Inside the Dark Web's Ransomware-as-a-Service Economy

Cybersecurity experts agree that the ransomware trade has undergone tremendous revolutionary changes owing to the rise and adoption of dark web tools, which work symbiotically with cryptocurrencies – Bitcoin has empowered criminals with a highly dependable ransom payment avenue.

Essentially, ransomware is a type of malware that is created to encrypt and lock a user from accessing their own sensitive data until a form of settlement is agreed between themselves and the offensive threat actor.

Ransomware-as-a-service differs from the traditional form of ransomware attacks in that threat actors do not necessarily need to possess specific computer skills to target victims. Instead, the ransomware-as-a-service model operates like a monthly subscription service available to interested parties.

This affiliate framework provides a win-win environment for both malware creators and subscription customers. The resultant profits gained from attacks are typically split between the two stakeholders who agree on particular terms beforehand.

Ransomware-as-a-service can be acquired by subscription terms that are similar to those of legitimate subscription services like Netflix and Apple Music. The illicit economy has taken advantage of the monthly billing model to provide easy-to-use malware to interested parties in dark web platforms.

For a prescribed monthly subscription charge, hackers will provide access to user-friendly ransomware that’s packaged and distributed to buyers seeking to profit off the robust ransomware trade.

Staggering Growth at 2,500 Percent Every Year

The ransomware-as-a-service idea leaves a trail of destruction in its wake as victims are forced to part with huge sums in cryptocurrency in exchange for access to their locked data.

Carbon Black, a world-leading cyber safety firm specializing in endpoint security, released a 2017 report detailing the status of the dark web’s thriving ransomware economy – including an analysis of statistical projections as far as the trade’s performance is expected to play out in the future.

The study, which was titled The Ransomware Economy: How and Why the Dark web Marketplace for Ransomware Is Growing at a Rate of More Than 2,500% Per Year outlined various interesting findings that provide a clear picture of just how lucrative the ransomware economy has become.

According to the report, an excess of 6,300 dark web marketplaces dealing in ransomware sales were in existence at the time of its writing. The figure was tied to the more than 45,000 product listings that were discovered by researchers across the platforms.

The study went on to elucidate the pricing strategies employed in the dark web platforms – do-it-yourself (DIY) ransomware prices appeared to range between $0.50 and $3,000. The median ransomware price was $10.50, which happens to be a shockingly low price compared to the amount of damage that ransomware can cause.

On comparing the numbers between the year 2016 and 2017, Carbon Black discovered a massive growth rate of 2,500 percent in ransomware sales that rose from $249,287 to $6,237,249.

The discovery was mirrored the US authorities’ estimation that ransomware actors had gained $1 billion in 2016. It turns out that a number of ransomware vendors have been earning more than $100,000 on an annual basis through retail sales.

Importantly, the authors pointed out the observation that ransomware vendors have increasingly opted to specialize in specific areas within the ransomware supply chain. Such specialization has enabled the distribution in human capital to cause the ransomware economy’s expansion and development.

While reflecting on the findings presented by the report, Carbon Black’s security strategist Rick McElroy urged organizations to acknowledge the power wielded by threat actors dealing in ransomware development.

According to the expert, ransomware sellers are not petty criminals, but a force to reckon with as their black market trade has taken a rapidly-growing black market approach geared towards destruction and profiteering.

Add your hidden service here