Happy Nice Mall

MOSCOW — When cyber detectives tracked down the millions of dollars in which American companies, hospitals, and city governments paid ransom money to online hijackers, they made a striking discovery: At least some of them went through one of the most prestigious business addresses in Moscow.

The Biden administration also focused on the Federation Tower East, the tallest skyscraper in the Russian capital. The United States targeted several companies in the tower as it sought to punish Russian ransomware gangs that encrypt their victims’ digital data and then demand payment to decrypt it.

These payments are usually made in cryptocurrencies, i.e. virtual currencies such as Bitcoin, which gangs must then convert to standard currencies such as dollars, euros and rubles.

The emergence of this high-rise in Moscow’s financial district as an obvious center for this type of money laundering has convinced many security experts that Russian authorities tolerate ransomware operators. They point out that the targets were almost entirely outside Russia, and in at least one case documented in the US sanctions announcement, it was assisting a suspected Russian espionage agency.

“It says a lot,” said Dmitry Smilyanets, a threat intelligence specialist at Massachusetts-based cybersecurity firm Recorded Future. “Russian law enforcement often has an answer: ‘There is no open case in Russian jurisdiction. No victims. How do you expect us to sue these honorable people?”

Registered Future counted nearly 50 cryptocurrency exchanges in its assessment in Moscow City, a financial district of the capital, engaged in illegal activities. Other exchanges in the region are not suspected of accepting crime-related cryptocurrencies.

Cybercrime is just one of many problems fueling tensions between Russia and the United States, along with the Russian military build-up near Ukraine and the recent migrant crisis on the Belarus-Polish border.

The Treasury Department estimates that Americans have paid $1.6 billion in ransoms since 2011. Ryuk, a Russian ransomware strain, earned an estimated $162 million during the pandemic last year by encrypting the computer systems of American hospitals and charging fees for publishing the data. Chainalysis is a company that tracks cryptocurrency transactions.

The hospital attacks drew attention to the rapidly growing criminal ransomware industry, mainly located in Russia. In cryptocurrencies, criminal organizations have become more efficient and brazen, which can be owned anonymously, becoming a conveyor belt-like process of hacking, encryption, and then negotiating for ransom.

At a summit meeting in June, President Biden pressured Russian President Vladimir V. Putin to crack down on ransomware in the wake of a Russian gang DarkSide. Attacked a large gas pipeline on the East Coast, Colonial Pipeline, interrupting the supply at gas stations and creating lines.

American officials point to individuals like Maxim Yakubets, 34, with short hair cut, whom the United States describes as the leader of a major cybercrime operation calling himself Evil Corp. Cybersecurity analysts have linked his group to a slew of ransomware. attacks, including last year It targets the National Rifle Association. US sanctions statement He also accused Mr Yakubets of aiding the KGB’s main successor, the Russian Federal Security Service.

But after the State Department announced a $5 million reward for the information that led to his arrest, Mr. Yakubets seemed to do nothing more than show impunity in Russia: He was photographed driving in Moscow in a Lamborghini that was partially painted fluorescent yellow.

The cluster of dubious cryptocurrency exchanges in the Federation Tower East was first reported The article published by Bloomberg News last month further illustrates how the Russian ransomware industry is ostensibly hiding.

Standing on a bend in the Moscow River, the 97-storey glass-and-steel tall building stands within sight of many ministries in the financial district, including Russia. Ministry of Digital Development, Signals and Mass Media.

Two of the Biden administration’s most powerful actions to date targeting ransomware are linked to the tower. In September, the Treasury Department sanctioned a cryptocurrency exchange called Suex, which has offices on the 31st floor. He accused the company of laundering $160 million in illegal funds.

in an interview at that time, the founder of Suex, Vasily Zhabykin, denied any illegal activity.

And last month, Russian media outlets reported that Dutch police using a US extradition order detained Denis Dubnikov, who has an office on the 22nd floor of another company called EggChange. in a statement Published by one of his companies, Mr. Dubnikov denied that he had committed any misconduct.

Cybersecurity experts say that ransomware is attractive to criminals because the attacks occur mostly anonymously and online, minimizing the chances of getting caught. In Russia, it has become a rapidly spreading, highly segmented industry known by cybersecurity researchers as “ransomware as a service”.

The organizational structure mimics franchises like McDonald’s or Hertz, which lower barriers to entry and allow less sophisticated hackers to use established business practices to get into business. A few top gangs develop software to intimidate businesses and other targeted organizations and promote scary-sounding brands like DarkSide or Maze. Other groups, only loosely related, break into computer systems using brand and franchise software.

The growth of the industry has been supported by the rise of cryptocurrencies. This made old-fashioned money mules, which were sometimes forced to smuggle cash across borders, practically obsolete.

Laundering cryptocurrency through exchanges is the last step, and also the most vulnerable, as criminals have to exit the anonymous online world to appear at a physical location where they exchange Bitcoin for cash or deposit it in a bank.

Gurvais Grigg, a former FBI agent who is a researcher at cryptocurrency monitoring company Chainalysis, said exchange offices are the “end of the Bitcoin and ransomware rainbow.”

Computer codes in virtual currencies allow transactions to be tracked from one user to another, even if the identities of the owners are anonymous, until the cryptocurrency reaches an exchange. There, in theory, records should associate the cryptocurrency with a natural person or company.

“These are one of the key points in the entire ransomware genre,” Mr. Grigg said of the exchange offices. Ransomware gangs “want to make money. And until you cash it out and get it on an exchange at an outlet, you can’t spend it.”

Cyber ​​security experts say that at this point, criminals need to be identified and caught. But the Russian government has allowed the exchanges to flourish, saying it only investigates cybercrime if Russian laws are violated. Regulations are a gray area in the nascent industry of cryptocurrency trading, in Russia as elsewhere.

Russian cryptocurrency traders say the US is placing an unfair due diligence burden on their companies, given the rapidly evolving nature of regulations.

“The real criminals, the people who created the ransomware, and the people working in Moscow City are completely different people,” Sergei Mendeleev, founder of Federation Tower, a Garantex-based trader, said in an interview. Russian crypto exchanges said they were held responsible for crimes they were unaware of.

Mendeleev, who no longer works for the company, said that American cryptocurrency monitoring services provide data to non-Russian exchanges to help them avoid illegal transactions, but refuses to work with Russian traders – in part to warn criminals that they suspect traders may use this information. This complicates efforts by Russian companies to root out illegal activity.

He admitted that not all Russian exchanges put a lot of effort into it. Some in Moscow’s financial district are little more than an office, he said, a safe full of cash and a computer.

Federation Tower East has at least 15 cryptocurrency exchanges, according to a list of businesses in the building compiled by Yandex, a Russian mapping service.

In addition to Suex and EggChange, companies targeted by the Biden administration, cyber researchers, and an international cryptocurrency exchange flagged two more tenants of buildings they suspect of illegal activity involving Bitcoin.

Building manager Aeon Corp. did not respond to questions about exchanges in its offices.

Recorded Future researcher Mr. Smilyanets said these firms, like the banks and insurance companies they share space with, likely chose the site for its status and strict building security.

“Moscow City skyscrapers are very ornate,” he said. “They can post these beautiful landscapes, beautiful skyscrapers on Instagram. This increases their legitimacy.”