Cyber chronicle, 26.02.2024, 11:58 AM
Russian authorities have identified and arrested three members of the SugarLocker ransomware gang. The group operates under the guise of a legitimate technology company called Shtazi-IT, which offers website development services, mobile applications and online stores, according to a report by FACCT, a Russian company involved in the investigation.
However, some cyber security experts believe that the timing of the arrest is not coincidental as it coincided with international operation against the LockBit ransomware gang and that the arrests of cybercriminals in Russia could be a PR attempt by the Russian authorities to show that they too can make arrests.
The SugarLocker ransomware emerged in 2021 as ransomware-as-a-service, a business model for cybercriminals who offer malware for a fee or a share of the ransom charged to victims by ransomware buyers.
Specifically, SugarLocker claims 30% of customers' profits, or 10% if profits exceed $5 million.
Since its inception, SugarLocker has pledged not to attack Eastern European countries, except for the Baltic states and Poland. The group does not have a dedicated website like similar groups that publish the names of victims and stolen data on their websites, so it is not known who their victims are.
SugarLocker affiliates are motivated solely by financial interests.
“It's just a job. We absolutely don't care about you and your contracts, except for getting benefits,” reads the buyout message. “If you don't want to cooperate with us, it doesn't matter to us. But you will lose your time and data.”
The person who announced the launch of the malware in 2021 on the darknet forum RAMP used the username “Gustave Dora”, which was also used by Russian citizen Alexander Ermakov, who was sanctioned by Australia, the UK and the US in January for his alleged involvement in an attack on Australian health insurance Medibank 2022 Ermakov is believed to be part of the infamous Russian group REvil, one of the most active ransomware gangs.
When police searched the homes of SugarLocker members, they reportedly found laptops, cell phones, correspondence and other digital evidence of illegal activity. The detained members have the nicknames blade_runner, GustaveDore and JimJones. They have already been charged with creating, using and distributing malware. If found guilty, they could face up to four years in prison. The investigation is still ongoing.
Photo: Random Institute / Unsplash