Venafi and Forensic Pathways explore “Exposing a Thriving Ransomware Marketplace on the Dark Web”
From November 2021 to March 2022, an extensive research project was conducted in collaboration Venafi – The World Leader in Machine Identity Management. The research involved the analysis of a massive dark web dataset comprising >35 million dark web URLs, encompassing various hidden Tor browser marketplaces and darknet forums. The comprehensive study yielded remarkable results, revealing the existence of 475 webpages dedicated to sophisticated hacking products and services. Among these, several prominent groups were found to be actively promoting ransomware-as-a-service, indicating a highly aggressive approach in the illicit market.
Research Overview:
- The research was conducted in partnership with Forensic Pathways between November 2021 and March 2022.
- It analysed 35 million dark web URLs, including marketplaces and forums, using Forensic Pathways dedicated Tor crawlers and data scrapers.
- The research unveiled 475 webpages offering sophisticated products and services, including ransomware-as-a-service.
Results:
- 87% of the ransomware found on the dark web is delivered via malicious macros to infect targeted systems.
- The research identified 30 different “brands” within marketplace listings and forum discussions.
- Many strains being sold on the dark web have been successfully used in high-profile cyberattacks.
- Strains used in high-profile attacks command higher prices for associated services.
- For example, a customised version of Darkside, used in the Colonial Pipeline ransomware attack, was listed for $1,262.
- Source code listings for well-known ransomware generally have higher price points, with Babuk source code listed for $950 and Paradise source code selling for $593.
Use of Macros:
- Malicious macros, often delivered via Microsoft Office, are a common delivery method for ransomware.
- Microsoft’s decision to temporarily reverse the disabling of VBA macros obtained from the Internet has raised concerns about the ease with which attackers can launch ransomware attacks.
Tools for Attackers:
- The research uncovered a wide range of services and tools designed to facilitate attacks for individuals with minimal technical skills.
- These services include source code, build services, custom development services, and packages with step-by-step tutorials.
- Generic build services are offered at high prices, while low-cost options are available for as little as $0.99 on the dark web.
This information highlights the prevalence of such attacks on the dark web and the accessibility of hacking tools and services for potential attackers, as well as the concerns regarding the use of malicious macros in ransomware attacks.
Read the report: https://venafi.com
Forensic Pathways’ Dark Web Consultancy Services Click Here: dark-web-consultancy