Chainalysis, a blockchain investment firm, recently published a report that confirms that ransomware operating cybercrime groups don’t always work in their own arena and often switch ransom suppliers, also called RaaS services, in a look-out for better profits. ZD Net says, “by taking out legitimate avenues for converting funds and reaching real-world profitability, Chainalysis believes RaaS operations would have a hard time seeing a reason to operate when they can’t profit from their work.”
The research looked into Bitcoin funds transactions from victims to cybercriminals, and how the stolen money was split between various hacking groups active in the ransomware cyber attack. It also analyzed money laundering. However, to grasp these things, a surface knowledge of present ransomware is required. The ransomware landscape in the present time operates in the same way a modern business does.
Today, many coders exist which build and rent these ransomware strains through RaaS service, similar to how modern software is offered today.
Few coders are selective in renting these ransomware strains to a very limited group of people or groups better known as “affiliates,” whereas some coders rent it to any user who has signed up for its use. In cyberattack incidents, it is usually these affiliates who are behind the orchestration of such attacks. The affiliates usually hack into government or corporate networks using emails, and then use these rented ransomware strains obtained via RaaS to infect and encrypt the systems.
In a few incidents, experts observed, the affiliates have also been in multiple groups. Few specialize in intrusion and getting access, these are called initial access vendors, whereas others are well versed with spreading the initial access of hacked networks to maximize the ransomware damage.
Chainalysis report, “while we can’t say for sure that Maze, Egregor, SunCrypt, or Doppelpaymer have the same administrators, we can say with relative certainty that some of them have affiliates in common. We also know that Maze and Egregor rely on the same OTC brokers to convert cryptocurrency into cash, though they interact with those brokers in different ways.”