In this Ransom-War series,1 we have made the argument that at least some Russia-origin ransomware attacks are “hybrid.” They are hybrid in two senses: 1) they have some political, not just financial, motivation, and 2) they align with Russia’s undeclared “hybrid war” against the “collective West.” 

The previous posting in the series characterized the social and political context in which Russian cybercriminals operate. As we pointed out, in Russian society, business, crime and politics overlap. Citizens cannot trust in impartial legal and judicial institutions to ensure their safety and well-being; they have to rely on informal mechanisms to protect themselves, often by finding patrons among influential figures in Russian government or intelligence. In return for protection, the criminals may find themselves doing favors for intelligence services. Moved by patriotism and/or duress, some Russian ransomware groups align at least some of their activities with Russian state strategic priori…