header image

Kidnap and Extortion in Russia-CIS: New and Old Tricks

Darren Davids 2 March 2021
2 March 2021    Darren Davids

Travel Security | Special Edition 2021

In this bulletin, we look at how the world is emerging from the COVID-19 pandemic, and what that means for travel security risks for the coming year. While the pandemic and its associated lockdowns halted or delayed most travel in 2020, we nonetheless saw the persistence of some travel threats, and the emergence of others. We focus on some of the key travel security stories of the year, including a look at the latest developments in kidnapping, organised crime, and piracy, and look at how the pandemic has impacted the work of emergency responders.

Download Report

Many organised crime groups in the Commonwealth of Independent States (CIS) continued their kidnapping and extortion activities largely unaffected by the Covid-19 pandemic, writes Darren Davids. However, opportunistic criminals have capitalised on newly implemented Covid-19 restrictions and will seek to extort travellers.


Organised crimes groups engaged in kidnap for ransom and extortion activities have seen mixed results during the Covid-19 pandemic, including those in the Commonwealth of Independent States (CIS) region. Although many CIS countries did not implement a national lockdown to combat the pandemic, most CIS countries imposed regional and city level restrictions. In some countries organised criminal groups continued their operations unhindered by the restrictions, particularly in terms of cybercrime, extortion and kidnap. In Ukraine, for example, organised crime groups have continued to grow and emerge. In others, such as Russia, the criminal industry has tracked a similar downward trend to the rest of the economy, with the number of reported crimes decreasing during the country’s lockdown period. While the Covid-19 pandemic has not drastically altered the threat landscape in most of these countries, it has exacerbated and in some cases even accelerated existing crime trends.

Georgia: Kidnapping


Georgia imposed citywide lockdowns, affecting major cities such as Tbilisi, Marneouli and Bolnis, among others, from 22 March until 14 May. During this period, police reported a drop in violent crime, but organised criminal groups took advantage of stretched security forces who were focused on enforcing Covid-19 regulations. For example, in Tbilisi hundreds of officers were required to monitor people who were self-isolating, whilst other officers ensured businesses and individuals complied with lockdown restrictions. Criminal groups sought to kidnap business owners and perceived high net-worth individuals. These crime groups targeted foreign businesspeople from central Asian countries such as Tajikistan, Uzbekistan, and Kyrgyzstan.


Foreign national targeted

On 20 May, the Georgian Interior Ministry and the Prosecutor’s Office announced that authorities arrested 13 people in Tbilisi during a joint operation targeting members of an organised crime group who kidnapped a Tajik businessman. The assailants held the victim in a rented apartment in March. The assailants demanded that the family of the kidnap victim pay them USD 7,500 to secure his release. The kidnappers warned the victim’s family against approaching law enforcement and alleged that they had ties to authorities.


“Airport officials, working in the customs department, targeted international travellers by creating arbitrary on-the-spot regulations.”


Ukraine: Extortion


Following a spike of Covid-19 infections in March, the government closed its borders, stopped international flights, implemented restrictions aimed at curbing the spread of the Covid-19 virus, and suspended most commercial and social activity, before gradually easing most restrictions in May. However, when restrictions were eased and international flights resumed, airport workers in some airports have solicited bribes from travellers who allegedly violated restrictions pertaining to the transportation of goods. Airport officials, working in the customs department, targeted international travellers by creating arbitrary on-the-spot regulations. This appears to be a growing global trend among airport, border, and port officials, as similar incidents of bribery and extortion by officials have been reported in several countries including Nigeria, India, and Tajikistan.


Travellers extorted at airports

On 11 November, security services arrested three airport officials at the Kyiv Boryspil International Airport on charges of extortion and corruption. The three arrested include two chief state inspectors of the customs post, and one employee of the Department for Countering Customs Offenses and International Cooperation, who allegedly oversaw the extortion racket. The airport workers demanded bribes and extorted travellers for cash over fabricated customs protocol violations. When travellers refused to pay the bribes, the officials would threaten to confiscate luggage and personal goods. According to authorities the extortionists earned between USD 2,000-4,000 from passengers from each flight they oversaw.


Russia: Extortion


Most crime in Russia has decreased during the pandemic. Since Russia implemented various restrictions in March aimed at curbing the spread of Covid-19, the number of reported crimes in most regions, including in the Moscow region, fell significantly. In contrast, police reported an almost 20 percent rise in crime in Tatarstan and Karelia during the same period. Despite the overall decrease in crime, cybercrime incidents have increased by 75 percent between January and October 2020, not least because more work and financial transactions migrated to the internet. This increase does not represent a shift in the threat landscape, but rather an acceleration of a long-term trend; between 2015 to 2019 cybercrime incidents in Russia grew by 228 percent. During the lockdown period most of these cybercrimes were reported in large cities such as Moscow and Saint Petersburg, while cases of physical extortion were most frequently reported in rural areas.


Cyber criminals extorting Russian companies

Since March, a new Russian based cybercrime group called OldGremlin, has carried out at least eight cyber-attacks on Russian companies. The group typically targets banks, industrial companies and medical firms with ransomware attacks. The group reportedly comprises entirely entirely of locals and has deviated from the Russian norm of not targeting domestic or former Soviet Union companies or assets. The group has exploited the Covid-19 pandemic by using sophisticated spear-phishing emails – from fake news and updates pertaining to the Covid-19 outbreak to fake requests for media interviews – to infect the target’s system with malware and gain access to the target’s network. After a victim has taken the bait of the spear-phishing attack and clicked on the link, the group launches a unique custom malware called TinyNode, that grants the cybercriminals access to the victim’s computer and launches additional malware. Once the threat actor has gained access to the victim’s computer, the cybercriminals deploy ransomware, encrypt the target’s data, and extort a ransom fee of USD 50,000 in cryptocurrency in exchange for a decryption key.


S-RM is a global risk consultancy providing intelligence, resilience and response solutions to clients worldwide. To discuss this article or other industry developments, please reach out to one of our experts.

Darren Davids
Darren davids Analyst Email Darren

Intelligent Business 2022 Strategic Intelligence Report

The evolution of strategic intelligence in the corporate world. Read S-RM's latest report.

Download Report