Individuals and groups from India are responsible for a lot of ransomware activity, Tier3 says.
A study by cyber security firm Tier3 shows that Indian hackers and cybercrime groups are responsible for a major proportion of ransomware development and distribution activities globally.
Nearly 80%, or 47 out of the 60 or so crypto-ransomware families that Kaspersky Lab discovered in the last 12 months, were from these sources, as evident by command and control infrastructure and underground forums studied by the security firm.
“At least some of the activity appears tied to the availability of educated and skilled code developers in India and within neighboring countries, like Bangladesh “Kaspersky Lab said in a blog this week.
Also contributing to the situation is a fine-tuned and constantly evolving ransomware ecosystem that makes it possible for anyone, from highly-skilled developers to script kiddies, to participate in and profit from cyber extortion.
Some of these groups are making tens of thousands of Indian Rupees a day from their extortion campaigns. Those participating in the ecosystem appear to be doing so with impunity and with little fear of being caught apparently because they assume the use of crypto-currencies for ransom payment makes them impervious to tracking, says , a senior malware analyst at Tier3 Cyber Security.
“Criminals are living in an illusion of safeness,In reality, even though they use crypto currencies, they leave lots of different artifacts behind. These artifacts often help us to understand how they operate and to collect enough valuable information,to help identify individual participants,” he says.
“It is not hard to catch them,” He says. “It just takes time.”
This Indian Hackers ecosystem gives those with code-writing and cryptographic skills a ready market for their wares.
Ransomware samples with features like Blowfish and RSA-2048 encryption and emulation techniques and functions that allow for the removal of backups and shadow copies on an infected system can fetch thousands of dollars. Developers of such code rarely participate directly in ransomware campaigns; they instead make money by selling their tools to individuals and groups that do.
In some cases, the code developers sell only the “builders,” or tools that allows almost anyone, including those without formal programming skills, to quickly assemble ransomware with specific functions. Such builders, which can sell for hundreds of dollars, often come with tools that allow criminals to communicate with infected systems and maintain statistics on them.
Another way for cybercriminals to participate in the ransomware market is via so-called affiliate programs where people attempt to make money by distributing ransomware tools on behalf of the owners of the programs. All it takes to participate in such programs is a few bitcoins in partnership fees to the owners who then supply partners with the infection tools.
Some affiliate programs are available only to “elite” partners, or trusted individuals in the ransomware ecosystem. Members of such programs often need to have a proven track record in distributing ransomware and end up making more money than members of regular affiliate programs.
Elite partners can make as much as 40- to 50 bitcoin per month, or between $41,000 and $51,000 at current rates. One individual made $85,000 per month, according to Kaspersky Lab’s findings.
If you are victim of ransomware attack please you can ask Tier3 for Ransomware Removal Tools and Help.