Wheels of cyberjustice slowly crank

Cybercriminals for decades have counted on their ability to remain anonymous to pursue illicit careers that enable them to engage in everything from reselling stolen data to outright extortion. However, as law enforcement agencies and third-party research organizations continue to improve their investigative skills, that veil of anonymity that cybercriminals count on is starting to slowly drop.

The U.S. Department of Justice (DoJ), for example, has been able to hack into a network operated by a cybercriminal gang known as Hive that is credited with launching more than 1,500 ransomware attacks in more than 80 countries that generated more than $100 million in payments. The DoJ announced that in coordination with the German Federal Criminal Police and Reutlingen Police Headquarters-CID Esslingen and the Netherlands National High Tech Crime Unit, it has seized control of the servers and websites that cybercriminals used to communicate with one another.

It was also revealed that since infiltrating the Hive network last July, the FBI in the U.S. has provided more than 300 decryption keys to Hive victims who were under attack in addition to distributing more than 1,000 additional decryption keys to previous Hive victims.

The DoJ has yet to arrest anyone affiliated with the Hive ransomware network, but another investigation illustrates how much progress when it comes to identifying cybercriminals is being made. After a 16-month investigation, industry researchers claim to have been able to identify the mastermind behind a malware-as-a-service platform known as Golden Chickens, also known as Venom Spider, that is behind cyberattacks that are estimated to have cause $1.5 billion in financial losses. No arrests have been made yet, but researchers claim they have been able to discover the mastermind’s birthdate, home address, the names of his parents and siblings, names of friends, his hobbies, social media accounts, and one of his side businesses.

In both cases, cybercriminals are clearly leaving a digital trail that can be followed. There may not yet be enough evidence to arrest some of these cybercriminals, but it’s apparent that cybercriminals are starting to feel the proverbial heat. A big reason this is starting to happen is that victims of these criminals are starting to come forward. Rather than keeping quiet, victims are providing law enforcement agencies and researchers with information that can then be used to, at the very least, identify perpetrators. Once identified, it’s usually just a matter of time before one misstep or another lead to an arrest.

Of course, identifying cybercriminals requires painstaking effort. The FBI is asking more victims of cyberattacks to come forward to aid their inquiries. Regardless of whether the ransom was paid, the need to identify perpetrators and, just as critically, gain access to decryption keys should outweigh any sense of ransomware shaming. In fact, the need to investigate these criminals is one reason more Federal and state agencies are looking to require organizations to report ransomware payments.

The wheels of justice have always turned far slower than many victims would like, but progress is being made. It just requires a level of forbearance and patience that, unfortunately, many victims still lack.