Honor Among Thieves

Ransomware graphic

Is there such a thing? This phrase suggests that crooks trust each other. They will not steal from each other. When it comes to fellow criminals, there is integrity and trust. It appears this sentiment is crumbling.

Ransomware (RaaS) as a Service has become a big business in cyber crime. RaaS is a business model that creates partnerships between the creators of the malware and the attackers. The ransomware creators will recruit attackers (affiliates) to purchase the kit and target victims. The affiliate will set the ransom demands and communicate with the victim. If a ransom is met, there is a pre-agreement with the developer to share a percentage of the profits. Sometimes the affiliate will purchase the kit outright or pay a subscription in leu of sharing the ransom. This collaboration enables a strong criminal network that can deploy attacks in a rapid and widespread manner.

RaaS is a competitive market. Operators spin up websites and marketing campaigns to attract affiliates. RaaS is big business, with revenues upwards of $20 billion annually.

Although RaaS attempts to run it’s business with some organization, it many times falls flat. The model includes developers, attackers, helpdesks and even an internal court system. The crooked court will prosecute thieves who fail to honor the terms of the RaaS agreement. The risk with villains working together is that there is a level of trust to assume. Will someone default on their agreement? Will they turn coat and betray the group? Everyone involved has to do their part and if one wanders, the scheme will suffer.

Recent news shows the BlackCat Ransomware group got caught up in it’s own trust issue with their pack of thieves.

Following security best practices can assist with avoiding falling victim to these attacks. Patching is a critical maintenance component in a secure cybersecurity posture. Segmentation can assist with containing and troubleshooting network issues. Once an intruder is ‘in’ they can move quickly between connected environments. End user education is key to preventing many forms of ambush. Conducting phishing simulations and enforcing security best practices can be beneficial to an organizations defenses.

Ransomware as a Service is illegal. Although miscreants build this business model to mimic legitimate services, there is nothing legitimate about it. It is cyber crime that involves theft, breaches and extortion.