Fearful chatter reveals unprecedented concern about future criminal operations, though some doubt Russia's commitment to stopping ransomware. Credit: Metamorworks / Morrison1977 / Getty Images The crackdown on members of the REvil ransomware gang by agents of the Kremlin’s domestic security force January 14 is sending a wave of distress and dread through the Russian hacker underground, according to researchers at Trustwave’s SpiderLabs.“What our researchers found was a great deal of anxiety and consternation from those who participate in these Dark Web forums regarding the FSB arrests and how those actions will impact them in the future,” Trustwave noted Friday in a company blog post.“The comments mentioned a general fear of being arrested, the possibility that their homeland is no longer a safe haven, and that cooperation with the United States and Russia will be a problem for their operations going forward,” the blog added.It cited one forum member declaring: “This is a big change. I have no desire to go to jail.” Russia acting on ransomware is rareAfter nearly a week of monitoring chatter on Russian hacker forums, we noticed a huge change from the past in tone among the members of the online meeting sites, says SpiderLabs vice president of security research Ziv Mador.“In the past, cybercriminals felt very safe in Russia,” he says. “As long as they didn’t attack local targets, they felt they’d be fine. Russian cybercriminals had been arrested traveling outside the country, but this time they were arrested in Russian cities,” he continues. “That was a shocking moment for them.” “Russia acting on any cybercrime report, especially ransomware, is especially rare,” adds John Bambenek, principle threat hunter at Netenrich, an IT and digital security operations company. “Unless it involves child exploitation or Chechens, cooperation with the FSB just doesn’t happen.”Was the Russian raid “a show” for international consumption?There were some skeptics of the significance of the REvil raid in the forums monitored by SpiderLabs. One forum member raised the possibility that the FSB operation was, in fact, faked or was only “a show” for international consumption, Trustwave noted. This thought allowed them to hold out hope that the FSB’s move would not end with serious punishments for the arrestees.“It is doubtful that this represents a major change in Russia’s stance to criminal activity within its borders—unless they target Russian citizens—and more that their diplomatic position is untenable, and they needed to sacrifice a few expendables to stall more serious geopolitical pressure,” Bambenek maintains. “In three months, if there isn’t another major arrest, it’s safe to assume no real change has happened with Russia’s approach,” Bambenek said. “Nevertheless, it’s a big arrest and will have significant short-term impact to reduce ransomware.”REvil had been inactive for monthsThe fact that the FSB targeted REvil, which had not been publicly active in conducting attacks since October 2021, is also significant, adds Chris Morgan, a senior cyber threat intelligence analyst with Digital Shadows, provider of digital risk protection solutions. “It’s possible that the FSB raided REvil knowing that the group was high on the priority list for the U.S., while considering that their removal would have a small impact on the current ransomware landscape,” he says.Dirk Schrader, global vice president at New Net Technologies, a provider of IT security and compliance software, adds that only time will tell if the REvil raid will decrease ransomware attacks. “It is too early to say whether such a level of international cooperation will turn into systemic efforts to put an end to widespread ransomware attacks,” he says. “Only consistent, united efforts to deprive the attackers of any safe harbor can ensure long term results.” Related content news analysis P2Pinfect Redis worm targets IoT with version for MIPS devices New versions of the worm include some novel approaches to infecting routers and internet-of-things devices, according to a report by Cado Security. By Lucian Constantin Dec 04, 2023 5 mins Botnets Botnets Botnets news Hackers book profit by scamming Booking.com customers Malicious elements are using Vidar infostealer to gain access to Booking.com’s management portal and defraud customers. By Gagandeep Kaur Dec 04, 2023 4 mins Cyberattacks Cybercrime Security opinion Proactive, not reactive: the path to ensuring operational resilience in cybersecurity The experience of the financial sector in dealing with threats is instructive to anyone in the cybersecurity space — there’s no substitute for getting out ahead of potential risks and problems. By Cameron Dicker Dec 04, 2023 6 mins Financial Services Industry Financial Services Industry Financial Services Industry feature 4 budget-savvy strategies for building an effective purple team Building a purple team is not only for organizations with a generous budget. From the shoestring one-person operation harnessing open-source power to the well-oiled machine of a comprehensive team, organizations of all sizes have a pathway to heighte By Maril Vernon Dec 04, 2023 14 mins Threat and Vulnerability Management IT Training Risk Management Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe