Analysis: Root Cause of Most Security Incidents Traced to Unpatched Firewalls
There is a certain poetic justice in a cybersecurity-related story that has emerged from Moscow this week: A man has been accused of trying to extort money… from a notorious Russian ransomware gang.
Conti, one of the world’s most infamous cybercriminal operations, was allegedly the victim of an attempted scam by someone pretending to be an officer of Russia’s Federal Security Service (FSB).
According to a report by Russian news outlet RBC, a Moscow resident named Ruslan Satuchin allegedly contacted a member of the Conti cybercriminal group in September 2022, and claimed to have influence over law enforcement’s investigation into the gang.
Satuchin is alleged to have made a simple offer to Conti: pay up, or face criminal consequences. The irony that a ransomware group with a history of extorting money from hacked organisations was itself being extorted is surely not lost on anybody.
Satuchin has denied any wrongdoing, and he is reportedly being held in pre-trial detention in Moscow after police argued successfully that he should remain in custody to avoid the possibility of witness intimidation.
If convicted, Satuchin faces up to ten years in prison and a fine of up to one million rubles (approximately US $13,000)
At its peak, Conti was a professional cybercriminal enterprise, earning eye-watering amounts of money by blackmailing organisations including governments, businesses, and hospitals worldwide.
The Irish Health Service Executive alone estimated recovery costs from a Conti attack in 2021 at over US $600 million after it was hit in 2021.
The inner workings of the Conti group were revealed in 2022 when a pro-Ukraine researcher published tens of thousands of the gang’s leaked chat logs, source code, and infrastructure documents. That data reinforced long-standing suspicions that the Conti group deliberately avoided Russian targets, and aligned itself with the interests of the Kremlin.
Which makes the idea of someone impersonating an FSB officer to shake them down all the more remarkable. You’d need extraordinary nerve — or extraordinary naivety — to try blackmailing a criminal organisation that many believed enjoyed protection from the Russian state.
After the leak, Conti largely collapsed – although individuals associated with the wider network are thought to have moved to other ransomware operations including Royal, Black Basta, and Akira.
In 2023, sanctions brought by the United States and UK formally named key members linked to Conti.
Conti’s victims paid a heavy price for the gang’s activities. It is, at least, mildly satisfying to learn that even ransomware gangs occasionally find themselves on the receiving end of someone else’s scheme.
About Author
