McAfee Enterprise and FireEye recently released its 2022 Threat Predictions. In this blog, we take a deeper dive into a Game of Thrones power struggle among Ransomware-as-a-Service bad actors in 2022.
Prediction: Self-reliant cybercrime groups will shift the balance of power within the RaaS eco-kingdom.
For several years, ransomware attacks have dominated the headlines as arguably the most impactful cyber threats. The Ransomware-as-a-Service (RaaS) model at the time opened the cybercrime career path to lesser skilled criminals which eventually led to more breaches and higher criminal profits.
For a long time, RaaS admins and developers were prioritized as the top targets, often neglecting the affiliates since they were perceived as less skilled. This, combined with the lack of disruptions in the RaaS ecosystem, created an atmosphere where those lesser-skilled affiliates could thrive and grow into very competent cybercriminals, eventually with a mind of their own.
In a response to the Colonial Pipeline attack, the popular cybercrime forums have banned ransomware actors from advertising. Now, the RaaS groups no longer have a third-party platform on which to actively recruit, show their seniority, offer escrow, have their binaries tested by moderators, or settle disputes. The lack of visibility has made it harder for RaaS groups to establish or maintain credibility and will make it harder for RaaS developers to maintain their current top tier position in the underground.
These events have undermined their trusted position. Ransomware has generated billions of dollars in recent years and it’s only a matter of time before more individuals who believe they aren’t getting their fair share become unhappy.
The first signs of this happening are already visible as described in our thrones
