February 21, 2017
It may come to no one’s surprise that the current ransomware ecosystem is being created and maintained mainly by Russian-speaking cyber criminals.
Kasperski’s research showed that 80% of all crypto-ransomware families originated from Russian underground forums and other similar sources in the past 12 months. The trend is due to the fact that many highly skilled code developers are from Russia and neighboring countries. These cyber criminals – from advanced developers to newbies are usually organized in gangs and have specific rules which gives them a sense of security and anonymity.
In addition to the high availability of skilled Russian developers, two other factors favor the growth of cyber crime in Russia – crypto-currencies and RaaS (ransomware-as-a-service).
The Rise of Crypto-Currencies: Bitcoin
During ransomware campaigns, cyber crooks use crypto-currencies as the only means of acquiring ransom payments. In fact, the invention of crypto-currencies is believed to have contributed to the growing ransomware threats. It provides anonymity to those behind the ransomware attack.
David Emm, principal security researcher at Kaspersky Lab, has also confirmed that:
However, according to Anton Ivanov, a senior malware analyst at Kaspersky Lab, the anonymous currency may give cyber criminals a bit of a false sense of safety and anonymity. He said that the use of crypto currencies may cover only certain traces, but during a ransomware campaign, cyber crooks leave “lots of different artifacts behind.”
As much as his statement is true, ransomware attacks are rising in number despite of it and their creators are earning tons of money. What’s more, 2016 was dubbed “the year of ransomware”. 2016 statistics have revealed some disturbing facts:
- Ransomware attacks have increased with 500% from 2015.
- Ransom demand for every attack has jumped from $294 to $679.
- Cyber crooks received approximately $209 million in the first quarter of 2016.
- Ransomware families grew by 172% in the first half of 2016.
The Rise of the Ransomware-as-a-Service
RaaS (ransomware-as-a-service), on the other hand, enables the Russian-speaking ransomware ecosystem to give those with code-writing and cryptographic skills a ready market.
as per csoonline.com.
According to TrendMicro, RaaS is one of the main reasons behind that disturbing trend because it enables malware distributors to launch a ransomware campaign without much technical, coding or capital expertise.
As mentioned earlier, Russian cyber criminals are organized in groups and have specific rules. Thus so,
as per darkreading.com.
Kasperski also reported that elite partners make about 40- to 50 bitcoin per month, or between $41,000 and $51,000 at current rates.