One Article Review
| Source |  AlienVault Lab Blog |
|---|---|
| Identifiant | 8316246 |
| Date de publication | 2023-03-07 11:00:00 (vue: 2023-03-07 11:07:28) |
| Titre | An assessment of ransomware distribution on darknet markets |
| Texte | Ransomware is a form of malicious software (malware) that restricts access to computer files, systems, or networks until a ransom is paid. In essence, an offender creates or purchases ransomware, then uses it to infect the target system. Ransomware is distributed in several ways including, but not limited to, malicious website links, infected USB drives, and phishing emails. Once infected, the offender encrypts the device and demands payment for the decryption key. Figure 1 provides a simplistic overview of the ransomware timeline.
Figure 1. Ransomware timeline.
The earliest recorded case of ransomware was the AIDS Trojan, which was released in the late 1980s. Now, in 2023, ransomware is considered the greatest cybersecurity threat due to the frequency and severity of attacks. In 2021, the Internet Crimes Complaint Center received over 3,000 ransomware reports totaling $49.2 million in losses. These attacks are especially problematic from a national security perspective since hackers aggressively target critical infrastructure such as the healthcare industry, energy sector, and government institutions.
If ransomware has been around for over 40 years, why is it now increasing in popularity? We argue the increase in ransomware attacks can be attributed to the availability of ransomware sold on darknet markets.
Darknet markets
Darknet markets provide a platform for cyber-criminals to buy, sell, and trade illicit goods and services. In a study funded by the Department of Homeland Security, Howell and Maimon found darknet markets generate millions of dollars in revenue selling stolen data products including the malicious software used to infect devices and steal personal identifying information. The University of South Florida’s (USF) Cybercrime Interdisciplinary Behavioral Research (CIBR) sought to expand upon this research. To do this, we extracted cyber-intelligence from darknet markets to provide a threat assessment of ransomware distribution. This report presents an overview of the key findings and the corresponding implications.
Threat assessment
While drugs remain the hottest commodity on darknet markets, our threat intelligence team observed a rise in ransomware (and other hacking services).
The study was conducted from November 2022-February 2023. We began by searching Tor for darknet markets advertising illicit products. In total, we identified 50 active markets: this is more than all prior studies. We then searched for vendors advertising ransomware across these markets, identifying 41 vendors actively selling ransomware products. The number of markets and vendors highlight the availability of ransomware and ease of access. Interestingly, we find more markets than vendors. Ransomware vendors advertise their products on multiple illicit markets, which increases vendor revenue and market resiliency. If one market is taken offline (by law enforcement or hackers), customers can shop with the same vendor across multiple store fronts.
The 41 identified vendors advertised 98 unique ransomware products. This too shows the accessibility of various forms of ransomware readily available for purchase. We extracted the product description, price, and transaction information into a structured database file for analysis. In total, we identified 504 successful transactions (within a 4-month period) with prices ranging from $1-$470. On average, ransomware so |
| Envoyé | Oui |
| Condensat | $14 $470 $49 $56 000 1980s 2021 2022 2023 504 @cibrlab @darknetlaur @dr abdelghany accept access accessibility acknowledgements across active actively advanced advertise advertised advertisement advertising affordability affordable against agencies aggressively aids algorithms all allowing allows also amount analysis anonymize are argue around assessing assessment associated attack attacks attributed availability available average been began behavioral being best bitcoin both but buy buyer can capable case cash center choose cibr cloud commodity common commonly companies complaint computer concerns conducted considered continued corresponding created creates crimes criminals critical cryptocurrencies customer customers customizable cutting cyber cybercrime cybersecurity darknet dash data database dawood decryption demands department depict description detecting develop development device devices different discussion distributed distribution doge dollars drives drugs due earliest ease edge emails encrypt encrypts energy enforcement ensure especially essence expand extracted facilitated faculty favored february figure file files final find findings fisher florida’s follow form forms found frequency friendly from fronts fully funded generate goal goods government greatest hackers hacking has have healthcare highlight homeland hottest howell identified identifying illicit illustrate implications include including increase increases increasing independently industry infect infected information infrastructure instead institutions intelligence interdisciplinary interestingly internet involvement jordan key kiley knowing lab late launch lauren law learning limited links listed litecoin longer losses machine maimon malicious malware market markets markets: may method michel million millions mohamed month more most mostafa multiple national need networks not november now number observed occasions offender offline once one other over overview paid payment per period personal perspective phishing platform popularity posed possible presented presents preventing price prices prior problematic product products protection provide provides purchase purchased purchases ranging ransom ransomware readily received recorded released remain report reports required research researchers resiliency restricts result revenue rise sale same screenshot searched searching sector security sell seller selling services several severity shop shows simplistic simply since skills software sold some sought south specifically steal sterling stolen store structured students studies study successful such suggest synergetic system systems taken target taylor team technical than thank then these threat timeline too tor total totaling trade transaction transactions tremblay trojan twitter: understand unique university until upon uptick urgency usb use used user uses usf using various vendor vendors victims ways website when which why within without wong word words would years |
| Tags | Ransomware Threat Cloud |
| Stories | |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.