Cybercrime as-a-service , Fraud Management & Cybercrime , Ransomware

Ransomware-as-a-Service Market Now Highly Specialized

Services Include Subscription Models, Bug Bounties and High-Paying Jobs
Ransomware-as-a-Service Market Now Highly Specialized

The criminal underground market for ransomware services is now specialized to the point where almost every step of the infection and extortion chain can be outsourced to contractors, cybersecurity firm Sophos says in its latest annual assessment of the threat landscape.

See Also: OnDemand | Combatting Rogue URL Tricks: How You Can Quickly Identify and Investigate the Latest Phishing Attacks

Just as the cloud and web services industry lets corporate customers pick and choose from a plethora of paid services, ransomware criminals stand ready to offer extortionists service ranging from malware distribution to network scanning.

One enterprising criminal entrepreneur even offers OPSEC-as-a-service, the Sophos report says. The seller offers - either as a one-off setup or a monthly subscription - a service designed to hide Cobalt Strike infections and minimize the risk of detection and attribution, Sophos writes.

"Ransomware-as-a-Service began last year and by this year, virtually every type of cybercriminal activity is available as a service for a few hundred dollars. This is just an indication of how sophisticated and professionalized the people in the cybercrime industry have become," says Sean Gallagher, a Sophos principle threat researcher.

Dark web marketplaces such as Genesis are entry points for entry-level cybercriminals. They can act as resellers for stolen credentials obtained through malware and malware deployment services, Sophos says.

Aping of the corporate world doesn't just extend to outsourcing, but also to bug bounty programs. "It mirrors legitimate software companies. It even has a complicated supply chain, with many functions outsourced to people with specialities," he says (see: Ransomware-as-a-Service Gang LockBit Has Bug Bounty Program).

According to earlier analysis from Sophos, the costs of these services can run cheap. The single set of credentials that led to the June 2021 EA breach, which famously allowed the attackers in June 2021 into Electronic Arts' system through the gaming giant's Slack, cost the attacker $10 on Genesis.

"In one Raccoon Stealer campaign, based on the crypto and information they were able to steal, they had about a 150% return on their investments," says Gallagher.

Money, of course, is the driving force for the growth of this commerce, he says. "This is a billion-dollar industry, so money is at the heart of it. Additionally, these organizations are operating in a way normal companies do, with hiring processes in place. This is a high-paying job and even a source of patriotism, because you are bringing money into the country while attacking another."


About the Author

Anviksha More

Anviksha More

Senior Subeditor, ISMG Global News Desk

More has seven years of experience in journalism, writing and editing. She previously worked with Janes Defense and the Bangalore Mirror.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.