Cybercrime as-a-service , Fraud Management & Cybercrime , Ransomware
Ransomware-as-a-Service Market Now Highly Specialized
Services Include Subscription Models, Bug Bounties and High-Paying JobsThe criminal underground market for ransomware services is now specialized to the point where almost every step of the infection and extortion chain can be outsourced to contractors, cybersecurity firm Sophos says in its latest annual assessment of the threat landscape.
See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk
Just as the cloud and web services industry lets corporate customers pick and choose from a plethora of paid services, ransomware criminals stand ready to offer extortionists service ranging from malware distribution to network scanning.
One enterprising criminal entrepreneur even offers OPSEC-as-a-service, the Sophos report says. The seller offers - either as a one-off setup or a monthly subscription - a service designed to hide Cobalt Strike infections and minimize the risk of detection and attribution, Sophos writes.
"Ransomware-as-a-Service began last year and by this year, virtually every type of cybercriminal activity is available as a service for a few hundred dollars. This is just an indication of how sophisticated and professionalized the people in the cybercrime industry have become," says Sean Gallagher, a Sophos principle threat researcher.
Dark web marketplaces such as Genesis are entry points for entry-level cybercriminals. They can act as resellers for stolen credentials obtained through malware and malware deployment services, Sophos says.
Aping of the corporate world doesn't just extend to outsourcing, but also to bug bounty programs. "It mirrors legitimate software companies. It even has a complicated supply chain, with many functions outsourced to people with specialities," he says (see: Ransomware-as-a-Service Gang LockBit Has Bug Bounty Program).
According to earlier analysis from Sophos, the costs of these services can run cheap. The single set of credentials that led to the June 2021 EA breach, which famously allowed the attackers in June 2021 into Electronic Arts' system through the gaming giant's Slack, cost the attacker $10 on Genesis.
"In one Raccoon Stealer campaign, based on the crypto and information they were able to steal, they had about a 150% return on their investments," says Gallagher.
Money, of course, is the driving force for the growth of this commerce, he says. "This is a billion-dollar industry, so money is at the heart of it. Additionally, these organizations are operating in a way normal companies do, with hiring processes in place. This is a high-paying job and even a source of patriotism, because you are bringing money into the country while attacking another."