Ransomware Operations 'Based on a Culture of Mistrust'Intel 471 CEO Mark Arena on Bulletproof Hosting, Ransomware-as-a-Service Providers
Two cornerstones of the cybercrime ecosystem are bulletproof hosting and ransomware offerings, says Mark Arena, CEO of the security firm Intel 471.
The most expensive, high-end and sophisticated bulletproof hosting sites feature dedicated data centers, run by and for criminals, he says. "For bulletproof hosting, what people typically mean is: resistant to complaints. So you can send in complaints, if you're the victim of something that's hosted on this hosting provider, and they're going to ignore the complaint."
Previously, such sites were widely used to host banking malware and command-and-control systems. But today, high-end sites are frequently used by ransomware attackers, which again reflects what clients want. "The reality is that ransomware is massively lucrative to cybercriminals of all shapes and sizes, and unfortunately, it's really easy to do and you get millions out of it," Arena says.
Many ransomware-as-a-service operations, he says, now provide their customers - aka affiliates - with access to a dedicated portal where they can generate a ransomware executable and use it to infect users. If a victim pays, the RaaS operator and affiliate share in the profits.
In a recent video interview with Information Security Media Group, Arena discusses:
- How bulletproof hosting continues to be a cybercrime cornerstone;
- Ransomware operations: How they are structured and function not like a street gang or Mafia family, but rather as a loose collection of criminals who work together "based on a culture of mistrust";
- How initial access brokers, network hacking specialists and software-as-a-service ransomware operations work together.
Arena is the CEO and founder of Intel 471. He was previously chief researcher at iSIGHT Partners, now FireEye. Prior to this, Arena worked at the Australian Federal Police as a technical specialist within the high-tech crime operations function and as a software engineer on embedded systems for public transportation systems.