Bitcoin transactions lead to interconnect ransomware affiliates


A scenario where software is being distributed as a service is being witnessed in the business of ransomware distribution these days. And to understand the concept from the roots, here’s a bit of intro to the subject.

Normally, a software is developed by a coder who then offers the product to be sold to affiliates or partners who sell that product in the market and share the return with the coder.

In a similar fashion, those creating ransomware are also seen selling it via a service called RaaS- Ransomware as a service. And some individuals or groups dubbed as Affiliates sign up to distribute the malware by orchestrating email phishing attacks by infiltrating corporate or government networks.

An analysis carried out by Chainalysis report says that such affiliates are often found to be distributing multiple ransomwares- thus keeping their earning bells ringing. Chainalysis found evidence that a single affiliate which probably consisted of 4-7 members were seen distributing Maze ransomware as a service and is now involved in distributing SunCrypt RaaS.

The payments that take place in discrete manner via cryptocurrency are smartly distributed to BTC wallets to be laundered later.

A research conducted by Chainalysis says that the operators involved in the ransomware’s generation might be a handful who are seen developing and distributing new strains of malware from time to time. Meaning, the ransomware variants might be many. But the developers of such malware are only a few.

Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display