Security News > 2023 > November > Experts Expose Farnetwork's Ransomware-as-a-Service Business Model

Singapore-headquartered Group-IB, which attempted to infiltrate a private RaaS program that uses the Nokoyawa ransomware strain, said it underwent a "Job interview" process with the threat actor, learning several valuable insights into their background and role.

"Throughout the threat actor's cybercriminal career, which began in 2019, farnetwork has been involved in several connected ransomware projects, including JSWORM, Nefilim, Karma, and Nemty, as part of which they helped develop ransomware and manage the RaaS programs before launching their own RaaS program based on Nokoyawa ransomware," Nikolay Kichatov, threat intelligence analyst at Group-IB, said.

The latest disclosure comes nearly six months after the cybersecurity company penetrated the Qilin RaaS gang, uncovering details about the affiliates' payment structure and the inner workings of the RaaS program.

Since the start of the year, farnetwork has been linked to recruitment efforts for the Nokoyawa RaaS program, asking potential candidates to facilitate privilege escalation using stolen corporate account credentials and deploy the ransomware to encrypt a victim's files, and then demand payment in return for the decryption key.

The RaaS model allows affiliates to receive 65% of the ransom amount and the botnet owner to receive 20%. The ransomware developer, on the other hand, receives 15% of the total share, a number that could drop further down to 10%. Nokoyawa has since ceased its operations as of October 2023, although Group-IB said there is a high probability that farnetwork would resurface under a different name and with a new RaaS program.

"Farnetwork is an experienced and highly skilled threat actor," Kichatov said, describing the threat actor as one of the "Most active players of the RaaS market."

News URL

https://thehackernews.com/2023/11/experts-expose-farnetworks-ransomware.html