arrow-line asset-bg bars-line calendar-line camera-line check-circle-solid check-line check-solid close-line cursor-hand-line image/svg+xml filter-line key-line link-line image/svg+xml map-pin mouse-line image/svg+xml plans-businessplans-freeplans-professionals resize-line search-line logo-white-smimage/svg+xml view-list-line warning-standard-line
Articles

Kidnap and extortion in Russia-CIS: New and old tricks

Many organised crime groups in the Commonwealth of Independent States (CIS) continued their kidnapping and extortion activities largely unaffected by the Covid-19 pandemic, writes Darren Davids. However, opportunistic criminals have capitalised on newly implemented Covid-19 restrictions and will seek to extort travellers.

Organised crimes groups engaged in kidnap for ransom and extortion activities have seen mixed results during the Covid-19 pandemic, including those in the Commonwealth of Independent States (CIS) region. Although many CIS countries did not implement a national lockdown to combat the pandemic, most CIS countries imposed regional and city level restrictions. In some countries organised criminal groups continued their operations unhindered by the restrictions, particularly in terms of cybercrime, extortion and kidnap. In Ukraine, for example, organised crime groups have continued to grow and emerge. In others, such as Russia, the criminal industry has tracked a similar downward trend to the rest of the economy, with the number of reported crimes decreasing during the country’s lockdown period. While the Covid-19 pandemic has not drastically altered the threat landscape in most of these countries, it has exacerbated and in some cases even accelerated existing crime trends.

Geo kidnap

FOREIGN NATIONAL TARGETED

On 20 May, the Georgian Interior Ministry and the Prosecutor’s Office announced that authorities arrested 13 people in Tbilisi during a joint operation targeting members of an organised crime group who kidnapped a Tajik businessman. The assailants held the victim in a rented apartment in March. The assailants demanded that the family of the kidnap victim pay them USD 7,500 to secure his release. The kidnappers warned the victim’s family against approaching law enforcement and alleged that they had ties to authorities.

Ukr extortion

TRAVELLERS EXTORTED AT AIRPORTS

On 11 November, security services arrested three airport officials at the Kyiv Boryspil International Airport on charges of extortion and corruption. The three arrested include two chief state inspectors of the customs post, and one employee of the Department for Countering Customs Offenses and International Cooperation, who allegedly oversaw the extortion racket. The airport workers demanded bribes and extorted travellers for cash over fabricated customs protocol violations. When travellers refused to pay the bribes, the officials would threaten to confiscate luggage and personal goods. According to authorities the extortionists earned between USD 2,000-4,000 from passengers from each flight they oversaw.

Rus extortion
Airport officials, working in the customs department, targeted international travellers by creating arbitrary on-the-spot regulations.

CYBER CRIMINALS EXTORTING RUSSIAN COMPANIES

Since March, a new Russian based cybercrime group called OldGremlin, has carried out at least eight cyber-attacks on Russian companies. The group typically targets banks, industrial companies and medical firms with ransomware attacks. The group reportedly comprises entirely entirely of locals and has deviated from the Russian norm of not targeting domestic or former Soviet Union companies or assets. The group has exploited the Covid-19 pandemic by using sophisticated spear-phishing emails – from fake news and updates pertaining to the Covid-19 outbreak to fake requests for media interviews – to infect the target’s system with malware and gain access to the target’s network. After a victim has taken the bait of the spear-phishing attack and clicked on the link, the group launches a unique custom malware called TinyNode, that grants the cybercriminals access to the victim’s computer and launches additional malware. Once the threat actor has gained access to the victim’s computer, the cybercriminals deploy ransomware, encrypt the target’s data, and extort a ransom fee of USD 50,000 in cryptocurrency in exchange for a decryption key.

S-RM’s GSI is the simplest way to get a fresh perspective on the security risks affecting you, your work, and your travel.