Inside the Business of Ransomware
Cybercrime is a lucrative business these days. And those that do it well, increasingly organize and operate as legitimate businesses do. Cybercriminal groups develop sophisticated business models with organizational structures that mirror even complex enterprise corporations.
The growth and evolution of ransomware attacks highlight this type of criminal corporatization–as well as the business strategy spurring its growth.
Public Relations for Ransomware Operator “REvil”
On October 24, 2020, a lengthy, Q&A-style interview with a spokesperson for the ransomware operator, REvil, was posted on the Russian-based YouTube and Telegram channel called “Russian OSINT.”
As part of our Flashpoint Finished Intelligence offering, we discovered and translated the interview in its entirety from the original Russian into English for customer consumption. In this interview, REvil–short for “Ransomware Evil”–opened up about its operations, intent, and business reasoning to switch to a license-based selling model for the ransomware tools they developed.
Scaling Growth with Ransomware-as-a-Service
This interview was particularly illuminating because of just how corporate and “business-like” cybercriminal organizations like REvil have become.
The REvil spokesperson discusses how they purchased the product source code and developed their own code on top of it to create a more effective ransomware toolkit. REvil claims the encryption algorithms are some of its key technical differentiators from other competitor solutions on the market.
REvil claims their annual revenues run north of (US)$100 million.
Ransomware Automation Heightens Risk for Legitimate Organizations
According to the REvil spokesperson, the group moved to a Ransomware-as-a-Service (RaaS) model because it was easier to scale and ultimately more profitable. As cybercriminal groups reach new economies of scale through product automation and subscription-based selling, the risks for legitimate organizations will continue to mount.
Readiness and Response: Key to Ransomware Defense
To mitigate the risks of ransomware attacks, security and threat intelligence leaders must deploy multi-pronged defense strategies. This involves steps to both minimize the likelihood of a successful attack and to reduce the costs and impact should prevention measures fail.
Especially when it comes to ransomware attacks, your threat readiness and response performance often determine success. It can mean the difference between effective containment and failover recovery, versus a protracted organization-wide lockout.
Develop contingencies as part of your response plans and test them to ensure your organization is prepared and that key stakeholders understand the decisions they may be forced to make.
Learn More about Flashpoint Ransomware Response
With Flashpoint Ransomware Response and Cyber Extortion Training, you can ensure your entire team is prepped for any ransomware attack you may face. And equipped with Flashpoint Threat Intelligence Platform, you can move a step ahead of ransomware attacks and the cybercriminal groups who may use them.