LEILA FADEL, HOST:
To find out more about how these cybercriminals operate, we spoke earlier to Dmitry Smilyanets, a threat intelligence analyst for the cybersecurity firm Recorded Future and a former hacker himself. He says the world should get ready for more ransomware attacks.
DMITRY SMILYANETS: Unfortunately, there is nothing can stop them at this moment. Hopefully, after that meeting between two presidents, Mr. Biden and Mr. Putin, hopefully there will be a change because only Putin can stop these guys.
FADEL: What do you mean by that?
SMILYANETS: I mean that without his approval, local law enforcement and Russian federal law enforcement are not investigating these guys. I believe that federal law enforcement in Russia already track those guys. And just by the order, they can stop them immediately.
FADEL: President Biden recently said there isn't really evidence that there's links between these hackers and the government. Is that accurate?
SMILYANETS: Yes, it is accurate. They are not members of Russian special forces - 100%. These are the guys who are just hackers and criminals and financially motivated guys. But it doesn't mean they don't have connections to the state guys. And I believe most of the guys, top-level guys, have these connections.
FADEL: So not sponsored by the government, but if the government took an interest in stopping it, they would be able to.
SMILYANETS: Absolutely, and we've witnessed that. After DarkSide attacked Colonial Pipeline, news reached Russian media. So it took them a few hours to shut down completely. That happened immediately, very quickly, like by the script or by the very strict order.
FADEL: Do you think that's maybe changed how concerned cybercriminals are about repercussions after the Colonial Pipeline attack?
SMILYANETS: I don't think so. There's so much money to be made for them. They are on the hunt for big money, and they will never stop unless stopped by somebody.
FADEL: And this is not just a few guys in a basement, right? It sounds like these are very sophisticated operations at this point.
SMILYANETS: Absolutely. And some of the groups, you won't believe it, but they have hundreds of people working for them. So it's very organized. It's very professional.
FADEL: Why is so much of this happening from Russia?
SMILYANETS: Well, it's a great question. Just because they feel safe. Just imagine a greenhouse where your vegetables grow, perfect sunlight, perfect watering system and no wind, nothing bothers them so they can grow. That's what's happening currently in Russia.
FADEL: Walk me through how people get started.
SMILYANETS: Well, before you buy ransom software package, you go, you join this telegram channels that are full of tutorials and videos. It's just about curiosity and how much free time you have. And I believe young guys in Russia have plenty of free time.
FADEL: What do you mean?
SMILYANETS: Russia still has great educational system and very strong mathematical school. And unfortunately, young people on graduation, they don't see any opportunities. To start a job without connections, it's pretty hard to find a good job. So these people, if they can't focus on work, daily work, they start exploring possibilities. And the internet is full of these possibilities, including criminal underground.
FADEL: What can be done to thwart cyberattacks as we watch really this rise?
SMILYANETS: Paying attention to the closest releases of vulnerabilities and patch them as soon as possible, have a good threat intelligence provider that will alert you on new trends or on your credentials being exposed on the dark web. And, well, there is not a 100% solution to prevent it. So I would say pray. It helps because you're vulnerable, and it's just a matter of time when your company will get effected.
FADEL: Dmitry Smilyanets, thank you for joining us.
SMILYANETS: Thank you very much. Transcript provided by NPR, Copyright NPR.