It may come to no one’s surprise that the current ransomware ecosystem is being created and maintained mainly by Russian-speaking cyber criminals.
Kaspersky’s research showed that 80% of all crypto-ransomware families originated from Russian underground forums and other similar sources in the past 12 months. The trend is due to the fact that many highly skilled code developers are from Russia and neighboring countries. These cyber criminals – from advanced developers to newbies are usually organized in gangs and have specific rules which gives them a sense of security and anonymity.
In addition to the high availability of skilled Russian developers, two other factors favor the growth of cyber crime in Russia – crypto-currencies and RaaS (ransomware-as-a-service).
The Rise of CryptoCurrencies: Bitcoin
During ransomware campaigns, cyber crooks use cryptocurrencies as the only means of acquiring ransom payments. In fact, the invention of cryptocurrencies is believed to have contributed to the growing ransomware threats. It provides anonymity to those behind the ransomware attack.
David Emm, principal security researcher at Kaspersky Lab, has also confirmed that:
“It’s helping. I think that’s definitely true. The existence of effectively anonymised payment mechanisms definitely plays into the hands of cybercriminals.”
However, according to Anton Ivanov, a senior malware analyst at Kaspersky Lab, the anonymous currency may give cyber criminals a bit of a false sense of safety and anonymity. He said that the use of crypto currencies may cover only certain traces, but during a ransomware campaign, cyber crooks leave “lots of different artifacts behind.”
“It is not hard to catch them,” he said. “It just takes time.”
As much as his statement is true, ransomware attacks are rising in number despite of it and their creators are earning tons of money. What’s more, 2016 was dubbed “the year of ransomware”. 2016 statistics have revealed some disturbing facts:
- Ransomware attacks have increased with 500% from 2015.
- Ransom demand for every attack has jumped from $294 to $679.
- Cyber crooks received approximately $209 million in the first quarter of 2016.
- Ransomware families grew by 172% in the first half of 2016.
The Rise of the Ransomware-as-a-Service
RaaS (ransomware-as-a-service), on the other hand, enables the Russian-speaking ransomware ecosystem to give those with code-writing and cryptographic skills a ready market.
“The ease and minimal expense of launching a ransomware “career” means that just about anyone, including those with little or no IT experience, can become a successful cyber criminal,”
as per csoonline.com.
According to TrendMicro, RaaS is one of the main reasons behind that disturbing trend because it enables malware distributors to launch a ransomware campaign without much technical, coding or capital expertise.
“This particular strategy has been proven to be highly lucrative for cybercriminals, allowing malware creators to earn from their ransomware by enlisting a network of distributors.”
As mentioned earlier, Russian cyber criminals are organized in groups and have specific rules. Thus so,
“some affiliate programs are available only to “elite” partners, or trusted individuals in the ransomware ecosystem. Members of such programs often need to have a proven track record in distributing ransomware and end up making more money than members of regular affiliate programs,”
as per darkreading.com.
Kaspersky also reported that elite partners make about 40- to 50 bitcoin per month, or between $41,000 and $51,000 at current rates.