While some claim prison is relatively safe for cybercriminals, others fear ransomware business might cost them their life.
Recent arrests of Revil ransomware affiliates in Russia caused shockwaves in the criminal underground. The arrests made many threat actors uneasy since many felt local authorities would turn a blind eye if victims of ransomware attacks were outside Russia.
A recent report by Digital Shadows’ Photon Research Team shows concerns about possible arrests and confiscation of property became a lot more common.
“Questions such as: ‘What will happen to my stuff if I get arrested for money laundering?’ or ‘How many years will I get for ransomware?’ are becoming increasingly common on cybercriminal forums,” reads the report.
Russian-language posts in underground forums discuss whether it’s better to be incarcerated in Russia or the US and what treatment ransomware affiliates can expect in prison.
Death or forced labor
While some claim that other prisoners in Russia either ignore or even respect cybercriminals, others are not so optimistic.
“If you’re so worried about this issue now, then make no mistake: if you end up [in prison], they will 100% kill you,” writes one of the forum users.
Another user said that the Russian prison mafia would force cybercriminals to work for them while in prison. The forced labor would likely continue even after the sentence is finished.
Another slightly less bleak scenario envisions a cybercriminal cooperating with prison authorities.
“If you let people know that you can make money rummaging through computers, they’ll give you a laptop and set you up in a separate cell with all the benefits,” a forum user explained.
However, prison officials would likely look for ways to extend the prisoner’s sentence to avoid losing a ‘hen that lays golden eggs.’
Illusion of choice
While US penitentiaries are considered less dangerous than Russian ones, forum users think the American legal system punishes cybercriminals with longer prison terms.
Some forum users pointed out that knowledge of English and US prison culture is a must if a cybercriminal wants to survive incarcerated in an American prison.
However, other forum users said it’s futile to discuss different prison systems as, in reality, there’s no choice in where a cybercriminal would serve time.
“These users sought to move the conversation towards improving operational security (OpSec) to avoid going to jail in the first place,” reads the report.
Many saw REvil members as too arrogant. Forum users said that REvil affiliates took too many risks with their OpSec, using vulnerable tools and sharing details of their crimes with family and friends.
Cyberattacks are increasing in scale, sophistication, and scope. The last 18 months were ripe with major high-profile cyberattacks, such as the SolarWinds hack, attacks against the Colonial Pipeline, meat processing company JBS, and software firm Kaseya.
The prevalence of ransomware has forced governments to take multilateral action against the threat. It’s likely a combined effort allowed to push the infamous REvil and BlackMatter cartels offline and arrest the Cl0p ransomware cartel members.
Gangs, however, either rebrand or form new groups. Most recently, LockBit 2.0 was the most active ransomware group with a whopping list of 203 victims in Q3 of 2021 alone.
More from CyberNews:
Subscribe to our newsletter