Because of Scapien I know where my critical vulnerabilities are.

CISO, Healthcare Provider

RANSOMWARE AND DDOS AS A SERVICE

Oct 11, 2022

Today, financial returns have become so lucrative that ransomware and DDoS attacks have evolved into large-scale industries. Many cybercriminal gangs are involved as they seek to expand their operations. One way they do so is via the dark web by selling ransomware as a service (RaaS) and DDoS as a service. Anyone can sign up for these services and start their own attacks with little technical knowledge.

Ransomware as a service

When an aspiring cybercriminal signs up for RaaS, they will get access to an impressive professional-looking interface that will often include distribution tips and metrics that can be used to track things like ransomware infection and payment rates. Multiple languages may be supported. Customers are also given a RaaS kit that they can use to distribute ransomware to other computers. All they need to do is agree to share the profits with the creators of the RaaS.

RaaS works on a revenue-sharing model. It’s in the cybercriminals’ interest to make it work as efficiently as possible.

The most time-consuming part of a ransomware attack is finding the computers to infect. RaaS removes this challenge for the creators of new ransomware strains. They no longer have to spend countless hours scanning the internet or locating vulnerable victims. By making it easy for anyone to launch ransomware attacks, cybercriminals have expanded the spectrum of potential victims. To sum it up, they are outsourcing their attacks. RaaS creators have even begun building service centres to deal with victims and their payments.

Like any business, RaaS needs to find customers. Cybercriminals advertise their RaaS solution like any other business would. Except, for RaaS, the advertising is done on the dark web. RaaS is attractive for cybercriminals due to its scalable income potential. The more cybercriminals that sign up for it, the greater number of victims of the ransomware strain. This means more money for the ransomware creators.

Consider this case: the ransomware GandCrab was distributed by RaaS and first discovered in January 2018 (Tiwari, 2020). Over its 18-month lifespan, it is estimated that over 1.5 million computers were infected. The makers of GandCrab perfected the RaaS business model. They streamlined their ‘affiliate’ program, allowing fellow cybercriminals to join by agreeing to share 30–40 per cent of their ransomware revenue. They got a full-featured web panel and technical support in return.

Gandcrab’s operations ceased in mid-2019 when the FBI obtained the master decryption keys for it and released them to the public (Abrams, 2019). Anyone infected could then decrypt their information and avoid paying GandCrab. Although they’d been forced to cease their operations, the cybercriminals behind GandCrab boasted on a Russian forum that they had taken a total of $2 billion – with $150 million going to themselves.

In addition to revenue sharing, a RaaS operator will charge an up-front fee to begin using their service. This can range from under $100 for some RaaS systems that cater to individuals, to the most expensive RaaS, which was for $84,000, charged by the Maze ransomware creators (Ritesh, 2021). These types of RaaS target businesses where the ransomware amounts can be in the millions.

Like any good cybercriminal, RaaS makers often have no problem ripping off other cybercriminals. In many instances, once they have paid the up-front fee, the buyers find themselves without a workable RaaS. Since the price is usually paid in Bitcoin and is an illegal transaction anyway, there is no recourse for the victim to get their money back. The dark web is full of dubious characters. However, there is little sympathy for cybercriminals getting scammed by other cybercriminals for a fake RaaS.

Europol, the EU’s law enforcement agency, calls ransomware the ‘most widespread and financially damaging form of cyberattack’ (Popper, 2020). RaaS turbocharges ransomware. The global cybersecurity company, Group-IB DFIR, found that 64 per cent of all Ransomware attacks they analyzed in 2020 came from the RaaS model (Group-IB, 2021).

DDos as a service

DDoS as a service works differently. With DDoS attacks, it is about how long the attacks last. The longer the attack is, the longer the target services will be impacted. The pricing averages $10 an hour to $60 for 24 hours (Gomez, 2021). The cost to launch a DDoS attack is minimal for cybercriminals.

How big is this problem?

Ransomware attacks are growing in size and frequency, threatening businesses and individuals worldwide. Why? Because that is where the money is. While large organizations that pay significant ransomware amounts grab the big news headlines, in 2020, cybercriminals began using DDoS attacks in conjunction with ransomware attacks. When negotiations stall with a ransomware victim, cybercriminals launch DDoS attacks to get the victim back to the negotiating table (Abrams, 2020).

For further information, Mr. Wade’s book “Cybercrime: Protecting Your Business, Your Family and Yourself” is available on Amazon.

(https://www.amazon.com/Cybercrime-Todd-Wade/dp/178017585X)

← Back to media