Russia’s Ransomware Takedown: Political Concession or Political Theater?

January 20, 2022 Updated: January 20, 2022

News Analysis

When President Joe Biden took office last year, ransomware was near the top of his list of issues to deal with when it comes to Russia.

And for good reason. For years, the U.S. government has accused the Kremlin of allowing ransomware hackers to operate in Russia with impunity—resulting in major attacks on U.S. infrastructure, including crippling hacks on Colonial Pipeline, IT developers Kaseya and SolarWinds, as well as global food supplier JBS.

So it came as a pleasant surprise to many observers when Russia’s FSB domestic intelligence service announced on Jan. 14 that it arrested and dismantled one of the country’s most prominent ransomware groups, REvil. The FSB said it did so at the request of the Biden administration, which, in turn, said it “welcomes” the news and credits diplomacy between the two nations.

However, the timing of Russia’s takedown has left cybersecurity experts perplexed. Why now, with Russian President Vladimir Putin amassing troops along Ukraine’s border, and with tensions between the countries at their highest in years?

Moreover, why did Russia’s takedown of REvil coincide with a Jan. 14 major cyberattack on Ukraine’s government?

Center for Security analysts Mike Waller and Andrei Illarionov say the arrests of REvil members could be a publicity stunt by the Russian government.

“My guess is that this is a Russian attempt to convince the United States that it’s sincere about something, when really this is a freebee for them,” Waller said. “These arrests cost Moscow nothing. What they do is get people in the West to think, ‘Great, look at how the Kremlin is cooperating with us on our concerns. Maybe we should go easy on them with some areas of their concern.’”

Illarionov, a former chief economic adviser to Putin, pointed out that the REvil network has been offline since July—days after Biden asked Putin to take action on the matter in a phone call.

“As soon as Putin received the request from Biden in July, within days, this group disappeared,” Illarionov told The Epoch Times. “The fact they made [arrests] three days ago—it’s not that something happened in January. It’s a public relations campaign.”

But some have proffered that the REvil gang went offline because they found out they were penetrated by Western intelligence agencies. Supporting this theory is that the FBI was conducting a joint cyber operation with other agencies against REvil at the time the gang went dark.

If that’s the case, then perhaps the arrests were a more sincere overture from the Russians—though Waller wouldn’t count on it.

“I would not take at face value anything we hear,” Waller told The Epoch Times. “Russian law enforcement doesn’t work the way it does here. People are arrested for any reason, and legitimate criminals are let go for certain reasons—mostly for theatrical effects.”

Some observers are skeptical that the REvil arrests will have any effect on Biden’s disposition toward Russia.

“Some smart folks have suggested that it was meant as a carrot—‘If you guys give us some slack and let us invade Ukraine, then we’ll help you with ransomware investigations and prosecutions in Russia,’ David Kris, the former head of the Department of Justice’s national security division, said Jan. 19 on the Cyberlaw Podcast.

“If that’s really what they think, it may have been a miscalculation. I find it hard to believe—as eager and enthusiastic as [the Biden administration is] to come after ransomware—that they’d soft-pedal our position on the geopolitical landscape.”

But Illarionov and Waller aren’t so sure.

Waller said the arrests may be enough to “placate weak characters” such as Biden, Secretary of State Antony Blinken, and CIA Director William Burns. Illarionov, for his part, said Biden sold Ukraine down the river by supporting the Minsk agreement struck in 2015, which provided concessions to separatists in the eastern Donbas region.

“The recent publication is just a PR campaign by FSB, just another public demonstration as to just how close relations are between Biden and Putin. The main game they’re trying to play right now is to force Ukraine to surrender to Russia and enter the Minsk agreement,” Illarionov said.

“Ukraine doesn’t want this because it’s destruction of sovereignty, but it’s not serious for Biden—which is why he joined ranks with Putin to push Ukraine into the Minsk agreement.

“It’s PR between Putin and Biden directly.”

Views expressed in this article are the opinions of the author and do not necessarily reflect the views of The Epoch Times.

Ken Silva
Ken Silva covers national security issues for The Epoch Times. His reporting background also includes cybersecurity, crime and offshore finance – including three years as a reporter in the British Virgin Islands and two years in the Cayman Islands. Contact him at ken.silva@epochtimes.us