A recent report revealing how ransomware gangs assemble their teams for attacks could be mistaken for the plot of a Hollywood heist film.
However, unlike your favourite summer blockbuster, the threats posed here are far from fictional.
Victoria Kivilevich, a Threat Intelligence Analyst at KELA, has identified that criminals are partnering or outsourcing for specialist skills to maximise profits. The report draws on research into the Dark Web where criminals advertise their services and look for skills they lack.
The primary roles identified when collaborating on an attack are described as: code, spread, extract and monetise.
We can think of these as:
- Build or buy the software to conduct attacks, including gaining initial access.
- Develop that initial access, remain undetected and spread as widely as possible with as high a permission level as possible.
- Get control of the data, examine it for its potential and extract it without being detected.
- Maximise profit by threatening consequences and negotiating the ransom.
Certain skills are more highly prized and rewarded. A relatively new, but increasingly demanded skill is negotiation. The KELA report theorises as to why this is the case:
- Insurance companies have provided professional negotiators to victims, so the ransomware crews are upping their own game in response.
- Ransomware gangs may not include native English speakers and are now advertising for “conversational English” as negotiations are becoming more nuanced and involving more factors.
You can find the report here.