|
In the 1960s and ’70s, the US firearms market saw an influx of cheaply made, imported handguns. Congress targeted this proliferation of inexpensive and frequently unreliable weapons, ostensibly because they were believed to pose a risk to their owners and facilitate criminality. This was not unique to the US or that time. In the UK handguns are now strictly regulated, and criminals have adapted and resorted to reactivated or homemade guns.
Despite ‘junk guns’ often being inaccurate and prone to malfunction, purchasing or creating them does have advantages principally as they are unlikely to be on law enforcement’s radar, and can be difficult to trace. They tend to be cheap, lowering the cost of entry to illicit ownership and usage. And they can often be made or obtained without needing access to extensive criminal networks.
During a recent investigation into several underground cybercrime forums particularly those frequented by lower-skilled threat actors Sophos X-Ops discovered something interesting: a ransomware equivalent to junk guns.
Since June 2023, Sophos X-Ops has discovered 19 junk gun ransomware variants on the dark web. Developers of these cheap, independently produced and crudely constructed variants are attempting to disrupt the traditional affiliate based RAAS model that has dominated the ransomware racket for nearly a decade.
Instead of selling or buying ransomware to or as an affiliate, attackers are creating and selling unsophisticated ransomware variants for a one-time cost thereby serving as an opportunity to target small and medium-sized businesses.
For the past year or two, ransomware has stabilized. It’s still one of the most pervasive and serious threats for businesses, and the RaaS racket has remained the go-to operating model for most major ransomware groups. Over the past two months, however, some of the biggest players in the ransomware ecosystem have disappeared or shut down.
Nothing within the cybercrime world stays static forever, and cheap versions of off-the-shelf ransomware may be the next evolution in the ransomware ecosystem especially for lower-skilled cyber attackers simply looking to make a profit rather than a name for themselves. Remember this is first a for profit business and many wish to remain off the radar choosing pure profit as their go-to model.
The median price for junk gun ransomware variants on the dark web is US$375, significantly cheaper than RaaS kits, which can cost more than US$1,000. While the capabilities of junk gun ransomware vary widely, their biggest selling points are that the ransomware requires little or no supporting infrastructure to operate, and the users aren’t obligated to share their profits with the creators which is a common grievance among criminals.
Junk gun ransomware discussions on the dark web are taking place primarily on English-speaking forums aimed at lower-tier criminals, rather than well-established Russian-speaking forums frequented by prominent attacker groups. These new variants offer an attractive way for newer cybercriminals to get started in the ransomware world, and alongside the advertisements for these cheap ransomware variants, are numerous posts requesting advice and tutorials on how to get started.
These types of ransomware variants aren’t going to command million-dollar ransoms like Clop or LockBit but they can be effective against SMBs, and for many attackers beginning their “careers,” that’s enough. While the phenomenon of junk gun
ransomware is still relatively new, we’ve already seen posts from their creators about their ambitions to scale their operations, and we’ve seen multiple posts from others talking about creating their own ransomware variants.
More concerningly, this new ransomware threat poses a unique challenge for defenders because attackers are using these variants against SMBs and, as the ransom demands are small, most attacks are likely to go unreported. That leaves an intelligence gap for defenders, which the security community will have to fill.
Contact me if you want to learn about ransomware, malware, technology phishing cybercrime, fraud, and information warfare OR if you’re concerned about making front page news resulting from a data breach or other cyber incident.
Richard Freiberg
Profitability Consultant
Richard Freiberg CPA PC
Phone (980)339-3352
Cell (914)393-0033
www.rmfreibergcpa.com
LinkedIn
to subscribe to Cyber Insights Today
to subscribe to LinkedIn Newsletter Cyber Security
Providing valuable counsel to help boost your company’s bottom line, while navigating competitive forces, industry, and economic risks in today’s challenging environment
|
4 thoughts on “The New Challenge to ransomware As A Service”
Ransomware evolution is fascinating! It’s surprising how cyber threats adapt like farming techniques over time.
Ransomware evolution reflects deeper societal issues, affecting everyone.
Ransomware evolving like junk guns is alarming. The culinary world also faces risks from cheap ingredients. It’s crucial to stay vigilant against such threats in any field.
Ransomware isn’t as dangerous as bad fashion choices.