Ukraine, in collaboration with South Korea and the US, arrested members of the C10p ransomware gang. It marks the first time a national government made such an arrest.
Ransomware has been an incredibly hot topic of late thanks to numerous high-profile attacks. The Colonial Pipeline and JBS attacks are just two examples. This type of attack is a primary vector for threat actors in industries like healthcare, education, law firms and others that struggle to keep pace with cybersecurity efforts. But over the last year, cyber attacks of all kinds have increased, ransomware included. Now that ransomware has been used on our supply chain, governments around the world are cracking down on those caught perpetuating that activity. This month, Ukraine made an example out of a ransomware gang C10p when it arrested some of its members.
The Ukrainian police released a statement that it worked with Interpol, US authorities and South Korean authorities to charge six members of C10p. The charges allege that $500 million in damages was done to victims based in the US and South Korea. With the three countries and Interpol working together, this marks the first time that a national law enforcement agency arrested multiple members of a ransomware gang.
C10p is known to hold data hostage for ransom, as well threatening to leak sensitive information if the victim refuses to pay. Its most recent targets in the US include Shell, Stanford University and the University of California. Apparently, the group targeted a vulnerability in a file transfer product run by Accellion to gain access to the victim’s systems and lock them down.
Governments around the world have been under pressure for months due to the global rise in cyber attacks. There are few regulations around criminal cyber activity and data privacy. There are too few regulations around the kind of data that companies are allowed to store and use. There are too many loop holes for threat actors to wiggle their way through to avoid repercussions. It’s incredibly time consuming and expensive to track down cyber criminals, too much red tape and an inability for communication to flow freely. Which is why US President Joe Biden signed an executive order regarding ransomware and those who not only perpetuate the problem but are actively complacent.
This is a huge step in the right direction for national governments. One of the biggest reasons cyber criminals continue their activities is because of the lack of repercussions. Not only do current penalties not do enough to deter criminal activity, but the resources it takes to find and prove guilt in a court of law is costly. So there’s been this huge increase in attacks for two major reasons: One, the inability to catch/prove guilt due to lack of resources, and two, the coronavirus pandemic forced businesses into digital transformation, which created more endpoints and brought to light previously unknown vulnerabilities.
The Ukrainian police said it conducted 21 searches with video footage showing raids in seemingly wealthy areas. They searched homes and cars, seizing computer equipment, property and the equivalent of around $185,000. It also said that it “managed to shut down” some of the group’s digital infrastructure. It is not known whether the arrested members are core members of C10p or if they are affiliates, but if found guilty, they face eight years in prison.
Now, you might say, “Eight years in prison is a long time, that’s not enough of a deterrent?” No, no it isn’t. At least, not in the US. Sentences handed out by judges always have clauses for methods of early release. And that’s if there’s even enough evidence that’s factual (read: not circumstantial) to convict. Remember, this is only in reference to the US. Laws in other countries are very different. Regardless of those differences, the punishments are clearly not enough to deter criminal activity.
Still, even if the C10p members are affiliates and not core members, this is a big win for law enforcement. Ukraine may have done it first, but they won’t be the last and they didn’t do it alone. It took the collaboration of international governments to make this happen. This is what it’s going to take moving forward, better communication and information sharing to solve a problem. This is a global problem, and it’s going to take a global effort to stop it.