IE 11 is not supported. For an optimal experience visit our site on another browser.

Ransomware hackers nervous, allege harassment from U.S.

They defended their practice of holding computers for ransom after the FBI took down a major ransomware group.

Some of the most destructive ransomware hackers in the world appear to be on edge after the U.S. reportedly took down one of their colleagues.

Several ransomware gangs posted lengthy anti-U.S. screeds, viewed by NBC News, on the dark web. In them, they defended their practice of hacking organizations and holding their computers for ransom. They appear prompted by the news, reported Thursday by Reuters, that the FBI had successfully hacked and taken down another major ransomware group called REvil.

While that takedown is the first of its kind made public, it’s not expected to seriously curb ransomware attacks on the U.S. on its own. It has, however, prompted REvil’s fellow hackers to publicly complain far more than they have before.

One of those, Conti, which regularly locks hospital computers and holds them for ransom — often delaying medical procedures — wrote that it would be undeterred by the U.S., and that ransomware hackers are the true victims.

“First, an attack against some servers, which the U.S. security attributes to REvil, is another reminder of what we all know: the unilateral, extraterritorial, and bandit-mugging behavior of the United States in world affairs,” the group wrote. “With all the endless talks in your media about “ransomware-is-bad,” we would like to point out the biggest ransomware group of all time: your Federal Government.”

“Is there a law, even an American one, even a local one in any county of any of the 50 states, that legitimize such indiscriminate offensive action?” the author wrote.

Another group wrote that “only time will tell who the real bad guys are here.”

A third complained that cybersecurity companies and the FBI were getting too involved with trying to stop ransomware. “2 sides are interested. One side is company affected. Second side is ransom operator. Nobody else,” it wrote.

The hackers who infamously attacked Colonial Pipeline in May, leading to some gas stations in the U.S. briefly running dry, also finally touched the money from that hack for the first time since the hack on Friday, according to an analysis by Elliptic, a London company that traces bitcoin payments.

Whoever controls that money moved it “over the course of several hours, with small amounts being “peeled” off at each step. This is a common money laundering technique, used to attempt to make the funds more difficult to track,” Elliptic’s analysis found.

Ransomware hackers’ apparent nervousness may be real, but it isn’t a sign that they plan to stop their attacks, said Brett Callow, an analyst at the cybersecurity firm Emisoft.

“I suspect it’s all empty posturing: bravado intended to reassure any of their affiliates or other partners-in-crime who may be getting cold feet,” Callow said.