![]() ![]() The threads observed by researchers saw several instances where threat actors were actively seeking negotiators. These scenarios are supported by underground hacker forum threads seen by Kela researchers. This is not a new case: actors are interested in native English speakers to use for spear-phishing campaigns.” When REvil’s representative was looking for a “support” member of the team to hold negotiations, they specifically mentioned “conversational English” as one of the demands. “As most ransom actors probably are not native English speakers, more delicate negotiations – specifically around very high budgets and surrounding complex business situations – required better English. Ransom actors had to up their game as well in order to make good margins.” Ransomware-negotiation specialists partner with the insurance companies and have no lack of clients. “Victims started using negotiators – while a few years ago there was no such profession, now there is a demand for negotiating services. Given that specializations arose along with ransomware looking more and more like a business operation, albeit an illegal one, the need for special negotiators seems like a logical progression.Īs to the exact reason ransomware operators would need a negotiator, Kivilevich provided two scenarios with the first being, In the past ransomware, operators would speak directly to victims via email addresses provided on ransom notes. While there were several key takeaways from the report perhaps the most interesting was the increase in demand for negotiators. 27% percent of the ads offered an unspecified level of access and 53% offered user-level access. Of all the advertisements analyzed by Kela, only 19% were offering administrator-level access. At the same time gaining administrator access is much harder and this is shown in the percent of hackers advertising administrator access. It is little wonder then that such a level of access demands ten times more than access granting simple user rights. ![]() Given that many ransomware gangs now also look to steal data before encryption to further increase the pressure to pay, a hacker that can gain such a privileged level of access further enables the easier extraction of stolen data. This access enables the easier deployment of the ransomware with less threat of being detected. This level of access allows for hackers to gain near unrestricted access to machines and data stored on the network. Sometimes referred to as Initial Access Brokers, the prices they can demand their services can spike up to 115% if able to gain local administrator access. In this post, KELA focuses on these two niches in order to better understand the actors who have surfaced around the growing RaaS ecosystem.”īased on Kela’s observations it appears that hackers able to gain privileged access to networks are in the highest demand. When looking specifically into the ransomware supply chain we can see many actors piling up in the “extract” niche – where actors focus on escalating privileges within a compromised network – and the “monetize” niche – where actors are involved in the negotiation process with victims, DDoS attacks and spam calls. As ransomware operations have been growing and maturing, KELA’s researchers have been observing more cybercriminals offering accompanying services that fall into one of the four niches. “Each stage includes various malicious activities that different actors specialize in. Kivilevich summarized the current ransomware ecosystem by stating, ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |