07-10-2021 , 09:17 AM
Quote:RaaS groups are hiring negotiators whose primary role is to force victims to pay up.
The Ransomware-as-a-Service (RaaS) ecosystem is evolving into something akin to a corporate structure, researchers say, with new openings available for "negotiators" -- a role focused on extorting victims to pay a ransom.
On Thursday, KELA threat intelligence analyst Victoria Kivilevich published the results of a study in RaaS trends, saying that one-man-band operations have almost "completely dissolved" due to the lucrative nature of the criminal ransomware business.
The potential financial gains squeezed from companies desperate to unlock their systems have given rise to specialists in cybercrime and extortion and have also led to a high demand for individuals to take over the negotiation part of an attack chain.
Ransomware can be devastating not only to a business's operations but its reputation and its balance sheet. If attackers manage to strike a core service provider used by other businesses, they may also be able to expand their attack surface to other entities quickly.
In a recent case, zero-day vulnerabilities in VSA software provided by Kaseya were used, over the US holiday weekend, to compromise endpoints and put organizations at risk of ransomware infection. At present, it is estimated that up to 1,500 businesses have been affected, at the least due to the need to shut down VSA deployments until a patch is ready.
According to KELA, a typical ransomware attack comprises four stages: malware/code acquisition, spread and the infection of targets, the extraction of data and/or maintaining persistence on impacted systems, and monetization.
There are actors in each 'area,' and recently, demand has increased for extraction and monetization specialists in the ransomware supply chain.
Read more info HERE