware payments shot up to a record US$1.1 billion last year, and are trending upwards, cryptocurrency tracking firm Chainalysis said. We’ll see if the more aggressive approach by the police puts a dent in that figure this year.