Questions concerning responsibility for the current epidemic of ransomware events are common, and seek to identify some concrete party to hold accountable for incidents. Yet the immediate perpetrators – largely (but not exclusively) criminal gangs operating in Eastern Europe and Russia – either represent too remote an entity for blame, or remain inaccessible from any consequences for their behavior. The latter point is interesting, and gives rise to theories that state entities, especially Russian authorities, overlook the operations of these groups to further their own notionally disruptive ends.
As previously discussed, ransomware operations contain at least as many, if not more, risks for state entities as benefits. Yet we should not assume all authorities employ accurate or especially deep risk calculations. Therefore, irrespective of actual benefit, we are faced with the interface between criminal entities and state authorities. That state entities are involved in ransomware operations is beyond doubt – such has been strongly suggested if not proven in cases like ColdLock, more recent Exchange exploitation, and the WannaCry event, and reasonably considered in cases such as the LockerGoga incident at Norsk Hydro. Yet the question of state control or responsibility for such operations when conducted by criminals in permissive environments is more vexing.
Recent, in-depth reporting from Recorded Future implies that links between Russian criminal entities and state authorities are rather robust and derive from long-standing links between state intelligence services and criminal actors. The report is quite ..
Support the originator by clicking the read the rest link below.
