A growing black market that makes money by providing ransomware as a 'service' to criminal groups
In recent years,
Ransomware-as-a-service: The pandemic within a pandemic --Intel 471
https://public.intel471.com/blog/ransomware-as-a-service-2020-ryuk-maze-revil-egregor-doppelpaymer/
The ransomware landscape is more crowded than you think | ZDNet
The damage caused by ransomware is increasing as the demand for remote work increases due to the pandemic of the new coronavirus infection (COVID-19). Not only is the number of damages increasing, but the average ransom demand is also on the rise during the pandemic, and many companies and institutions are becoming more vigilant about ransomware.
This time, Intel 471 reported growth in the field of 'RaaS', which is not Software as a Service (SaaS) . SaaS is a term that indicates the form of software that enables necessary functions to be used as a service. In recent years, a form similar to SaaS has been introduced into the field of ransomware, and is called RaaS among experts. That's right.
RaaS is a service that provides off-the-shelf ransomware code to other criminal groups. Criminal groups that purchase ransomware will be able to carry out targeted attacks by combining options prepared by the provider.
Cyber attacks by groups that are clients of RaaS are wide-ranging, including phishing attacks via email, unauthorized access using compromised Remote Desktop Protocol (RDP) credentials, and unauthorized access that exploits vulnerabilities in network devices. And so on. If a group of criminals profits from a ransomware attack, a portion of it will be paid to the group that provides the RaaS.
It seems that the market for providing ransomware code to clients appeared around 2017, and by using RaaS, even criminal groups who do not have advanced coding technology can attack using ransomware. I am. According to a survey by Intel 471, there are about 25 types of RaaS products advertised in the underground hacking scene, and the breakdown can be divided into three main layers.
・ First layer
The most well-known RaaS group, which has been used in numerous attacks for almost several months, falls into the first tier. This layer includes RaaS groups such as REvil, Netwalker, DopplePaymer, Egregor (Maze), and Ryuk, and many of them also operate dedicated websites that leak information on companies and institutions that refused ransom. ..
・ Second layer
The second layer is the RaaS group, which has a certain reputation in underground hacking forums but does not have as many customers or achievements as the first layer. The second-tier RaaS groups such as Avaddon, Conti, Clop, DarkSide, Mespinoza (Pysa), RagnarLocker, Ranzy (Ako), SunCrypt, and Thanos are said to be the latest in the industry.
・ Third layer
The third layer is the RaaS group, which has been launched for a short time or has limited information on its activities. It seems that some of the third-tier RaaS groups such as CVartek.u45, Exorcist, Gothmog, Lolkek, Muchlove, Nemty, Rush, Wally, Xinof, Zeoticus, and ZagreusS are not working or have failed. You can.
'The underground cybercrime ecosystem is profitable through criminal activity, but as long as it is a market, it adheres to market-leading principles,' said ZDNet, a foreign media outlet. He pointed out that the principle of competition also works in the RaaS market. Although the market was not saturated at the time of writing, I expected that if the number of RaaS groups exceeded the demand of criminals or the security of the company was strengthened, weak RaaS groups would be eliminated. ..
In addition, it is reported that the number of cases where criminal groups entrust hacking to 'subcontractors' is increasing due to the sophistication of hacking technology and the increase in the amount of work required, and in recent years cyber attacks have been outsourced. You can see the actual situation.
The number of hacker groups that entrust hacking to 'subcontractors' is increasing rapidly --GIGAZINE
Related Posts:
in Software, Web Service, Security, Posted by log1h_ik