58% of malware families sold as a service are ransomware
Cyber criminals can “subscribe” to ransomware as a service for free. Once they become partners, they pay for the service after the attack occurs. The amount of the payment is determined by a percentage of the ransom paid by the victim, which generally ranges from 10 to 40% of each transaction.
The Kaspersky Digital Footprint Intelligence team has released a new study that reveals that ransomware is the most widespread malware-as-a-service (MaaS) in the past seven years. In addition, the researchers found that cybercriminals often rent infostealers, botnets, loaders, and backdoors to carry out their attacks.
MaaS is an illicit business model that involves renting software to carry out cyberattacks, which lowers the threshold of expertise needed by would-be cybercriminals. Usually, customers of such services are offered a personal account through which they can control the attack, as well as technical support.
Cyber criminals who operate MaaS platforms are commonly known as operators, while those who purchase these services are known as affiliates. After closing an agreement with the operators, affiliates receive access to all necessary MaaS components, such as command and control (C2) panels, builders (programs for rapid creation of unique malware samples), malware and interface, updates , support, instructions and hosting.
Ransomware dominates the MaaS model
Kaspersky experts examined the rental advertisements of various malware families and found that ransomware accounted for 58% of all families distributed under the MaaS model between 2015 and 2022. The popularity of ransomware can be attributed to its ability to generate more benefits in a shorter space of time than other types of malware.
Cybercriminals can “subscribe” to ransomware as a service (RaaS) for free. Once they become partners in the program, they pay for the service after the attack occurs. The amount of the payment is determined by a percentage of the ransom paid by the victim, which generally ranges from 10 to 40% of each transaction. However, entering the program is not an easy task, since it implies meeting rigorous requirements.
Infostealers accounted for 24% of malware families distributed as a service. These are malicious programs designed to steal data such as credentials, passwords, bank cards and accounts, browser history, crypto wallet data, and more.
Infostealer’s services are paid for through a subscription model, ranging from $100 to $300 per month. For example, RedLine has a monthly price of $150, and there is also the option to purchase a lifetime license for $900, according to information posted on the Darknet by its operators. Attackers also make use of extra paid services.
18% of malware families sold as a service were botnets, loaders, and backdoors. These threats are combined into one group, as they often have a common goal: to load and execute other malware on the victim’s device. This type of malware is more expensive than infostealers, because the malicious code itself is more complex and all the infrastructure is provided by the operator.
