Ransomware as a Service, a “Modern and Efficient” Business Model for Criminals

Destruction on Thursday of the attacking network ransomware hivewhich extorted close to $100 million from more than 1,500 victims around the world, shows how hacking has become a super-efficient niche industry that can enable anyone to become a cyber artist.

The operation was carried out in coordination with the police forces of the United States, Germany and the Netherlands, as well as with Europol, said the director of the US Federal Police (FBI), Christopher Wray.

modern business model

hive operates in a mode that cybersecurity experts call “ransomware as a service”, or RaaSwhen a company offers its software and methods to others for extortion purposes.

The model is fundamental to the ecosystem ransomware a broader one in which actors specialize in one skill or function, maximizing efficiency.

According to Ariel Ropek, director of cyberthreat intelligence at cybersecurity firm Avertium, this structure allows criminals with minimal computing skills to step into the game. ransomware pay others for their experience.

“There are quite a few of them,” Ropek said of the operations RaaS. “This is really a business model these days,” he added.

How it works

On the so-called “dark web”, a part of the Internet that regular browsers cannot access, ISPs ransomware and maintain an open display of their products.

At one extreme are initial access brokers who specialize in access to corporate or institutional computer systems and then sell that access to a hacker or system operator. ransomware.

But the operator depends on the developers RaaS What hivewho have programming skills to create the malware needed to perform the operation and bypass security countermeasures.

In general, their programs are once inserted by the operator ransomware in the target’s IT systems – manipulated to freeze the target’s files and data using encryption.

Developers RaaS What hive they offer a full range of services to operators in exchange for a large portion of the ransom paid, Ropek said.

“Their goal is to operate ransomware be as complete as possible,” he said.

polite but firm

when ransomware installed and activated, the target receives a message about what to do and how much to pay for decrypting their data.

This ransom can range from thousands to millions of dollars, depending on the financial strength of the target.

Inevitably, the target tries to negotiate with the portal, but often not very far.

Cybersecurity firm Menlo Security published last year a conversation between a target and a “sales team” hive took place on a special portal for victims.

It contains an operator hive politely and professionally offered to prove that the decryption would work on the test file.

But when the target offered a portion of the required $200,000, hive he was firm and insisted on paying the full amount.

Finally, the agent hive he relented and offered a substantial discount. “The price is $50,000. This is the final amount. What else can I say?” he wrote.

If the target organization refuses to pay, developers RaaS they have support: they threaten to post or sell hacked confidential files on the Internet.

hive maintains a separate website, hivesto publish the data.

Behind the business, Ropek says, are specialized fundraising operations that help members get their share of the ransom.

humble hit

action on thursday against hive it was only a modest blow to the industry RaaS.

There are many other specialists in ransomwareLooks like hivewhich are still working.

The biggest threat today is LockBeatwhich attacked Britain’s Royal Mail in early January and a Canadian children’s hospital in December.

In November, the US Department of Justice stated that LockBeat he received tens of millions of dollars in ransom from thousands of victims.

And it is not difficult for operators hive start again. “It’s a relatively simple process of setting up new servers, generating new encryption keys. There is usually some kind of rebranding going on,” Ropek said. (AFP)

We recommend you METADATA, an RPP technology podcast. News, analytics, reviews, recommendations and everything you need to know about the world of technology.