Ransomware-as-a-service business model takes a hit in the aftermath of the Colonial Pipeline attack

Cybercrime gangs are finding it harder to recruit partners for the affiliate programs that power ransomware attacks.

Abstract Malware Ransomware virus encrypted files with keypad on binary bit red background. Vector illustration cybercrime and cyber security concept.

Image: iStockphoto/nicescene

The best way to stop the ever-increasing wave of ransomware attacks is to take away the financial incentive behind these cyber crimes. The response to the Colonial Pipeline ransomware attack may be the first step in doing just that. Both governments and hacker forums have made it harder for ransomware gangs to use the ransomware-as-a-service (RaaS) model. This scalable business model requires several groups: engineers to write encryption software, network penetration experts to find and compromise targets and professional negotiators to ensure maximum payout. 

Bryan Oliver, a senior analyst at Flashpoint said that the response from governments in the wake of the Colonial Pipeline attack has made it harder for ransomware groups to recruit partners.

“The main result of government action has been the banning of ransomware group recruitment from the top tier underground Russian forums,” Oliver said.  

Oliver said this change will not end ransomware attacks any time soon, but it is a significant step because it makes the ransomware-as-a-service model less profitable.

“The Exploit and XSS forums were the recruiting grounds for these ransomware groups, and losing access to those means losing access to new partners,” he said.

Oliver said that the administrators of these forums also banned the DarkSide collective in mid-May and distributed their deposit of roughly $1 million to DarkSide “partners” who claimed they had not been paid by DarkSide. 

“They have also since removed posts from their forums related to ransomware recruitment,” he said.

Amit Serper, Guardicore’s vice president of research for North America, said that he hopes to see a change in ransomware attacks with the U.S. and other national governments stepping up their fight against bad actors.

“The fact that the U.S. government managed to seize some of the funds that were paid by Colonial sets an interesting…