Ransomware-as-a-service industry now exceeds $1bn: Tenable


By Dylan Bushell-Embling
Thursday, 30 June, 2022

Ransomware-as-a-service industry now exceeds $1bn: Tenable

The ransomware industry is evolving to an as-a-service model and raking in millions, with cybersecurity company Tenable estimating that the industry was worth US$692 million (AU$1 billion) in 2020 alone.

In a new report, Tenable estimated that ransomware groups earned 380% more in 2020 than they had in the previous six years combined.

Tenable attributes the rapid growth to the emergence of the technique pioneered by the Maze ransomware group of double extortion, involving stealing sensitive data and then both encrypting it to prevent access and threatening to leak the files online if victims do not comply with their demands.

Other extortion techniques are also emerging such as launching DDoS attacks and contacting customers of victims.

“With RaaS and double extortion, Pandora’s box has been opened, and attackers are finding holes in our current defences and profiting from them. The Australian Cybersecurity Centre recorded a 15 per cent increase in ransomware cybercrime in 2021,” Tenable senior staff research engineer Satnam Narang said.

The success of the ransomware-as-a-service model has also attracted other players such as affiliates and initial access brokers (IABs) operating within the ransomware industry, the report states.

Affiliates typically earn between 70–90% of the ransomware payment, and are given the task of gaining access to networks through methods such as spear phishing, brute force attacks and exploiting unpatched zero-day vulnerabilities, Tenable said.

Meanwhile IABs are groups that have already gained illicit access to networks and are selling access to the highest bidder, with fees ranging from an average of US$303 for control panel access up to US$9874 for remote desktop protocol access.

Image credit: ©stock.adobe.com/au/Maksim Kabakou

Related News

New Relic upgrades app security testing suite

The New Relic Interactive Application Security Testing solution has been upgraded with new...

Tenable introduces new GenAI capabilities

Tenable is using generative AI to help its customers discover, learn about and close attack paths...

ISACA launches Digital Trust Ecosystem Framework

ISACA has launched what it says is a global first framework to help organisations achieve digital...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd