"At the moment, we do not see a significant decrease in the number of ransomware attacks. As for REvil, they have not been active for several months anyway. At the same time, this situation may negatively affect Russian companies. Russian-speaking cybercriminals may attack them more actively", said Oleg Skulkin, head of Group-IB Computer Forensics Laboratory.
The company clarified that for a long time many Russian-speaking hackers "did not work in Russia and the CIS", as it was unsafe. However, over the past two years, attacks using ransomware in Russia and the CIS have become more frequent. And the detention of REvil can spur them on because after successful international operations they can forget about the unspoken prohibitions.
At the same time, the expert did not rule out that cybercriminals may temporarily have problems. "Of course, they may have difficulties with cashing out funds obtained illegally. Perhaps some of the partners will stop their activities for some time," Skulkin said.
After the detention of REvil, hacker gangs in Russia may hide or slightly reduce the intensity of attacks, but they will definitely not give up on them, says Pavel Korostelev, head of the product promotion department of the Security Code company.
"Now hackers will probably wait until the dust settles, but gangs don't have a single control center that says: 'Stop, no more attacks'. It's a way of making money, so there will always be people willing to take risks. If a business will get better, it won't be for long," the expert said.
Last week, a court in Moscow sent into custody eight alleged members of the hacker group REvil, which gained notoriety in the West after being accused of a massive cyberattack on American companies. The reason for their detention in Russia was an appeal from the United States.
