#BHEU: Ransomware Attackers Professionalizing Operations with Partnership Platforms
Clarke and Hall explained that ransom demands are becoming larger, attackers smarter and intrusions longer, with cyber-criminals professionalizing and streamlining their ransomware strategies through partnership platforms – commonly coined Ransomware-as-a-Service offerings.
“These are operators that will target a number of organizations and sell access to ransomware threat actors,” explained Hall.
Ransomware crews have been detected leveraging high-profile critical vulnerabilities to gain footholds in as many victim networks as possible, only to come back weeks or even months later to leverage those footholds into full-scale ransomware deployments, the speakers said.
Such affiliate ransomware platforms are attractive to cyber-criminals because they offer key benefits including malware generation, communication and negotiation with victims and, in some cases, payment processing and decryption utility delivery, Mitchell explained.
One prime example of a prevalent ransomware affiliate group that has established itself in 2020 is REvil, Mitchell added.
“REvil are interesting because they run a Ransomware-as-a-Service platform – a platform with many different affiliates or other attackers that join in to use the same malware and the same platform.”
Looking forward, and due to the ongoing scaling-up of ransomware operators through business-like service platforms, Mitchell predicted that ransomware will continue to pose a major threat to organizations in 2021, citing increasing ransom demands and pay-outs, numbers of victims, damage to organizations and extortion of stolen data.
“Potentially, we will get to a point where the only way to recover [from ransomware] is to pay the ransom or to have a good backup mechanism in place, which may be quite rare at the moment. With so many victims and so much compromise going on, unfortunately, the only trend [for ransomware] is upwards,” Mitchell concluded.