Ransomware gangs get more professional
Ransomware, and indeed malware generally, used to be something of a cottage industry, the preserve of individuals or small groups. But new research from threat intelligence company KELA shows that it's becoming a highly professionalized industry.
Many cybercriminals are now specializing in different areas, so that the coding, spreading, extracting and monetizing processes might all be carried out by different people.
"As ransomware operations have been growing and maturing, KELA's researchers have been observing more cybercriminals offering accompanying services that fall into one of the four niches," writes Victoria Kivilevich, threat intelligence analyst, on the KELA blog. "When looking specifically into the ransomware supply chain we can see many actors piling up in the 'extract' niche -- where actors focus on escalating privileges within a compromised network -- and the 'monetize' niche - where actors are involved in the negotiation process with victims, DDoS attacks and spam calls. In this post, KELA focuses on these two niches in order to better understand the actors who have surfaced around the growing RaaS ecosystem."
Other interesting findings include that only 19 percent of dark web listings for ransomware services offer domain admin access rights, which raises the demand for intrusion specialists capable of escalating privileges.
The research has also uncovered the rise of a new role, that of 'negotiator' whose job is to force the victim to pay a ransom using a combination of insider information and threats. There's demand too for skills in things like DDoS attacks and spam campaigns as additional ways to threaten victims.
In order to fend off these threats defenders need to be equally professional. This means investing in cybersecurity awareness training, ensuring regular vulnerability monitoring and timely patching, and monitoring of key assets -- ideally using automation -- to reduce the attack surface.
You can find out more on the KELA blog.