JAKARTA - Warnings that pro-Russian ransomware gangs will attack networks in Ukraine and its allies have so far not materialized. In the current chaotic situation, criminals, who are often behind such attacks, do not carry out their actions because there is a fear that the insurance company will not pay compensation to the victim.
Conti, one of Russia's most notorious cybercrime groups known for using ransomware to extort millions of dollars from US and European companies, announced its "full support" for President Vladimir Putin's government last week. But that support was eventually rectified and they chose to be themselves after this gang also became a victim of the leak.
"We are not allied with any government and we condemn the ongoing war," the group said in a subsequent statement on its website.
A few hours later, a Twitter account called "ContiLeaks" appeared, and published what were said to be internal chat records of the criminal group.
According to Vitali Kremez, chief executive of Florida-based cybersecurity firm AdvIntel, and Alex Holden, founder of Wisconsin-based Hold Security, these secret chats were leaked by Ukrainian cybersecurity researchers. However, according to a Reuters report, the authenticity of the leak has not yet been verified.
Kremez and Holden said they were both in touch with the researcher but he did not want to speak to the media because he is still in Ukraine.
According to Kremez, researchers had access to the logs for some time, but the trigger for going public was Conti's decision to swear allegiance to Moscow when Russian troops invaded Ukraine. "He was offended by what they said," Kremez told Reuters.
In the months leading up to Putin's invasion of Ukraine, Western intelligence agencies warned of the chaos caused by the destructive "overflow" of any potential Russian cyberattack on Ukraine's national infrastructure.
Last month, Conti's group was implicated in high-profile attacks against KP Snacks, the maker of the popular British savory snack, and at least an oil storage company, leading to delays in some European oil shipments.
Insurance
To be sure, the chairman of the US Senate Intelligence Committee, Mark Warner, said the Russian hacking group identified by the United States as Team A had not been used in a major cyberattack since the invasion. "They don't appear to be activated," Warner told Reuters Monday, February 28.
On Sunday 27 February, a second infamous ransomware gang called LockBit, released a statement declaring their neutrality in the conflict with Ukraine. The gang is also believed by cybersecurity experts to have members in Russia.
"For us, this is just a business and we are all apolitical. We are only interested in money for our harmless and useful work," the group said on its website.
SEE ALSO:
"We will never, under any circumstances, take part in a cyberattack against the critical infrastructure of any country in the world or engage in any international conflict." One reason could be loopholes in cybersecurity insurance policies.
Industry experts and watchers say more sophisticated digital extortion gangs tend to focus on insured organizations because victims already have pay policies, which makes them less likely to bid for lower ransoms or refuse to pay.
But insurance policies usually have exceptions for what is described as "force majeure events" – such as the events of the wars between Russia and Ukraine.
"Legal precedents about what that actually means are still growing, but cyberattacks claimed by gangs allied to belligerent powers like Russia could easily fit into that category," said Holden of Hold Security.
"In ransomware attacks, most companies call their ransomware insurance companies," he said. "You can imagine that insurance companies would say, 'force majeure' or 'this is a case of war - we're not going to cover it'."
There are other reasons too. Many gangs are focused on just making money. Their membership is not interested in leaving Russia. They are wary not to attract the negative attention that comes with allying openly with a hostile nation. "Our government will start designating them as enemy fighters or terrorists," Holden said.
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)