The bosses want to present a situation to the innovation team
Contrary to what one might imagine, the problem is not financial losses, but quite the opposite: they can’t keep up with the number of victims generated by the recent version of their ransomware deployed globally.
A ransomware attack (the greatest scourge of cyberspace) basically consists of making an entire network of machines unusable by rendering their content unreadable, extracting all the information, and transferring it to a location controlled by the cybercriminals themselves.
Does the victim want to recover their data and avoid having their information made public? Fine there is only one alternative: sit down and negotiate the ransom amount.
Does the victim refuse to pay? Then the data is first offered at auction to the highest bidder, and if no offers appear, it is eventually released publicly. This is why ransomware is also known as “data kidnapping.”
Although the “business” has been running wonderfully for cybercriminals, there is a major issue: once the victim pays the ransom, the data restoration process is far from trivial. It usually presents complications, and the technical staff in the syndicate in charge of that task becomes overwhelmed too much “criminal stress.”
This is the reason for the meeting: there is a bottleneck, and the bosses want to know how to resolve it.
Then, from the back, in the third row of tables, a hand goes up. It is Katerina.
“Listen, I have an idea: What if, instead of carrying out the attack, the ransom negotiation, and the recovery process ourselves, we outsource and delegate these tasks to third parties, sharing the profit?”
Katerina is the Oppenheimer of cyberspace. With those words, she just gave birth to the most significant and damaging attack model that exists today: RaaS, or Ransomware as a Service offering the weapon (ransomware) to mercenaries (called affiliates) who take care of every phase of the attack, and if the ransom is eventually paid, the proceeds are split between both parties.
Attack without exposure and without restoration work. Bottleneck solved. Katerina has just hit the nail on the head and is promoted to “Hacker Plus Pro.”
Although everything described above is clearly fictionalized for the sake of explaining the most damaging cyberattack model today, it likely didn’t stray too far from reality.
Lockbit, the largest cybercriminal organization today, uses RaaS: it develops lethal ransomware in its offices, rents it to its affiliates, who then carry out the attack, steals data, and demands a ransom. If the ransom is paid, the profits are divided. If not, the data is publicly published on websites (in a section known as “The Wall of Shame”) for free download. These websites are likely rented to third-party companies that are unaware of the nature of the content.
Now then, what has happened in recent days?
Security agencies from different countries have reported the “dismantling of Lockbit” after identifying websites used by the syndicate and disabling them.
Were all Lockbit sites taken down? No, only some. 36 according to the agencies only 2 according to Lockbit…
And what about the members of Lockbit? The only news is that charges have been filed against two foreign nationals, and only their first names have been disclosed.
For now, this is all we know.
Finally, Lockbit’s leader, known as “LockbitSupp,” highly active on social networks, had previously offered 10 million dollars to anyone who revealed his identity. Initially, the agencies involved in the operation announced that they had discovered his identity and that it would be made public on Friday, February 23 (some even joked about collecting the reward), but once the deadline passed, nothing more was heard.
Therefore, unfortunately, it seems that the announced end of Lockbit is still far from becoming a reality. Meanwhile, Katerina enjoys being the star employee…