The ransomware space is booming right now, with existing actors looking to extend their partnerships, new groups trying to recruit skillful hackers, access brokers selling more than what can be practically used, and established players drawing the attention of the community with a vulgar display of financial power.
Researcher Brian Krebs is doubling down on this by presenting the details of the current situation on the most notorious Russian-speaking forums of the dark web, and how a wave of outsourcing ransomware activities has swept everything.
Here’s a sample of a post that details what one of the subcontractors has access to and what they’re looking for.
The ad clearly shows that ransomware groups gain a strong foothold on their targets’ networks, know how much money they could realistically demand from their victims, and they seem able to maintain their presence in a stealthy manner, so the compromised companies and organizations don’t realize what’s going on even after weeks or months.
Krebs focuses on a specific cybercriminal nicknamed “Dr. Samuil,” who is among those leading the outsourcing activities right now. The doctor has been around for at least 15 years, promoting services like ‘MultiVPN,’ which is a specialized VPN tool that’s marketed to hackers who want to stay anonymous and protected. Old registration details of the website of 'Ruskod Networks Solutions,' which is the company behind MultiVPN, point to the name Sergey Rakityansky.
By digging deeper, and with the help of a former business partner of MultiVPN, the researcher figured that Rakityansky is indeed linked with the Dr. Samuil moniker and that he is a 33-year-old man living in the city of Bryansk, in Russia.