Russian President Vladimir Putin's government can bring down its fist -- when he wants it to. Dissidents and business executives who run afoul of the Kremlin are swiftly prosecuted and dispatched to Siberian prison camps. Yet cybercriminal gangs based in Russia seem to face nary a consequence when they wreak havoc on companies in the U.S. and other Western nations. President Joe Biden should make sure to point out the disconnect at the summit between the two leaders.
A rash of ransomware attacks plagues businesses, libraries, hospitals and entire cities in the U.S. Scarcely had officials begun to account for last month's assault on the systems of the 5,500-mile-long Colonial Pipeline when news broke that the world's largest meat processor, JBS, had also been struck by malware. The FBI identified DarkSide as the culprit in the pipeline salvo; the cartel REvil was reportedly responsible for the JBS attack. Both have links to Russia and may well be based there. There's no evidence the Kremlin is coordinating with these criminals, but it appears to be more than just tolerating them.
The Russian government and Russian-resident hackers have a complicated relationship. For some groups, that relationship has been close as can be, with authorities recruiting talented programmers to do their bidding or co-opting gangs they've caught in the act to work for them rather than against them. Other hackers don't have to be asked. They assume they can make mayhem with impunity so long as they pick the right victims. They refrain from attacking domestic entities by, for example, writing malware that cuts short incursions on computers whose language is set to Russian, Belarusian or Ukrainian. Some even set their sights specifically on nations in the Kremlin's poor graces, such as Estonia and Georgia in 2007 and 2008, and now Ukraine.
Russia isn't entirely immune from ransomware, of course, whether from inside or outside its borders. The country's general prosecutor said last year that attacks had risen 25-fold in the preceding half-decade, many of them conducted by Chinese organizations. And Russian security services have had their share of misses. But Russian enforcers can be frighteningly effective when it suits the Kremlin. At least seven Jehovah's Witnesses were sentenced to prison last week; security services have devoted ample resources to sniffing out adherents of the outlawed faith, even though Russia's constitution guarantees freedom to worship. Opposition leader Alexei Navalny was handed a prison term only 16 days after returning to the country in January.
Putin obviously has plenty of enforcement power. He would do well to use it against the lawless ransomware artists whose antics harm critical industries and threaten lives in the U.S. and other countries.