The typical ‘Ransomware boss' makes an average annual salary of US $90,000 (£62,400) or 13 times the average current wages in Russia.
A new report from Flashpoint conducted in five months evaluated an organised Russian ransomware campaign and released findings on the details of how cyber-criminals are using Ransomware as a Service (RaaS) to target victims. Research analysed included communications within larger cyber-criminal communities and technical analysis of the ransomware sample.
Campaigns have significantly lowered the barriers for entry for low-tier or unsophisticated Russian cyber-criminals due to the recent success of the Russian hacking community. Once hired, it's easy for newcomers to spread ransomware quickly through botnet installs, email and social media phishing campaigns, compromised servers and file-sharing sites.
Cyber-criminals utilise malware across a wide spectrum of industries. Hospitals and healthcare networks were identified as a priority target by the campaign. With recent public ransomware attacks on several hospitals and health networks, crooks are recognising that holding data hostage is often more profitable than stealing the data and selling it on the Dark Web.
“Ransomware is clearly paying for Russian cyber-criminals. As Ransomware as a Service campaigns become more wide-spread and accessible to even low-level cyber-criminals, such attacks may result in difficult situations for individuals and corporations not yet ready to deal with these new waves of attacks,” said Vitali Kremez, cyber-crime intelligence analyst at Flashpoint. “Corporations and users are unfortunately faced with a commensurately greater challenge of effectively protecting their data and operations from being held ransom, with no guarantee that sending a ransom payment will result in return of the stolen data.”