Ransomware Outsourcing Is Taking Unprecedented Proportions

Last updated September 28, 2021
Written by:
Bill Toulas
Bill Toulas
Infosec Writer

The ransomware space is booming right now, with existing actors looking to extend their partnerships, new groups trying to recruit skillful hackers, access brokers selling more than what can be practically used, and established players drawing the attention of the community with a vulgar display of financial power.

Researcher Brian Krebs is doubling down on this by presenting the details of the current situation on the most notorious Russian-speaking forums of the dark web, and how a wave of outsourcing ransomware activities has swept everything.

Here’s a sample of a post that details what one of the subcontractors has access to and what they’re looking for.

There is huge insider information on the companies which we target, including information if there are tape drives and clouds (for example, Datto that is built to last, etc.), which significantly affects the scale of the conversion rate.

Requirements:
– experience with cloud storage, ESXi.
– experience with Active Directory.
– privilege escalation on accounts with limited rights.

  • Serious level of insider information on the companies with which we work. There are proofs of large payments, but only for verified LEADs.
  • There is also a private MEGA INSIDE, which I will not write about here in public, and it is only for experienced LEADs with their teams.
  • We do not look at REVENUE / NET INCOME / Accountant reports, this is our MEGA INSIDE, in which we know exactly how much to confidently squeeze to the maximum in total.

The ad clearly shows that ransomware groups gain a strong foothold on their targets’ networks, know how much money they could realistically demand from their victims, and they seem able to maintain their presence in a stealthy manner, so the compromised companies and organizations don’t realize what’s going on even after weeks or months.

Krebs focuses on a specific cybercriminal nicknamed “Dr. Samuil,” who is among those leading the outsourcing activities right now. The doctor has been around for at least 15 years, promoting services like ‘MultiVPN,’ which is a specialized VPN tool that’s marketed to hackers who want to stay anonymous and protected. Old registration details of the website of 'Ruskod Networks Solutions,' which is the company behind MultiVPN, point to the name Sergey Rakityansky.

By digging deeper, and with the help of a former business partner of MultiVPN, the researcher figured that Rakityansky is indeed linked with the Dr. Samuil moniker and that he is a 33-year-old man living in the city of Bryansk, in Russia.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: