Written by AJ Vicens
May 2, 2022 | CYBERSCOOP
A man living in Russia whom the U.S. government accused of being involved in multiple REvil ransomware attacks may be involved in a phony emergency disclosure request to Twitter used to threaten a ransomware researcher in recent weeks and force them offline.
Twitter’s policies state the company will provide account information “to law enforcement in response to a valid emergency disclosure request.” The “quickest and most efficient method,” the company says, it through its legal request submissions site.
Twitter received 12,370 government information requests between January and June 2021, the latest period for which data is available, with emergency requests making up about 15%, according to data posted to the company’s site.
The disclosure request was just one part of an ongoing and escalating series of threats against researchers and at least one blogger by a cybercriminal known as “Lalartu” or “Sheriff” — or someone tying to pose as them — nicknames that security researchers in the past have tied to Aleksandr Sikerin. Federal prosecutors in Texas said in a November 2021 filing that Sikerin was most recently living in St. Petersburg, Russia, and had been an affiliate of