How the criminals behind the ransomware phenomenon are organized



by

Research by Kaspersky Lab experts has shed light on ransomware: most come from Russia and have corporate structure

In the world of computer security, as we have often pointed out lately, ransomware is the most worrying problem. Also because it is continuously growing. According to Kaspersky Lab research, one user every ten seconds and one company every forty are affected by this malware.

According to the numbers processed by Kaspersky Lab researchers, there are almost one and a half million users affected worldwide by this type of malware in 2016.  There are more than 60 "families" of ransomware that generate about 54 thousand varieties of the same virus. Ransomware exists and was first traced in 2000. Yet never before have they posed such a threat. How come? From Kaspersky they say that the virus has developed so well over time that it has slowly become stronger and stronger, more varied and capable of generating secure earnings. What's more, it now has very low implementation costs.

Ransomware almost all speak Russian

Kaspersky Lab researchers have been studying this cyber threat for the last while and found out that out of 60 ransomware families, 47 of them have Russian origin. This gives a clear idea of the growing, and increasingly feared, hacker phenomenon in Russia, as well as in neighboring countries. In addition, it should be mentioned that in Russian-speaking countries there has always been a strong focus of cyber criminals on this type of malware. Abnormal waves of attacks with this system were already recorded in Russia and neighboring countries in 2009 and 2011. If you are among the few who still do not know what ransomware is, you should know that it is, in short, a type of malware that restricts the access of the infected device, demanding a ransom to be paid to remove the lock.

The business behind ransomware

According to the Kaspersky study, there are three levels used by cyber criminals to get into the ransomware business. The first is to create their own such malware and put it up for sale. This obviously requires great skill in writing the various codes. This includes a deep knowledge of cryptography. The authors of this category make money from their sales and are often difficult to trace since they never participate in the actual attacks. A ransomware new to the deep web market can cost as much as several thousand dollars. Cheaper malware can be had if you do not look directly for the source code but only for the list of functions to reproduce it. In this case the price is a few hundred dollars. For such a malware you need only a few tens of dollars.

Not only those who generate the malware make money

Through the affiliate programs of various hackers, however, not only those who generate the malware make money. But you can join these cyber criminal groups simply to sponsor the ransomware and earn based on the profits. Basically you get the malware nice and ready and try to infect as many devices as possible this way. The payout will be a percentage based on the money generated from the various ransom payments. This is a branched and well thought out system where there are simple and elite partners. In the second option, which you get only by recommendation or demonstrated skill, you will also have attached with the malware a set of solutions to hide yourself as best as possible from the various cybersecurity researchers. And in this case the percentage of gain will be 3% of the total. Lo sviluppo dei ransomware nell’ultimo periodo parte proprio da questa organizzazione complessa che accetta sia i cyber criminali più esperti che quelli come meno abilità specifiche.

La gestione dei programmi d’affiliazione

Se pensate che i partner d’élite siano quelli che guadagnano di più dopo i creatori del malware vi sbagliate. Per gestire un’organizzazione così complessa, infatti, esistono anche i “proprietari” dei vari programmi d’affiliazione. Questi si occupano di gestire ogni partner d’élite che farà parte dell’organizzazione. Questi sono una sorta di manager industriali del cyber crimine. Stando a quanto riportano le esperienze dei ricercatori Kaspersky questa è l’unica figura che interagisce direttamente con il creatore del malware.

Costi e profitti del mercato ransomware

phishing.jpgFonte foto: Shutterstock

Premi sull’immagine per scoprire i dieci consigli per difendersi dal phishing

Un gruppo ben organizzato come quello descritto sopra può arrivare a generare diverse migliaia di dollari al giorno dai pagamenti dei riscatti. Però per gestire questa operazione non mancano i costi. Ci sono i vari investimenti per aggiornare, nascondere e potenziare il malware. Poi c’è tutta la spesa relativa alla sua distribuzione. Esistono diversi modi, il più costoso ma anche il più efficace e di sicuro ritorno sono i kit di exploit. Tra i più usati poi le campagne email phishing. Parlando di guadagni un partner d’élite può arrivare a 40-50 bitcoin al mese ma sono stati registrati dei casi di affiliati che arrivavano anche a 80 bitcoin al mese. Translated into plain English that's about $85,000 in just a few weeks.

Attacks targeting large organizations

A fairly recent trend that Kaspersky researchers have noticed is that lately the big groups behind these ransomware attacks are leaving individual users and small and medium-sized businesses behind to target large organizations. There have been cases of companies with 200 workstations and another with over a thousand. The mechanics of these new attacks are very different from what we've been used to seeing. They are more complex and time-consuming but allow a fivefold gain compared to other types of users. In addition, by crippling the work of a large enterprise, owners are often more willing to pay the ransom in order not to have large losses in production. The more money that reaches the criminal organizations, the more sophisticated the new attacks will be. Quindi il consiglio è sempre lo stesso: non pagate il riscatto.

Come difendersi dagli attacchi hacker

Cliccando sui link che seguono, invece, potrete scoprire  suggerimenti, alcuni più tecnici altri più alla portata di tutti, riguardanti la sicurezza informatica e scoprire le tipologie di attacchi più comuni: dagli attacchi DDoS al phishing, passando per le botnet.

  • Proteggere la privacy e dati personali, i consigli dell’esperto
  • Sei consigli per mettere al sicuro la vostra piccola o media impresa
  • Dieci consigli per non cadere nella trappola di una e-mail phishing
  • Come proteggere la tua mail con Password Sicura: cos’è e come funziona
  • Salvarsi dagli hacker: 5 errori da non commettere
  • Allarme virus, trojan e ransomware, la guida per difendersi
  • Cosa sono i ransomware e come si diffonde il contagio
  • Pericolo ransomware: come difendersi con buone pratiche e antivirus
  • Dilemma ransomware: è possibile fermare il “virus del riscatto”?
  • Attacco ransomware: piccole e medie imprese in pericolo
  • Cosa sono gli attacchi DDoS, come nascono e come difendersi
  • Cos’è il phishing? Una pericolosa truffa: ecco come non abboccare
  • Privacy online: ecco come salvaguardare i nostri dati personali
  • Come creare una password forte per proteggere l’identità online
  • Addio ai furti di password, ecco la verifica in due passaggi
  • I migliori password manager per mettere al sicuro i propri dati