Financially independent cybercriminal groups will share power in the RaaS ecosystem.
Ransomware attacks have been widely reported in the media for several years now as having the most serious consequences. The Ransomware-as-a-Service (RaaS) model has launched the careers of many aspiring cybercriminals, leading to an increase in hacks and illicit profits
RaaS administrators and developers have long been considered the main culprits of the problem. Law enforcement agencies have paid little attention to their accomplices who lack significant skills. In the absence of technological breakthroughs in the RaaS ecosystem, this situation has allowed these “less capable accomplices” to successfully develop and become highly competent cybercriminals with their own goals and objectives.
Following the attack on the Colonial Pipeline, forums popular with cybercriminals have banned ransomware advertising. RaaS groups no longer have an independent platform to actively recruit, showcase their capabilities, find intermediaries to store funds, have moderators test their binaries, or resolve disputes. This makes it harder for them to prove their worth and for RaaS developers to maintain a leading position in the cybercriminal community.
Ransomware has made billions of dollars in profits for its creators in recent years. Sooner or later, there will be people who feel they should get a cut.
In 2022, new financially independent iceland mobile database groups are expected to emerge, after which the leading position in the RaaS ecosystem will shift from those who control the software to those who control the victim company’s networks.
After the redistribution of power in the RaaS sphere, less qualified operators will have more freedom.
The Ransomware-as-a-Service ecosystem thrived on the emergence of collaborators and middlemen who collaborated with developers for a share of the profits. This organizational structure reached its optimal form during the GandCrab era, but today we are seeing the first rift in this once-perfect union.
Initially, the developers wielded all the power in this alliance, handpicking their partners and even interviewing them to determine their technical expertise. As more players entered the ransomware market, the partners could sell their services for more. They negotiated not only a higher share of the profits, but also to have their opinions factored into decisions. For example, the Active Directory listing feature in DarkSide ransomware may have been intended to offset the need for partners to be highly technical. These changes are a sign of a possible return to earlier stages of ransomware, when the demand for less-skilled operators who relied entirely on the expertise of software developers was particularly high.