As ransomware attacks reach an all-time high, with 46% of them directed against American individuals and organizations, sanctions have become an important weapon for the government to fight back.
The US government imposed sanctions on Mikhail Mahteev — a Russian cybercriminal on the FBI’s most-wanted list.
Mahteev has been accused of being a “prolific ransomware affiliate” carrying out cyberattacks both in the US and abroad. The sanctioning of ransomware attackers is meant to protect victims from extortion, but it is a double-edged sword. Companies that pay ransom to sanctioned individuals and groups end up on the receiving end of the consequences.
The Downside of Sanctions
While it’s true that sanctions make it more difficult for cybercriminals to operate, they are far from being the perfect solution. A number of factors make it hard to effectively sanction ransomware groups, and there are still ways these groups can work around the sanctions. Besides, it’s ultimately the victims who face the consequences, which can range from hefty fines to criminal prosecution.
The tactic is meant to bar American victims from paying ransomware extortionists, but the only way it can be enforced is by penalizing victims who violate the sanctions.
A lot of ransomware actors like Mahteev are based in Russia — a country with a reputation for allowing hackers to operate freely, especially against Western targets.
There isn’t much the US government can do against such cybercriminals to enforce the sanctions effectively.
Besides, the way sanctions work makes them a less-than-ideal solution for tackling the ransomware threat, too. Imposed by the U.S.
Treasury’s Office of Foreign Assets Control (OFAC), these sanctions make it unlawful for individuals and businesses in the US to transact with sanctioned entities like Mahteev.
Experts also fear that such sanctions could potentially encourage opposite reactions. Victim organizations violating the sanctions by making ransomware payments to sanctioned entities or countries, even unknowingly, might not notify authorities of the incident out of fear of prosecution.
This would lead to a lot of ransomware attacks going unreported, which would only work in favor of cyber criminals.
[the consequences] should be enough to encourage victims not to pay, effectively taking funds away from the sanctioned individuals or groups.Crystal Morin, a cybersecurity strategist at cloud security firm Sysdig
Are the Sanctions Actually Working?
Ransomware groups have grown increasingly notorious in recent times, carrying out high-profile and large-scale attacks across the globe. The massive ransomware attack on Costa Rica by the Conti hacking group, which Mahteev reportedly shares ties with, sought a $20 million ransom and tried to overthrow the country’s government.
Many ransomware gangs are also rebranding or switching up their tactics to work around the imposed sanctions.
Mahteev has also claimed responsibility for an attack on the Washington DC police department in 2021 and has been accused of playing a major role in deploying the Hive, LockBit, and Babuk ransomware variants.
Mahteev, who lives in the Russian enclave of Kaliningrad, seems indifferent towards the sanctions. He even went on to say that he was happy about it because the sanctions would protect him from getting deported by Russia to face criminal charges in the US.
However, while the sanctions might seem ineffective, they do make it harder for cybercriminals to profit from ransomware attacks.
2023 has admittedly been the most profitable year for ransomware gangs, but that has more to do with the sheer rise in such attacks than the effectiveness of the sanctions.