RPT: ANALYSIS - Russian FSB Eliminating REvil Hackers Puts Pressure On Other Known Threat Actors

Ekaterina Chukaeva - The elimination by Russia of the REvil hacker group whose members are accused of large-scale cyberattacks on US companies, including the shutdown of the Colonial Pipeline in May and a cyberattack on the meat giant JBS, represents a significant shift and creates pressure on other known threat actors, experts told Sputnik

WASHINGTON (UrduPoint News / Sputnik - 19th January, 2022) Ekaterina Chukaeva - The elimination by Russia of the REvil hacker group whose members are accused of large-scale cyberattacks on US companies, including the shutdown of the Colonial Pipeline in May and a cyberattack on the meat giant JBS, represents a significant shift and creates pressure on other known threat actors, experts told Sputnik.

The announcement about the arrested was made by the Russian Federal Security Service (FSB) last week. The agency added that people had been detained during raids after it received a request from the United States.

"FSB taking down the REvil group to accommodate the US represents a significant shift and puts pressure on other known threat actors," Christian Have, a chief technical officer (CTO) from the Danish LogPoint group that enables organizations to convert data into actionable intelligence, told Sputnik.

He noted that while it is satisfying to see the consequences for cybercriminals, cracking down on threat actors will hardly eliminate the ransomware problem.

"The amount of money out there is staggering, and organizations still pay ransoms. Instead, it's like smashing a hornets' nest, creating a more fragmented threat landscape. It has been a blessing for the cybersecurity industry that the very sophisticated groups have used the same tactics repeatedly, making detection easier," he explained.

However, in the current environment, the world is risking losing the advantage, he added.

"Maybe the level of sophistication will decrease as the ransomware economy decentralizes. Still, we will see way more innovation, which will provide a difficult challenge for cybersecurity professionals working to protect organizations," he concluded.

Sam Curry, a chief security officer at Cybereason, a Boston-based cybersecurity technology company, believes that while the organization took a blow, new actors will rise to fill the hole.

"The bottom line for those outside Russia is that a major player is taking a hit, which will mean a reduction in victims for the time being," Curry said. "As with most criminal syndicates, though, there's always another player around to fill the void."

However, until Russia actually changes domestic policy with regard to international cyber crime, Curry added, the rest of the world should not read too much into it.

Meanwhile, the US administration said that it welcomed the detentions of REvil members, adding that Russia's actions against REvil are very important and represent what the United States is looking for in the future. Washington added that the administration expects Moscow to pursue legal action within its own system against the arrested hackers.

The vulnerability of US pipelines was illustrated by a ransomware attack in May that forced the temporary closure of a Colonial Pipeline, which carries gasoline, diesel and jet fuel from the state of Texas to much of the eastern United States. The pipeline reopened when operators paid the hackers about $4.4 million.

The attack on meat-producing giant JBS USA happened in late May and led to the temporary closure of all of its beef factories in the US. The company later said that it paid extortionists $11 million.