Trends in ransomware-as-a-service and cryptocurrency to monitor

2023-07-19 05:00

Hive is widely believed to be affiliated with the Conti ransomware group, joining a list of other groups associated with former Conti operators, including Royal, Black Basta, and Quantum.

Hive, like other RaaS providers, wrote a ransomware encryptor, created a dark web domain, advertised their services to affiliates and forums, and then allowed users to purchase a license to configure a ransomware payload and receive extortion funds.

Hive, and every other ransomware group, still uses cryptocurrency for ransomware payments because it is borderless and almost instant.

While most cryptocurrency is traceable, many ransomware operators perform their misdeeds from countries with governments who tend to look the other way, especially if the attacks don't target the country they are operating from.

The malware will terminate if it is in a country that is part of the Commonwealth of Independent States, allowing ransomware operators in these countries to deploy ransomware without worrying as much about being arrested.

The operation - and other recent takedowns of ransomware groups like REvil and DarkSide, not to mention various affiliates that use other ransomware - demonstrates how governments are becoming more offensive in stopping these threat actors.

News URL

https://www.helpnetsecurity.com/2023/07/19/cryptocurrency-ransomware-payments/

#cryptocurrency #ransomware