PYMNTS-MonitorEdge-May-2024

Ransomware Fraudsters Pivot as Payments Shrink 

cybercrime, ransomware-as-a-service, coveware, payments, victims, branding

Cybercriminals engaged in ransomware-as-a-service (RaaS) have been forced to pivot in how they run their fraudulent operations, as fewer victims coughed up payments this year and law enforcement, regulators and security firms stepped up pressure and tactics. 

As more ransomware gangs were sidelined over the past 18 months and fewer victims make payments, RaaS brands have changed tactics and have become less likely to get caught up in high-profile attacks that can draw unneeded attention, according to the Coveware ransomware report for the second quarter of 2022.

DarkSide, the hacker group behind the Colonial Pipeline cyberattack, shuttered last May after being identified, and the Russian ransomware group Conti reportedly changed names after getting caught up in a number of high-profile, geo-political incidents.

See also: What’s Next After Ransomware Gangs Have Consultants and Arbitrators?

Ransomware professionals had been on a trajectory of operating like real companies, selling RaaS services to non-technical would-be cyber thieves on a subscription basis or pay-for-use malware, PYMNTS reported in February.

Consultants also were also hired to research the necessary information about potential victims and determine the most realistic ransom demands and act as negotiators between victims and thieves.

Read more: Banks Pilot Information-Sharing Projects to Reduce Fraud

With increased attention and action from law enforcement and security agents, RaaS branding is now a detriment to affiliates wanting to launch an attack without having a lot of tech prowess. As a result, RaaS brands are maintaining a lower profile, and affiliates and victims are being vetted more thoroughly, per the report.

It also means that affiliates are bouncing around between RaaS variants on different attacks, making attribution beyond the variant more challenging for law enforcement.

“Ransomware remains disproportionately a small-medium sized business problem. Small and medium-sized businesses are more likely to under-invest in cybersecurity, and make themselves very inexpensive targets for RaaS affiliates,” according to the report. 

Related: Biometrics, Digital Identity Help Online Banks Push the Limits on Money Mobility

PYMNTS-MonitorEdge-May-2024