A five-month investigation [PDF] of an organized Russian ransomware campaign has revealed that the typical ‘ransomware boss’ makes an average annual salary of $90,000, or $7,500 per month. That’s 13 times the average current wages in Russia.
The report, from Flashpoint, shows how cyber-criminals are using ransomware as a service (RaaS) to successfully target victims, with the healthcare industry being identified as a priority target.
Once recruited by a crime boss, it then becomes relatively easy for newcomers, who become part of the boss’s affiliate network, to start spreading ransomware quickly, attacking corporations and users via botnet installs, email and social media phishing campaigns, compromised dedicated servers and file-sharing websites.
“Ransomware is clearly paying for Russian cyber-criminals,” said Vitali Kremez, cybercrime intelligence analyst at Flashpoint. “As RaaS campaigns become more widespread and accessible to even low-level cyber-criminals, such attacks may result in difficult situations for individuals and corporations not yet ready to deal with these new waves of attacks.”
As far as priority targets for these campaigns, Flashpoint found affiliate ransomware targeting hospitals and healthcare networks being advertised specifically on Dark Web forums and marketplaces. And while numerous users have purchased ransomware promoted specifically for targeting hospitals, Flashpoint analysts, who closely monitor these schemes, assess that cyber-criminals utilize such malware across a wide spectrum of industries.
Kremez added, “Corporations and users are unfortunately faced with a commensurately greater challenge of effectively protecting their data and operations from being held ransom, with no guarantee that sending a ransom payment will result in return of the stolen data.”
The report pointed out that there’s no end in sight: With recent, highly publicized ransomware attacks on several hospitals and health networks resulting in large payouts to retrieve critical files, cyber-criminals are clearly beginning to recognize that holding the data hostage is often more lucrative than simply stealing the data and selling it on the black market.
Photo © Carlos Amarillo