![]() ![]() Using affiliates provides flexibility, dynamism and higher profits, but is also a vulnerability. Affiliates allow RaaS groups to expand temporarily, hitting hundreds if not thousands of victims yearly. RaaS groups work with ‘affiliates’, cybercriminals who are not directly part of the RaaS structure but work alongside it. This means they can charge not only for the decrypter key to unlock the systems, but demand another payment to refrain from leaking the sensitive data. ![]() Within the cybercriminal world, RaaS groups extort their victims and even practice double extortion, which involves locking down and encrypting systems, and seeking out and exfiltrating sensitive data. Once the payment is made, the money is laundered through a number of techniques and cashed out into fiat currency, for example dollars, euros or roubles. Ransomware payments are almost entirely made in cryptocurrency. Throughout 2021, Conti extorted around double its nearest competitor DarkSide, infamous for its attack on Colonial Pipeline in the US in May 2021. During that same period, Conti was the most successful ransomware strain. RaaS has become so effective that, according to the US Financial Crimes Enforcement Network, criminal groups earned US$590 million in the first half of 2021. For this service, Conti asked for a percentage of the payment, thought to be around 30 per cent, a portion of which was reinvested in infrastructure, the tools of the trade and staff, before the cycle would start again. Conti would rent its ransomware infrastructure, which could include an executable (the file used to deliver the ransomware), they would handle victim negotiations and payment, and launder the ransom payment. Today, this malware comes in the form of Ransomware-as-a-Service (RaaS), which operates as a business. Ransomware has come a long way since a floppy disk carrying the so-called AIDS trojan arrived in the mail during the late 1980s, with a demand of US$189 to decrypt. In May 2022, the US Department of State offered a US$15 million reward for information leading to the identification or conviction of Conti members. ![]() In 2021, it was estimated that Conti accumulated over US$180 million in payouts. Over the previous 18 months, Conti had rampaged across the internet, conducting cyberattacks against businesses, educational institutions and hospitals. This short and simple show of support for Russia was the beginning of the end of one of the most prolific ransomware groups in recent years. The message pledged allegiance and support for the full-scale Russian invasion of Ukraine, announced by Russian President Vladimir Putin the day before. On 25 February 2022, a message appeared on a darknet website run by the cybercriminal syndicate known as Conti. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |