"Ransomware Groups Refine Shakedown and Monetization Models"

Ransomware attackers are constantly looking for new ways to maximize profits with minimal effort. Among their most effective strategies are the use of initial access brokers, collaboration with botnet operators, and the testing of new monetization models. The thriving cybercrime-as-a-service ecosystem enables such efforts. Numerous providers offer various services, and competitors are ready to take their place if they are disrupted or arrested. The time-consuming work of gaining access to a victim's network is frequently outsourced by ransomware groups and affiliates. The initial access broker, who hacks into organizations and offers buyers a selection of "accesses," remains a popular cybercrime-as-a-service provider offering. These provide buyers with a quick and easy way to gain remote access to a victim's network, typically through the Remote Desktop Protocol (RDP) or Virtual Private Network (VPN) connections. Attackers can then attempt to move laterally within the victim's network, gaining admin-level access, dumping databases, listening in on communications, and launching ransomware. Ransomware groups continue to experiment with new revenue-generating strategies, such as pure data leakage models. RansomHouse, a group that appears to have emerged last December, describes itself as a "professional mediators community" that will facilitate negotiations between ransomware groups and victims, claiming to help both sides establish a dialogue in order to make informed decisions. Ransomware attackers usually gain access to victims' networks by hacking into remote services or conducting phishing attacks, and to a lesser extent, by exploiting known vulnerabilities. Initial access brokers have been exploiting three vulnerabilities in recent months, according to the corporate risk firm Kroll. These vulnerabilities include Microsoft Exchange - CVE-2021-42321, Confluence Server and Data Center - CVE-2022-26134, and VMware Workspace One Access and Identity Manager - CVE-2022-22954. Kroll reports a sevenfold increase in online attacks, not just ransomware-related, that trace back to initial access via remote services, such as RDP or VPN. This article continues to discuss some of the top trends experts are seeing as ransomware groups aim to increase profits. 

BankInfoSecurity reports "Ransomware Groups Refine Shakedown and Monetization Models"