2 min

The world of cybercrime is turning into a real business that has created a ransomware-as-a-service (RaaS) ecosystem. It is structured in a deliberately corporate way, with researchers reporting that there are now opportunities for negotiators.

The role of a negotiator in this RaaS ecosystem is focused on extorting the affected entities and raise the chances of a ransom payout. In results published by KELA threat intelligence analyst Victoria Kivilevich, the RaaS trends show that one-man-band operations are becoming extinct, because the stakes are higher, as the illicit industry becomes more lucrative.

Criminal ransomware business

The potential amounts of money the criminal enterprises can get from these companies have led to the rise of specialists who deal in cybercrime and extortion. There is also a rise in demand for people who take over the negotiation part of the attack chain.

Ransomware can be very damaging to a business in terms of reputation and resource usage. If the attackers manage to capture a core service used by other businesses, it magnifies their damage levels, like in this week’s Kaseya attack.

The attack leveraged zero-day vulnerabilities in Kaseya’s VSA software over the US holiday weekend, compromising endpoints and exposing organizations to ransomware infection.

A need to communicate and make money

It is estimated, at present, that about 1,500 businesses have been affected since the VSA deployments had to be shut down until a patch can be made ready. According to KELA, a ransomware attack usually has four stages: acquiring malware or code, spreading/infecting targets, extracting data, or maintaining persistence and monetization.

There are actors in each area and the demand for extraction and monetization specialists in the chain has risen.

KELA has attributed this to the need for attackers to communicate effectively in English during negotiations and to get the highest profit margins for attacks.