Inside a Russian ransomware gang


Ransomware attacks allow well-educated individuals to make a lot of money very, very quickly – Ted Miracco.

Russian hackers are everywhere, and they attack everything. No one is safe, whether it’s companies, infrastructure, or politicians.

Despite all the tales of Russian hackers destroying everything around them, it’s difficult to tell how they hack, who they work for, and most importantly, who they are.

ADVERTISEMENT

Attackers hide behind aliases and carefully crafted masks to evade authorities and continue on their quest. To understand these unknown Russian hackers, we need to get into the mind of one.

While we can’t truly know what a Russian threat actor truly thinks, from our extensive research of the topic, we’ve accumulated information about and pieced it together to create a Frankenstein monster of hackers.

Although the hacktivist in this story isn’t real, it gives us a glimpse into the mind of a Russian hacker, what motivates them, and how they operate.

This is the second installment of a three-part series in which we delve into what a Russian hacker might look, sound, and act like if we met them in the wild.

So, we have another fictional fellow for you to indulge in: Meet Peter.

Example 2: Peter

Although they might seem worlds apart, Leonid and Peter actually live in the same apartment block – but they don’t know each other, despite their shared pastime.

Peter is thirty years old and jobless (officially). He’s not cut out for office life. Being a desk drone drove Peter insane, it also wasn’t cutting it financially.

ADVERTISEMENT

“You’re smart but lazy,” Peter’s teachers would say back in his schooling years.

But when something hooks him, he can’t seem to get enough.

That’s how he got hooked on hacking – he found something that could support him financially and that he became solely obsessed with.

Well, some might not call it “hacking” in its pure form. Instead, it’s more like hacking by proxy.

You see, Peter’s job is simple. He just has to convince someone to make an error in judgment, click a link, and then download a small, inconspicuous file.

He does this by foraging for leaked credentials – emails, passwords, nicknames, anything he can use against his victims.

Then he stuffs them into all manner of login pages, looking for a match, and bingo!

Peter then lets that account do the rest, sending the little file to all the friends or followers in that victim’s account. Most of the process is automated, and he doesn’t really understand what’s happening, but it works nonetheless.

You might be wondering, what’s the file? Well, it’s a simple file – so simple a child could navigate it. Inside, it contains something malicious. It’s ransomware.

Ransomware etiquette

ADVERTISEMENT

Peter first joined the gang a few years ago. He got lucky and scored a couple of good “jobs” that allowed him to indulge in all the items he wanted, allowing him to live like a king.

However, Peter would be left chasing that dragon, as he never got so lucky again. Jobs come and go, and much like the office job that Peter so despises, there are highs and lows.

Yet, some things worry Peter, perhaps even keep him up at night. There are just some things you don’t do if you’re in a ransomware gang.

The one and only rule:

  • You don’t cross the line

Knowing your targets is paramount when you’re part of a ransomware gang. If you hit the wrong person, you’re in a world of trouble.

All those living in Russia and “friendly” countries are absolutely off-limits.

Luckily for the smart but lazy Peter, most of his processes are automated, which means that the malware he deploys detects the language settings of the victim’s device and doesn’t infect the system if the language selected is Russian.

But accidents can happen. And if a Russian device is infected, Peter’s in trouble.

This has happened to Peter before. His bosses had to employ a team of “real hackers” and talk to the victim to mitigate the issue.

ADVERTISEMENT

Peter suffered from that and doesn’t want history to repeat itself.

Ransomware renegades must pay

If you’re somewhat of a ransomware renegade, if you cross that fat red line, then what happens is simple.

The best-case scenario. You lose your business and can forget about joining any other ransomware gang.

Those who repeatedly cross the line can expect a visit from local thugs, not in cyberspace, but right on your front doorstep.

It’s the price you have to pay.

The worst-case scenario. You get hit with the law.

Peter hasn’t seen anyone get arrested, but he’s seen them paraded on the news like livestock at a cattle fair.

To avoid this scenario, Peter lives by one rule – don’t attack your own family.

So, he picks his battles carefully. He looks to the West for that.

ADVERTISEMENT

But despite his shortcomings, our fictional friend has big aspirations. He’s seen hackers get rich without even breaking a sweat. Peter hopes he will stumble on a job that makes him millions.

Meanwhile, he is broke and has just enough money for a packet of cigarettes. So he takes a break, and as he leaves his apartment, he notices his neighbor's door is ajar.

He has never met that neighbor before and wonders what they do for a living. They seem to have nice things, furniture, and a warm and calm atmosphere. A sense of stability wafts from the neighbor's apartment.

Funnily enough, if Peter doesn’t do his job right, that door might be swung wide open, and he’ll be confronted with the stranger inside the apartment…

But you’ll have to find out who’s behind the door in the next installment of ‘Why so many hackers are Russian.’