Hackers don't even have to be that advanced in their knowledge and skills in order to successfully launch a ransomware campaign and earn themselves huge money from someone else's headache, a new study suggests.
Security experts from Flashpoint have spent five months analysing a Russian-based hacking organisation offering Ransomware-as-a-Service (RaaS), and came up with interesting results. The full report, entitled Inside an Organized Russian Ransomware Campaign, can be found on this link (PDF).
The highlights of the report include the following: an average ‘ransomware boss’, the group’s leader, makes up to $7,500 a month, amounting to $90,000 annually. That is 13 times more than the Russia’s average. Workers are usually tasked with spreading ransomware, attacking businesses and users through botnet installs, phishing campaigns on both social media and email, through compromised dedicated servers and file-sharing websites.
The number one targets for ransomware attacks are hospitals and similar healthcare institutions.
“Ransomware is clearly paying for Russian cybercriminals. As Ransomware as a Service campaigns become more wide-spread and accessible to even low-level cybercriminals, such attacks may result in difficult situations for individuals and corporations not yet ready to deal with these new waves of attacks,” said Vitali Kremez, Cybercrime Intelligence Analyst, of Flashpoint.
“Corporations and users are unfortunately faced with a commensurately greater challenge of effectively protecting their data and operations from being held ransom, with no guarantee that sending a ransom payment will result in return of the stolen data.”
The report concludes that hackers are increasingly becoming aware that holding data hostage is more lucrative than just stealing it and selling it on the black market.
Image Credit: Bacho / Shutterstock