Russian authorities have identified and arrested three alleged members of the SugarLocker ransomware gang, disguised as the legitimate tech company Shtazi-IT. The arrests follow investigations by F.A.C.C.T., a Russia-based company collaborating with authorities. While the timing of the announcement raises eyebrows, occurring alongside a massive international operation against the Lockbit ransomware gang, experts question whether it’s coincidental or a deliberate move by Russia to showcase its ability to make arrests in the cybercrime landscape.
SugarLocker, operational since at least 2021, functions as a ransomware-as-a-service model, offering malicious tools for a fee or a share of ransom payments. The group primarily targets victims through the Remote Desktop Protocol (RDP), maintaining a financial motivation with a percentage share of customers’ profits. Interestingly, SugarLocker pledged not to attack Eastern European countries, except the Baltic States and Poland, and does not operate a data leak site, leaving the extent of its victims unclear.
The arrests come with charges related to creating, using, and distributing malicious computer programs, potentially leading to up to four years in prison for the defendants. Speculation surrounds the connection between SugarLocker and Aleksandr Ermakov, previously sanctioned for alleged involvement in the 2022 attack on Medibank. As investigations unfold, the report highlights a hacker’s joke about going to Siberia, which ironically turned out to be somewhat prophetic given Siberia’s association with Russian prisons and exile.
