This innovation also had its drawbacks, and producing all the unique keys was very labor intensive for the RaaS developers. It also allowed for affiliates to innovate around more catastrophic distribution methods, such as attacking an MSP in order to encrypt all of the MSP’s downstream clients. This enhanced their own security, but also allowed them to splice and split which machines a victim needed to decrypt. Innovations in Encryption: GandCrab developed an encryption scheme that allowed each unique box to have its own encryption/decryption key. This also allowed the RaaS developers to enact quality standards to the negotiations and track their own best practices. This allowed many negotiations to be handled at the same time by the same operator. Innovations in Extortion: Centralization of negotiations at the developer level via TOR. Other innovations that GandCrab introduced: Early adopters are typically younger, have a higher social status, have more financial lucidity, advanced education, and are more socially forward than late adopters.” This definition fits the personality of the original GandCrab operators that were much more brash with their ego, vocalism, use of forums and social media. The traditional definition of early adopters reads as being “eager to approach technological novelties but are more cautious of new trends due to their role as change leaders, which they do not want to lose. The personality of the GandCrab group was also very similar to the traditional definition of NON-criminal technology Innovators. The GandCrab RaaS platform was one of the key operations to explore how RaaS could begin to impact larger companies, and leverage new attack vectors (like MSPs) in their operations. RaaS operators in the early adopter phase saw new applications and opportunities for innovation. As we will see, this issue would be addressed further along the curve. As the barrier to entry into the ransomware market evaporated thanks to the ease and availability of RaaS, so entered a new cohort of participants who did not care about the RaaS operations brand, let alone a victim’s unrecoverable files. the RaaS operator not having quality gates on who they allowed to use their ransomware kits). This also created a brand issue for the RaaS platform itself, as the ones with the poorest performances would eventually develop a bad reputation and lead a subset of victims to opt out of paying entirely.Īnother issue was dishonesty among new recruits (i.e. Since affiliates only handled the attack and payment elements of the operation, they rarely had the technical know-how to assess why files weren’t decrypting, or to determine what bug may be in the original malware that could be causing flaws in the encrypted file format. One major complication was the affiliates’ inability to assist with common decryption issues. This early version of RaaS was not without its issues though. Once they established an affiliate base of distributors, they could earn their proportion of ransom payments without needing to carry out attacks, or perform manual tasks. This automation allowed the RaaS developers to greatly scale their operations. The page was also configured to release the decryptor once the ransom was paid to the correct wallet address. The page had simple features, such as a test decryption portal and a “ pay $300 in BTC here” button that provided a bitcoin wallet address. In 2016, this was one of the first RaaS operations to employ an auto generated ransom note that directed victims to a simple TOR webpage. The other key innovation was TOR sites, like the one used by Locky ransomware. The early RaaS developers would give their ‘kit’ away to new affiliates for free which greatly lowered the barriers to entry and made carrying out attacks more streamlined for affiliates. getting paid more often and with less friction). Innovators to the RaaS model focused on lowering barriers to entry (attracting new affiliates to carry out lots of attacks), and creating efficiencies on monetization (i.e.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |