Russian ransomware bosses make an annual income of around $90k, or 13 times the average wage in the country, Flashpoint study says.
During a five-month investigation, Flashpoint analysts monitored the strategy behind Russian ransomware campaigns and the network of a specific Russian ransomware boss. The healthcare industry was the most targeted by recent waves of ransomware campaigns, due to the numerous confidential records it keeps.
Hackers have developed a new type of ransomware – Ransomware-as-a-Service, sold by Russian ransomware bosses to hackers with lower skills, who then use it as they wish via their distribution methods, Flashpoint found. By introducing RaaS, newly recruited hackers learn how these campaigns work and how to attack Western corporations and users with botnet installs, emails and social media phishing campaigns, compromised dedicated servers and file-sharing websites.
“Ransomware is clearly paying for Russian cyber-criminals,” said Vitali Kremez, cybercrime intelligence analyst at Flashpoint. “As RaaS campaigns become more widespread and accessible to even low-level cyber-criminals, such attacks may result in difficult situations for individuals and corporations not yet ready to deal with these new waves of attacks.”
The petty hackers become part of a network affiliated to a ransomware boss who takes over communication with the victims after the campaigns have been launched. The boss, in charge of approving bitcoin payments, money laundering through bitcoin exchangers and issuing decryption keys, usually keeps around 60% of the ransom.
This particular boss might also ask for extra money, although a ransom has already been paid. Consequently, some victims who paid for the decryption key never received it, Flashpoint discovered.