Ransomware Rascals Busted Hawaii Five-O Style

Image credit: iStockphoto/FOTOKITA

Remember the famous TV cop show “Hawaii Five-O”? The show featured Jack Lord as a tougher-than-granite police detective captain whose signature catchphrase (“Book 'em, Danno!”) crept into the popular lexicon. Later, “Five-O” became street slang for any and all police.

Security gurus across the globe applauded when Romanian police, the U.S. Department of Justice (DOJ), and Europol pulled a dramatic “Book 'em, Danno!” moment with an announcement of raids conducted on alleged international ransomware actors.

“The raids, which took place both on and offline, led to the arrests of two alleged hackers in Romania and one from Ukraine,” said a BBC article.

“[U.S.] Attorney General Merrick Garland and other top officials announced charges against Ukrainian Yaroslav Vasinskyi and Russian Yevgeniy Polyanin, alleging them to be part of the REvil ransomware gang,” said the AP. “Officials said Vasinskyi was recently arrested in Poland and that the US government had recovered USD6.1 million in ill-gotten funds from Polyanin.”

“Prosecutors say Vasinskyi was involved in a number of REvil ransomware attacks, including the July 2021 attack against Kaseya, a Miami-based company whose products help system administrators manage large networks remotely,” said author and security expert Charles Krebs.  

“Yaroslav Vasinksyi’s Vkontakte profile reads 'If they tell you nasty things about me, believe every word'.”

Expert plaudits

Security experts worldwide applauded the law enforcement action. “Through both arrests and asset recovery, the U.S. government is increasingly making it harder for ransomware criminals to operate,” says Bruce Schneier, chief of security architecture at Inrupt. “Removing those criminals' ability to operate with impunity will increase security for everyone.”

Book 'em, Danno!

“I hope the bust will affect some of the senior leadership of the gang. Taking some younger affiliates or money launderers away won't make a big difference…except it might drive the group underground for a while,” says Mikko Hyppönen, chief research officer at Finland-based security firm F-Secure. “In any case, any law enforcement action is a win in my book, as it shows the kids that crime pays and you should consider twice before entering the world of cybercrime, even if it looks tempting.”

“Good news is rare in cybersecurity, especially in the last 18 months when the surge in ransomware attacks has targeted everything from public institutions to schools and hospitals, but this is unequivocally great news,” wrote Joe Tidy from the BBC.

Tidy says the REvil mob “operated with complete confidence and arrogance” and created a “'Happy Blog' where they would name and shame victims who didn't pay their ransoms...they even had a live chat portal and were happy to brag about their work to reporters like me.”

This type of amoral behavior seems typical of today's cybercriminals — at least the younger ones from Eastern European countries with notoriously lax law enforcement. A cynical attitude of “oh well, they deserved it” pervades, and moral bankruptcy is practically a virtue in this murky realm. If you hear nasty things about these criminals, believe every word.

Adding to the nihilism is the preferred ransom currency: cryptocurrency, supposedly untraceable. But is it?

Follow the (digital) money

“The U.S. also announced that it had successfully retrieved more than USD6m in cryptocurrency from the gang in a so-called "claw back" hacking operation,” said the BBC.

Yaroslav Vasinksyi’s Vkontakte profile read: “If they tell you nasty things about me, believe every word”

This isn't the first time crypto has been seized from ransomware miscreants. “The Justice Department in June seized USD2.3 million in cryptocurrency from a payment made by Colonial Pipeline following a ransomware attack that caused the company to temporarily halt operations, creating fuel shortages in parts of the country,” said the AP.

Security now for the future

Will this law enforcement action, however welcome, stifle all ransomware? Doubtful. As Schneier said in a CDOTrends interview: “This stuff is actually hard — take it seriously.”

“Many years ago, William Burroughs pointed out the futility of arresting drug dealers,” says Richard Stagg, director & managing consultant for Hong Kong-based Handshake Networking. “Burroughs said as long as the demand is there, people will always step up to provide supply.”

Criminal organizations like REvil are much the same, says Stagg, who also suggests that the alleged perpetrators be rounded up and, after due process of law, be “left alone in a room full of tired sysadmins and CISOs, with pointy sticks.”

“It's nice that there's been some coordination between law enforcement agencies in various countries,” he says, “but as long as there are vulnerabilities and as long as there are businesses willing to pay ransoms, another bunch of miscreants will take their place. They'll probably retreat to the safety of eastern Europe, but they'll continue the never-ending 'supply side' of ransomware. The only thing that will actually fix this problem is removing the 'demand side': cleaning up security postures, implementing zero trust, making sure you're not a soft target.”

This is the crux. No matter how many criminals are corralled and stripped of their filthy Bitcoin lucre, there will be supply as long as there's profit in illegal activities. Chief digital officers must remain aware that their best defense is hardening their weak points and maintaining due diligence on cybersecurity matters.

Stefan Hammond is a contributing editor to CDOTrends. Best practices, the IoT, payment gateways, robotics, and the ongoing battle against cyberpirates pique his interest. You can reach him at [email protected].

Image credit: iStockphoto/FOTOKITA