www.wsj.com
Open in
urlscan Pro
2600:9000:21f3:ba00:3:4b0:de80:93a1
Public Scan
Submitted URL: http://url9274.cyberheistnews.com/ls/click?upn=Uamt9mHsVnKn91os22RmxKhZ1Mj-2FHyLt46jPDKxRP3ZAtNYid89UVmVpXakoD9FJHLAuDDUsnbOs5RaGV...
Effective URL: https://www.wsj.com/articles/russia-linked-ransomware-groups-are-changing-tactics-to-dodge-crackdowns-11654178400
Submission: On June 07 via api from US — Scanned from DE
Effective URL: https://www.wsj.com/articles/russia-linked-ransomware-groups-are-changing-tactics-to-dodge-crackdowns-11654178400
Submission: On June 07 via api from US — Scanned from DE
Form analysis 1 forms found in the DOM
#
<form action="#" class="style--search-form-hI0pb2JfplZrewKUN--51 " role="search"><input id="searchInput" class="style--wsj-search-input-GNMy8Q5kg9IYwJKXYfIMm " placeholder="Enter News, Quotes, Companies or Videos" type="search"
aria-label="Search the Wall Street Journal" tabindex="-1"><button class="style--search-submit-2EFgMYmHzRT8YBR7BYrV6G " aria-label="Submit Button" value="Search" type="submit" tabindex="-1">Search <svg width="24" height="24" viewBox="0 0 24 24">
<defs>
<path id="search-medium_svg__a" d="M10.5 2a7.5 7.5 0 015.645 12.438l5.365 5.365-.707.707-5.365-5.365A7.5 7.5 0 1110.5 2zm0 1a6.5 6.5 0 100 13 6.5 6.5 0 000-13z"></path>
</defs>
<use fill="currentColor" fill-rule="evenodd" xlink:href="#search-medium_svg__a"></use>
</svg></button></form>Text Content
Skip to Main ContentSkip to SearchSkip to...
Select
* Listen to Article
* What To Read Next
* Opinion Editor's Picks
* Sponsored Offers
* Most Popular News
* Most Popular Opinion
* Opinion Editor's Picks
* Recommended Videos
Dow Jones, a News Corp companyAbout WSJ
* News Corp is a global, diversified media and information services company
focused on creating and distributing authoritative and engaging content and
other products and services.
* Dow Jones
* Barron's
* BigCharts
* Dow Jones Businesses
* Dow Jones Newswires
* Factiva
* Financial News
* Mansion Global
* MarketWatch
* Newsmart
* NewsPlus
* Risk & Compliance
* WSJ Live
* WSJ Pro
* WSJ Video
* WSJ.com
* News Corp
* Avail
* Business Spectator
* HarperCollins Publishers
* Housing
* Makaan
* New York Post
* REA
* realtor.com
* Storyful
* The Australian
* The Sun
* The Times
*
DJIA33070.48 points with a0.47%▲
S&P 5004147.98 points with a0.64%▲
Nasdaq12142.80 points with a0.68%▲
U.S. 10 Yr29/32 Yieldwith a2.963%▲
Crude Oil119.04 points with a0.46%▲
Euro1.0709 points with a0.15%▲
The Wall Street Journal
SubscribeSign In
Special Offer
The Wall Street Journal
€2 per Month for 1 Year
Get the insights and analysis trusted by key decision-makers around the world.
Become a WSJ Member Today
View Membership Options
English Edition
* English
* 中文 (Chinese)
* 日本語 (Japanese)
Print Edition
Video
Podcasts
Latest Headlines
SubscribeSign In
* Home
* World
REGIONS
* Africa
* Asia
* Canada
* China
* Europe
* Latin America
* Middle East
SECTIONS
* Economy
MORE
* World Video
* U.S.
SECTIONS
* Economy
* Law
* Politics
MORE
* WSJ Noted.
* U.S. Video
* What's News Podcast
* Politics
SECTIONS
* Capital Journal
MORE
* Politics Video
COLUMNS
* Gerald Seib
* Washington Wire
* Economy
WSJ PRO
* Bankruptcy
* Central Banking
* Private Equity
* Strategic Intelligence
* Venture Capital
MORE
* Economic Forecasting Survey
* Economy Video
SECTIONS
* Capital Account
* Business
SECTIONS
* Management
* The Future of Everything
* Obituaries
* Tech/WSJ.D
INDUSTRIES
* Aerospace & Defense
* Autos & Transportation
* Commercial Real Estate
* Consumer Products
* Energy
* Entrepreneurship
* Financial Services
* Food & Services
* Health Care
* Hospitality
* Law
* Manufacturing
* Media & Marketing
* Natural Resources
* Retail
C-SUITE
* CFO Journal
* CIO Journal
* CMO Today
* Logistics Report
* Risk & Compliance
* The Workplace Report
COLUMNS
* Heard on the Street
WSJ PRO
* Bankruptcy
* Central Banking
* Cybersecurity
* Private Equity
* Sustainable Business
* Venture Capital
MORE
* Business Video
* Journal Report
* Business Podcast
* Space & Science
* Tech
SECTIONS
* CIO Journal
* The Future of Everything
* Personal Tech
COLUMNS
* Christopher Mims
* Joanna Stern
* Julie Jargon
* Nicole Nguyen
MORE
* Tech Video
* Tech Podcast
* Markets
SECTIONS
* Bonds
* Commercial Real Estate
* Commodities & Futures
* Stocks
* Personal Finance
* WSJ Money
* Streetwise
* Intelligent Investor
COLUMNS
* Heard on the Street
* Greg Ip
* Jason Zweig
* Laura Saunders
* James Mackintosh
MARKET DATA
* Market Data Home
* U.S. Stocks
* Currencies
* Companies
* Commodities
* Bonds & Rates
* Mutual Funds & ETFs
MORE
* CFO Journal
* Markets Video
* Your Money Briefing Podcast
* Secrets of Wealthy Women Podcast
Search Quotes and Companies
* Opinion
COLUMNISTS
* Gerard Baker
* Sadanand Dhume
* James Freeman
* William A. Galston
* Daniel Henninger
* Holman W. Jenkins
* Andy Kessler
* William McGurn
* Walter Russell Mead
* Peggy Noonan
* Mary Anastasia O'Grady
* Jason Riley
* Joseph Sternberg
* Kimberley A. Strassel
MORE
* Editorials
* Commentary
* Future View
* Letters to the Editor
* The Weekend Interview
* Potomac Watch Podcast
* Foreign Edition Podcast
* Free Expression Podcast
* Opinion Video
* Notable & Quotable
* Books & Arts
REVIEWS
* Film
* Television
* Theater
* Masterpiece Series
* Music
* Dance
* Opera
* Exhibition
* Cultural Commentary
SECTIONS
* Arts
* Books
MORE
* WSJ Puzzles
* Life Video
* Arts Video
* Real Estate
SECTIONS
* Commercial Real Estate
MORE
* Real Estate Video
* Life & Work
SECTIONS
* Cars
* Careers
* Food & Drink
* Home & Design
* Ideas
* Personal Finance
* Recipes
* Travel
* Wellness
COLUMNS
* Your Health
* Work & Life
* The Middle Seat
* Bonds
* At Work
* Turning Points
* On Wine
* On The Clock
MORE
* WSJ Puzzles
* Space & Science
* Style
SECTIONS
* Fashion
* Film
* Television
* Music
* Arts & Auctions
COLUMNS
* My Monday Morning
* Off Brand
* On Trend
* Sports
SECTIONS
* Beijing 2022 Olympics
* MLB
* NBA
* NFL
* Golf
* Tennis
* Soccer
COLUMNS
* Jason Gay
Search
* Home
* World
REGIONS
* Africa
* Asia
* Canada
* China
* Europe
* Latin America
* Middle East
SECTIONS
* Economy
MORE
* World Video
* U.S.
SECTIONS
* Economy
* Law
* Politics
MORE
* WSJ Noted.
* U.S. Video
* What's News Podcast
* Politics
SECTIONS
* Capital Journal
MORE
* Politics Video
COLUMNS
* Gerald Seib
* Washington Wire
* Economy
WSJ PRO
* Bankruptcy
* Central Banking
* Private Equity
* Strategic Intelligence
* Venture Capital
MORE
* Economic Forecasting Survey
* Economy Video
SECTIONS
* Capital Account
* Business
SECTIONS
* Management
* The Future of Everything
* Obituaries
* Tech/WSJ.D
INDUSTRIES
* Aerospace & Defense
* Autos & Transportation
* Commercial Real Estate
* Consumer Products
* Energy
* Entrepreneurship
* Financial Services
* Food & Services
* Health Care
* Hospitality
* Law
* Manufacturing
* Media & Marketing
* Natural Resources
* Retail
C-SUITE
* CFO Journal
* CIO Journal
* CMO Today
* Logistics Report
* Risk & Compliance
* The Workplace Report
COLUMNS
* Heard on the Street
WSJ PRO
* Bankruptcy
* Central Banking
* Cybersecurity
* Private Equity
* Sustainable Business
* Venture Capital
MORE
* Business Video
* Journal Report
* Business Podcast
* Space & Science
* Tech
SECTIONS
* CIO Journal
* The Future of Everything
* Personal Tech
COLUMNS
* Christopher Mims
* Joanna Stern
* Julie Jargon
* Nicole Nguyen
MORE
* Tech Video
* Tech Podcast
* Markets
SECTIONS
* Bonds
* Commercial Real Estate
* Commodities & Futures
* Stocks
* Personal Finance
* WSJ Money
* Streetwise
* Intelligent Investor
COLUMNS
* Heard on the Street
* Greg Ip
* Jason Zweig
* Laura Saunders
* James Mackintosh
MARKET DATA
* Market Data Home
* U.S. Stocks
* Currencies
* Companies
* Commodities
* Bonds & Rates
* Mutual Funds & ETFs
MORE
* CFO Journal
* Markets Video
* Your Money Briefing Podcast
* Secrets of Wealthy Women Podcast
Search Quotes and Companies
* Opinion
COLUMNISTS
* Gerard Baker
* Sadanand Dhume
* James Freeman
* William A. Galston
* Daniel Henninger
* Holman W. Jenkins
* Andy Kessler
* William McGurn
* Walter Russell Mead
* Peggy Noonan
* Mary Anastasia O'Grady
* Jason Riley
* Joseph Sternberg
* Kimberley A. Strassel
MORE
* Editorials
* Commentary
* Future View
* Letters to the Editor
* The Weekend Interview
* Potomac Watch Podcast
* Foreign Edition Podcast
* Free Expression Podcast
* Opinion Video
* Notable & Quotable
* Books & Arts
REVIEWS
* Film
* Television
* Theater
* Masterpiece Series
* Music
* Dance
* Opera
* Exhibition
* Cultural Commentary
SECTIONS
* Arts
* Books
MORE
* WSJ Puzzles
* Life Video
* Arts Video
* Real Estate
SECTIONS
* Commercial Real Estate
MORE
* Real Estate Video
* Life & Work
SECTIONS
* Cars
* Careers
* Food & Drink
* Home & Design
* Ideas
* Personal Finance
* Recipes
* Travel
* Wellness
COLUMNS
* Your Health
* Work & Life
* The Middle Seat
* Bonds
* At Work
* Turning Points
* On Wine
* On The Clock
MORE
* WSJ Puzzles
* Space & Science
* Style
SECTIONS
* Fashion
* Film
* Television
* Music
* Arts & Auctions
COLUMNS
* My Monday Morning
* Off Brand
* On Trend
* Sports
SECTIONS
* Beijing 2022 Olympics
* MLB
* NBA
* NFL
* Golf
* Tennis
* Soccer
COLUMNS
* Jason Gay
Search
Search
https://www.wsj.com/articles/russia-linked-ransomware-groups-are-changing-tactics-to-dodge-crackdowns-11654178400
Share
* Facebook
* Twitter
* LinkedIn
* Copy Link
* Pro Cyber News
RUSSIA-LINKED RANSOMWARE GROUPS ARE CHANGING TACTICS TO DODGE CRACKDOWNS
GANGS ARE SPLITTING INTO SMALLER CELLS AND USING DIFFERENT MALWARE TO OBSCURE
THEIR IDENTITIES AND EVADE SANCTIONS, RESEARCHERS SAY
RECENT CHANGES IN TACTICS HAVE HELPED SOME LOOSELY CONNECTED CRIMINAL GROUPS
EXTEND LUCRATIVE HACKING SPREES.
Photo: Thomas Trutschel/Photothek/Getty Images
By
David Uberti
Updated June 2, 2022 12:05 pm ET
Print
Text
Your browser does not support the audio tag.
Listen to article
Length (5 minutes)
AD
Loading advertisement...
00:00 / 05:24
1x
This article is in your queue.
Open Queue
Russia-linked ransomware groups are splitting into smaller cells or cycling
through different types of malware in attempts to evade a growing array of U.S.
sanctions and law-enforcement pressure, cybersecurity experts say.
After the U.S. in 2019 put sanctions on a Russia-based group known as Evil Corp,
which Washington accused of stealing over $100 million from more than 300 banks,
hackers believed to be affiliated with the gang switched its operating model,
according to a report published Thursday by security firm Mandiant Inc. The
individuals ditched Evil Corp’s bespoke malware and rotated between several
related variants, ultimately renting access to ransomware produced by another
group.
--------------------------------------------------------------------------------
NEWSLETTER SIGN-UP
WSJ PRO CYBERSECURITY
Cybersecurity news, analysis and insights from WSJ's global team of reporters
and editors.
PREVIEW
SUBSCRIBE
--------------------------------------------------------------------------------
Hackers’ attempts to obscure their identity could make it more difficult for
victims to know whether they are complying with rules prohibiting ransom
payments to sanctioned entities. These changes in tactics have helped some
loosely connected criminal groups extend lucrative hacking sprees that have
disrupted energy companies, manufacturers and other firms in recent years,
cybersecurity experts say. Fourteen of the 16 critical infrastructure sectors in
the U.S. were hit with ransomware last year, according to the Federal Bureau of
Investigation.
Washington advises companies not to pay ransoms but urges those that do to
report them to authorities, including the Treasury’s Office of Foreign Assets
Control, which oversees sanctions.
“That way, they may avail themselves of OFAC’s significant mitigation related to
its enforcement matters and receive voluntary self-disclosure credit in the
event a sanctions nexus is later determined,” a Treasury spokesperson said.
In a speech Wednesday at the Boston Conference on Cyber Security, FBI Director
Christopher Wray said U.S. officials are “running at full tilt against Russian
cyber threats” by disrupting hacking groups and warning targets of imminent
threats.
The task is more difficult given the sometimes extensive overlap between
criminal ransomware and state-backed hacking efforts, he said. The Russian
government has denied such hacking claims.
Your browser does not support the audio tag.
Tech News Briefing
Ransomware Groups Break Up Into Smaller Cells to Skirt Sanctions
Hacking groups with ties to Russia are changing their approach to cyber attacks
amid an increase in sanctions and pressure from U.S. law enforcement. WSJ Pro
Cybersecurity reporter David Uberti joins host Zoe Thomas to discuss why the
change in strategy is making it hard for hacking victims and Washington to say
who is behind the attacks and how to stop them.
AD
Loading advertisement...
00:00
1x
Subscribe
Apple Podcasts
Google Podcasts
Spotify
iHeartRadio
TuneIn
Stitcher
RSS
Amazon Alexa
“One key question for us today is: When do criminal actors become agents of
their host nation?” Mr. Wray said. “Does money have to change hands, or is
publicly pledging support to a foreign government enough?”
In incidents that paralyze companies’ operations and leave victims with no
option but to pay ransoms, “there’s a case to be made for not really wanting to
know,” said Kimberly Goody, director of cybercrime analysis at Mandiant.
After the Treasury’s 2019 sanctions on Evil Corp, the quick succession of
changes by hackers affiliated with the group suggest they were having trouble
culling payments from victims who were attempting to comply with sanctions,
according to Mandiant.
The hackers made a more fundamental change last year, Ms. Goody said. Rather
than design and update their own malware, they began to launch attacks using
rented ransomware, specifically a strain known as LockBit, she said.
This shift likely cut profit margins for Evil Corp-affiliated hackers, Ms. Goody
said. But it also obscured the hackers’ identities at the point of attack,
throwing off investigators and sanctions-compliant victim companies.
“It meant the difference between receiving some money and receiving no money in
probably a lot of cases,” Ms. Goody said.
U.S. officials over the past year have issued regulations to shore up
cybersecurity at critical infrastructure businesses and expanded investigative
capabilities intended to derail ransomware groups. The Treasury Department has
placed sanctions on hackers, their virtual wallets and cryptocurrency exchanges
used to move illicit funds.
FBI DIRECTOR CHRISTOPHER WRAY DELIVERS THE KEYNOTE ADDRESS AT THE SIXTH ANNUAL
BOSTON CONFERENCE ON CYBER SECURITY.
Photo: cj gunther/Shutterstock
Russia’s war in Ukraine has added complexity for companies trying to keep up
with such efforts.
In February, a day after Russian tanks crossed into Ukrainian territory, a
ransomware group known as Conti pledged loyalty to the Kremlin on a public
website where it typically posts data stolen from victims. People claiming to
represent Conti quickly walked back the comment on the site in a move some cyber
experts saw as an attempt to avoid becoming ensnared in a growing web of Western
sanctions.
Days later, an anonymous pro-Ukraine researcher revealed the group’s inner
workings by infiltrating its servers and leaking 200,000 internal messages.
The Conti group now faces increased U.S. pressure. After Conti hackers launched
a ransomware attack on the Costa Rican government in April, the U.S. State
Department offered $15 million for information leading to the arrest of Conti
leaders or co-conspirators.
Some hackers have moved away from such large ransomware groups and into smaller
cells that rotate through different types of malware, said Allan Liska, a senior
solutions architect at Recorded Future. The cybersecurity firm has observed 60
new ransomware strains used in attacks over the past six months, Mr. Liska said.
The fragmentation hasn’t corresponded with any decrease in ransomware attacks,
Mr. Liska said, adding that hackers increasingly have trained their sights on
midsize companies such as auto dealerships.
Hackers “are not so skittish that they want to stop ransomware,” he added.
Write to David Uberti at david.uberti@wsj.com
Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved.
87990cbe856818d5eddac44c7b1cdeb8
Appeared in the June 3, 2022, print edition as 'Russian Hackers Change Tactics.'
Sponsored Offers
* Wayfair:
Up to 15% off + free shipping at Wayfair
* Target:
Up to 60% off - Target Promo Code
* Macy's:
Macy's coupon - Sign up to get 25% off next order
* Kohl's:
Kohl's coupon - 30% off sitewide for Rewards members
* Saks Fifth Avenue:
$20 off sitewide + free shipping - Saks Fifth Avenue coupon
* PrettyLittleThing:
Sign up for emails and get 20% off PrettyLittleThing discount code + $1
shipping
MOST POPULAR NEWS
* CHERNOBYL WORKERS PICK UP THE PIECES AFTER RUSSIAN OCCUPATION
* PROUD BOYS EX-LEADER CHARGED WITH SEDITIOUS CONSPIRACY
* HIGHFLYING TIGER GLOBAL HUMBLED BY UNRAVELING OF GIANT TECH BET
* SEC CLOSES IN ON RULES THAT COULD SHIFT STOCK MARKET
* TWITTER FACES PROBE IN TEXAS OVER BOTS AS MUSK THREATENS TO PULL OUT OF DEAL
MOST POPULAR OPINION
* OPINION: WHY I QUIT GEORGETOWN
* OPINION: DESANTIS HARPOONS THE TAMPA BAY RAYS
* OPINION: THE GEORGETOWN LAW SCHOOL PURGE
* OPINION: BIDEN’S GREEN-ENERGY INDUSTRIAL POLICY
* OPINION: CANNABIS AND THE VIOLENT CRIME SURGE
RECOMMENDED VIDEOS
* WHAT IT TAKES FOR A BEAR MARKET TO TURN AROUND
* ILLINOIS BRACES FOR SURGE IN ABORTION PATIENTS AS COURT WEIGHS ROE V. WADE
* WATCH HARRY AND MEGHAN ARRIVE FOR PLATINUM JUBILEE SERVICE AT ST. PAUL’S
CATHEDRAL
* WATCH: VP HARRIS ANNOUNCES LOAN CANCELLATION FOR CORINTHIAN COLLEGES STUDENTS
* WATCH: YELLEN EXPECTS INFLATION TO REMAIN ELEVATED
* The Wall Street Journal
*
English Edition
* English
* 中文 (Chinese)
* 日本語 (Japanese)
* * Subscribe Now
* Sign In
* Back to Top «
WSJ Membership
* WSJ+ Membership Benefits
* Subscription Options
* Why Subscribe?
* Corporate Subscriptions
* Professor Journal
* Student Journal
* WSJ High School Program
* Public Library Program
* WSJ Live
Customer Service
* Customer Center
* Contact Us
Tools & Features
* Newsletters & Alerts
* Guides
* Topics
* My News
* RSS Feeds
* Video Center
* Watchlist
* Podcasts
* Visual Stories
Ads
* Advertise
* Commercial Real Estate Ads
* Place a Classified Ad
* Sell Your Business
* Sell Your Home
* Recruitment & Career Ads
* Coupons
* Digital Self Service
More
* About Us
* Commercial Partnerships
* Content Partnerships
* Corrections
* Jobs at WSJ
* News Archive
* Register for Free
* Reprints & Licensing
* Buy Issues
* WSJ Shop
* Facebook
* Twitter
* Instagram
* YouTube
* Podcasts
* Snapchat
* Google Play
* App Store
Dow Jones Products
* Barron's
* BigCharts
* Dow Jones Newswires
* Factiva
* Financial News
* Mansion Global
* MarketWatch
* Risk & Compliance
* WSJ Pro
* WSJ Video
* WSJ Wine
* Privacy Notice
* Cookie Notice
* Copyright Policy
* Data Policy
* Subscriber Agreement & Terms of Use
* Your Ad Choices
* Accessibility
* Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved.
Copyright © 2022 Dow Jones & Company, Inc. All Rights Reserved