REvil ransomware gang's websites vanish soon after Kaseya fiasco, Uncle Sam threatens retaliation The clear and dark web sites run by the REvil ransomware gang have gone offline, leaving netizens wondering if the extortionists have closed down – or been closed down. At time of writing, all of REvil's portals and infrastructure – used to negotiate and collect ransom payments, and leak stolen data to encourage victims to …
Only if they have done something to piss off the Russian government, and Putin hands them over as a favor to Biden - expecting some type of favor in return.
The US isn't going to kidnap people out of Moscow for this type of crime, knowing that it could create an international incident and risk the rendition team ending up in a Russian Gulag if something goes wrong.
I suggest KGB Vlad is a tad pissed off. He lost his puppet and knows Joe et al mean business, honest business that is not Trump/GOP business.
Suggestion "drinking in a bar in Moscow or wherever and wake up in an hotel room in a country that has an extradition warrant with the US and the local cops knocking at the door."
Reply. "The US isn't going to kidnap people out of Moscow for this type of crime,"
The USA wouldn't be, Putin's goons or similar would
If the Russians take their kid gloves off they would be capable of curtailing the interest in such activities (see https://www.upi.com/Archives/1986/01/06/Kidnapped-Soviets-released-through-castration/2113505371600/). If one would consider it acceptable to solve problems the Draka way is another question, even if it would be "effective" to remove hands and eyes of ransomware creators.
I suggest KGB Vlad is a tad pissed off. He lost his puppet and knows Joe et al mean business, honest business that is not Trump/GOP business.
Yup. Good, honest business. Like making sure Ukraine allows good, honest business. Or personally helping good, honest Americans attract Chinese investment. Or even creating a safe, anonymous way for honest Americans to invest in honest American art.
But I digress. Meet the new boss, much the same as the old boss. As for realpolitik, I think it comes down to who you believe. Putin says America hasn't been very co-operative when it comes to cybercrime. That's something America could test, ie US law enforcement passing details of attacks to Russian law enforcement, then seeing if Russia reacts. If you're not the target of an attack, it's a lot more difficult to figure out where it originated, and how to shut it down. This may be an example of co-operation in action and joint policing in action.
But such is politics. For us geeks, it's frustrating that a lot of this stuff comes down to hearsay. Russians attacked America! America may retaliate! But show us some of the evidence. Some of us understand traffic logs & routing. Yup, that traceroute terminates inside Russia.
But being geeks, we also understand how botnets work. So there's proabably a lot of unprotected or poorly protected hosts and servers within Russia that could be turned into bots, much as there are throughout the world. The C&C servers perhaps get a bit more interesting, but those could also be compromised servers, and the criminals behind those servers could be anywhere in the world.
It's a tough problem to solve, and being an international problem, best solved by LEA co-operation.
more like 200 years, and if you consider the Poles...
obviously, nobody's ever wanted to 'eliminate' Russia, they merely wanted to exploit it, in a good old fashion imperialistic way.
...
unlike Soviet Union and Russia of course! - who've been making equally long-term efforts to 'liberate' all those around them, and further afield. Did I mention 'America'? Ah, yes, America...
This post has been deleted by its author
So this will take a little pressure of Putin, I expect that someone has had a word with the folks running the website and told them to close it down. That's probably all that's happened and a new site will appear in a while and everyone will say that it's a different bunch. Shutting down the website is not going to eliminate the Ransomware.
President Biden had a phone call with Russia's President Putin about the worldwide ransomware epidemic
1. This does not solve the issue one bit. The problem is still dancing right in front of us, butt naked: A lot of systems are still woefully unpatched, out-of-date, vulnerable and very-much-accessible from the Internet. Like I said, butt naked.
2. Pres Biden probably told Putin to "stop attacking our systems (in the US)" and this, to me, implies anyone else outside of the US is "fair game".
3. What about countries like Iran, North Koreans and PRoC? It is not as if they do not have hackers of their own.
I spent a decade playing at the level of assembly language. I ocassionaly poked my head into what the compiler guys are up to.
Almost all of the artifacts that I have seen published regarding the identification of these groups beyond native language strike me as being pretty easy to fake at the compiler level. The only question is if these teams have anyone with the current skills to do so.
Of course, if they're not stripping the symbol table, they're just being lazy.
My point is that I'm pretty sure that a team with the skills one would expect of a (more or less) major state actor can reskin more easily than their counterparts can reattribute.
Indeed. While there's been some excellent research in the past couple of decades into things like function-point matching and gadget matching, and it would be easy to apply other attribution techniques (such as CNN stacks identifying machine-language-level features to infer coding patterns), that's typically not what at least the published researchers are typically doing. In the accounts I've read (and I've read quite a few), researchers typically use a combination of string signatures, program features such as avoiding presumed Russian-language systems (such as the "don't run if the Russian language pack is installed" trick), and subjective judgements about style.
And, of course, groups like this often sell their tools, either while they're still operating or after they close up shop. So a completely different group might rebrand the REvil materials.
And other groups are perfectly capable of getting hold of the REvil malware and reverse-engineering it to pick up ideas for their own stuff. Anything defenders can do, attackers can do.
Attribution is a moderately useful heuristic for getting some sense of the attack landscape. It's not proof of anything.
Hunt these people down. Put them in lockable woolen long johns and house them in tents in death valley USA. Make them use and change their own diapers as toilets. Feed them the new prisoner food that can sustain life but tastes like shit. all liquids must be taken by a baby bottle, if caught not sucking through the nipple of the bottle it's off to a public spanking of 25 wacks on the ass in front of the other prisoners.
This punishment is befitting the crime and is not cruel and unusual. They act like spoiled children and babies in outside life with their hacking, then we in society can treat them like babies in prison.
"This punishment is befitting the crime and is not cruel and unusual. They act like spoiled children and babies in outside life with their hacking, then we in society can treat them like babies in prison." Other than the word "hacking" that perfectly describes the Trump GOP. i.e. not what the GOP used to be.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
