It’s clear that the ransomware gangs take care not to target the powers that shelter them. Security analysts found that REvil code was written so that the malware avoids any computer whose default language is Russian, Ukrainian, Belarusian, Tajik, Armenian, Azerbaijani, Georgian, Kazakh, Kyrgyz, Turkmen, Uzbek, Tatar, Romanian or Syriac.
Finding the criminals is not the problem. The U.S. government has the wherewithal to identify and arrest would-be cyberblackmailers on its own soil and to help allies find them on theirs. In fact, Washington has identified and indicted many Russian cybercriminals — the F.B.I., for example, has offered a reward of $3 million for information leading to the arrest of one Evgeniy Bogachev, a.k.a. “lucky12345,” a master hacker in southern Russia whose malware has led to financial losses of more than $100 million.
The key is to compel Mr. Putin to act against them. At his summit with him in June, Mr. Biden said he demanded that Russia take down the ransomware gangs it harbors and identified 16 critical sectors of the American economy on which attacks would provoke a response.
Yet two weeks later, REvil made the biggest strike ever, hacking into Kaseya, a firm that supplies management software for the I.T. industry, and attacking hundreds of its small-business customers. That led Mr. Biden to telephone Mr. Putin and to say afterward that “we expect them to act.” Asked by a reporter whether he would take down REvil’s servers if Mr. Putin did not, Mr. Biden simply said, “Yes.” Shortly after that, REvil abruptly disappeared from the dark web.
Tempting as it might be to believe that Mr. Biden persuaded the Russians to act or knocked the band’s servers out with American means, it is equally possible that REvil went dark on its own, intending, as happens so often in its shadowy world, to reappear later in other guises.
So long as the hackers focus on commercial blackmail abroad, Mr. Putin probably sees no reason to shut them down. They do not harm him or his friends, and they can be used by his spooks when necessary. Unlike the “official” hackers working for military intelligence who have drawn sanctions from Washington and Europe for meddling in elections or mucking around in government systems, Mr. Putin can deny any responsibility for what the criminal gangs do. “It’s just nonsense. It’s funny,” he said in June when asked about Russia’s role in ransomware attacks. “It’s absurd to accuse Russia of this.”
The Russians apparently also believe they can parlay their control over the ransomware gangs into negotiating leverage with the West. Sergei Rybakov, the deputy foreign minister who leads the Russian side in strategic stability talks launched at the Biden-Putin summit, indicated as much when he complained recently that the United States was focusing on ransomware separately from other security issues. Ransomware, he implied, was part of a bigger pile of bargaining chips.