Ransomware-as-a-service industry now exceeds $1bn: Tenable

The ransomware industry is evolving to an as-a-service model and raking in millions, with cybersecurity company Tenable estimating that the industry was worth US$692 million (AU$1 billion) in 2020 alone.

In a new report, Tenable estimated that ransomware groups earned 380% more in 2020 than they had in the previous six years combined.

Tenable attributes the rapid growth to the emergence of the technique pioneered by the Maze ransomware group of double extortion, involving stealing sensitive data and then both encrypting it to prevent access and threatening to leak the files online if victims do not comply with their demands.

Other extortion techniques are also emerging such as launching DDoS attacks and contacting customers of victims.

“With RaaS and double extortion, Pandora’s box has been opened, and attackers are finding holes in our current defences and profiting from them. The Australian Cybersecurity Centre recorded a 15 per cent increase in ransomware cybercrime in 2021,” Tenable senior staff research engineer Satnam Narang said.

The success of the ransomware-as-a-service model has also attracted other players such as affiliates and initial access brokers (IABs) operating within the ransomware industry, the report states.

Affiliates typically earn between 70–90% of the ransomware payment, and are given the task of gaining access to networks through methods such as spear phishing, brute force attacks and exploiting unpatched zero-day vulnerabilities, Tenable said.

Meanwhile IABs are groups that have already gained illicit access to networks and are selling access to the highest bidder, with fees ranging from an average of US$303 for control panel access up to US$9874 for remote desktop protocol access.

Image credit: ©stock.adobe.com/au/Maksim Kabakou