Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Research Reveals “Do-It-Yourself” Ransomware Kits Have Created Thriving Cottage Industry of Cybercrime

June 22, 2022

Columbia, MD

The self-sustaining ransomware industry earned $692m from collective attacks in 2020

The shift to the subscription economy has created a new norm in the as-a-service world. And it’s not just Netflix and Spotify that have adopted this business model. New research from Tenable®, the Cyber Exposure company, found that one of the main reasons ransomware has prospered is due to the advent of ransomware-as-a-service (RaaS) which has catapulted ransomware from a fledgling threat into a force to be reckoned with. The service model has significantly lowered the barrier of entry, allowing cybercriminals who lack the technical skills to commoditize ransomware. 

In 2020 alone, ransomware groups reportedly earned $692 million from their collective attacks, a 380% increase over the previous six years combined ($144 million from 2013-2019). The success of RaaS has also attracted other players such as affiliates and initial access brokers (IABs) who play prominent roles within the ransomware ecosystem - oftentimes more than ransomware groups themselves. 

Affiliates who earn between 70%-90% of the ransom payment are charged with the task of doing the dirty work to gain access to networks through tried-and-true methods such as spearphishing, deploying brute force attacks on remote desktop protocol (RDP) systems, exploiting unpatched or zero-day vulnerabilities and purchasing stolen credentials from the dark web. Affiliates may also work with IABs, which are individuals or groups that have already gained access to networks and are selling access to the highest bidder. Their fees range on average from $303 for control panel access to as much as $9,874 for RDP access.

The research found that ransomware’s current dominance is directly linked to the emergence of a technique known as double extortion. The tactic, pioneered by the Maze ransomware group, involves stealing sensitive data from victims and threatening to publish these files on leak websites, while also encrypting the data so that the victim cannot access it. Ransomware groups have recently added a variety of other extortion techniques to their repertoire, including launching DDoS attacks to contacting customers of their victims, making it even more challenging for defenders. These tactics are part of the ransomware gangs’ arsenal for placing additional pressure on victim organizations.

“With RaaS and double extortion, Pandora's box has been opened, and attackers are finding holes in our current defenses and profiting from them,” said Satnam Narang, senior staff research engineer. “Globally we see governments confirming that ransomware attacks are a growing concern — from The Australian Cybersecurity Centre, the UK’s Information Commissioners Office, the The US' FBI Cyber Division, and the The Bundesamt für Sicherheit in der Informationstechnik (BSI) in Germany, to name a few. As long as the ransomware ecosystem continues to thrive, so too will the attacks against organizations and governments. It’s imperative that these entities prepare themselves in advance so they are in the best position possible to defend against and respond to ransomware attacks.”

“While ransomware groups get the most notoriety and attention for attacks, these groups come and go. In spite of the turnover, affiliates and IABs remain prominent fixtures in this space and more attention should be given to these two groups in the ecosystem at large.”

The Tenable Ransomware Ecosystem Report is available to download at: https://www.tenable.com/cyber-exposure/a-look-inside-the-ransomware-ecosystem 

About Tenable

Tenable® is the Cyber Exposure company. Approximately 40,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include approximately 60 percent of the Fortune 500, approximately 40 percent of the Global 2000, and large government agencies. Learn more at tenable.com.

# # #

Media contact:
[email protected] 

Stay up to date!

Subscribe to our email alerts for new press releases.

Subscribe for press release updates

tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now

Try Tenable.io Web Application Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable.io Container Security

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Try Tenable Lumin

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable.cs

Enjoy full access to detect and fix cloud infrastructure misconfigurations in the design, build and runtime phases of your software development lifecycle.

Buy Tenable.cs

Contact a Sales Representative to learn more about Cloud Security and how you can secure every step from code to cloud.

Try Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save.

Add Support