So you want to work in ransomware?
You would think that getting to work for a ransomware gang would be a bit different from applying for a normal IT job.
However, after following up a post on a forum a researcher at CyberNews managed to get an interview with the Ragnar Locker ransomware operators which reveals a surprisingly corporate approach to recruitment and remuneration as well as uncovering some of how the gangs operate.
The growth of ransomware-as-a-service means the barrier to entry for ransomware is lower than ever. This has resulted in ransomware groups trying to solve their 'labor shortages' by recruiting new members via hacker forums.
In the course of its threat intelligence research CyberNews came across an ad in one of these forums and a researcher posed as a Russian hacker to answer it. This resulted in a 'job interview' held in a private chatroom and conducted in Russian.
As to the rewards on offer successful applicants job for the job start on 70 percent of any ransoms paid, the remainder being kept by the group. After a trial period this would rise to 75 percent and 80 percent if ransom earnings exceeded $1 million in any one week. Payment in cryptocurrency, naturally, but the cybercriminals claimed to have an insider at a cryptocurrency exchange specializing in money anonymisation to help with safe cash outs. It was recommended these be carried out in 'small' amounts of $1 million in order to avoid upsetting the markets.
It was also clear from the discussion that the group put a lot of effort into identifying and researching targets to find those that would be most affected by attacks and therefore most likely to pay up. Also that attacks are often launched on Friday nights after IT staff have gone home for the weekend.
You can read more about the interview on the CyberNews site.