Security News > 2023 > July > Ransomware Affiliates, Triple Extortion, and the Dark Web Ecosystem
Ransomware has been an acute concern for organizations for more than a decade, but one of the more recent trends we see is that groups are now setting up infrastructure, but outsourcing actual infection to "Affiliates" who effectively act as contractors to the Ransomware as a Service group and split the profits at the end of a successful attacks.
A ransomware group encrypts a company's data, but first exfiltrates data, which is posted on ransomware blogs on a certain date if the victim doesn't pay.
In 2023, we've already seen more than 2,000 data leaks on ransomware blogs in the first six months of the year, making it likely 2023 will be a record year for ransomware data disclosure.
The rise of triple extortion ransomware also directly coincides with another significant change in the threat landscape: the rise of infostealer malware.
Ransomware affiliates can easily shop for ransomware via specialized forums, then look for initial access via infected device logs posted to public Telegram channels or listed for sale on Russian or Genesis Markets.
Ransomware groups can also use stealer logs as part of triple extortion attacks.
News URL
Related news
- Companies mentioned on the dark web at higher risk for cyber attacks (source)
- Dutch police arrest admin of 'Bohemia/Cannabia' dark web market (source)
- Dutch cops reveal takedown of 'world's largest dark web market' (source)
- Bohemia and Cannabia Dark Web Markets Taken Down After Joint Police Operation (source)
- Finland seizes servers of 'Sipultie' dark web drugs market (source)
- Ransomware hits web hosting servers via vulnerable CyberPanel instances (source)
- Dark web crypto laundering kingpin sentenced to 12.5 years in prison (source)