Bit of insight into cyber security again, and the continued exploration of their business model.
BleepingComputer is reporting on Ransomware-as-a-Service crews who are looking for affiliates. From the article:
The more well-known ransomware gangs run private affiliate programs where affiliates can submit applications and resumes to apply for membership.
For affiliates that are accepted into the program, the ransomware developers receive a 20-30% cut, and an affiliate gets 70-80% of the ransom payments they generate.
As reported by threat intelligence firm Intel 471, the gangs can be classified into three tiers, which are based on their notoriety and the amount of time they have been active for.
And this continues to be big money – a new report by Aura Information Security gave some stats on the payouts in New Zealand — Two-thirds of businesses admit they would pay a ransom to retrieve data after a ransomware attack. One in ten businesses would be willing to pay $50,000 or more. And, half of IT decision makers are not aware of law changes happening this year.
Why do we care?
Here’s what’s new here that we care about – not only are these well run organizations, but they can be tracked to a level of detail showing their performance metrics. These continue to be real businesses – despite being illegal. They even take resumes!
I also wanted to highlight that statistic about legal awareness. This is a significant number unaware of law changes. I’m highlighting that because many think it’s enough to be good at the technology. It’s not. You need to be aware of the increasingly complicated legal requirements for the space. And by doing so, you’ll command a higher value, because you are managing the REAL risks of technology.
Source: Bleeping Computer
Source: Channel Life NZ