New Russian-Speaking Forum – A New Place for RaaS?

Victoria Kivilevich, Threat Intelligence Analyst

A new Russian-speaking forum called RAMP was launched in July 2021 and received much attention from researchers and cybercrime actors. The forum emerged at the domain that previously hosted the Babuk ransomware data leak site and later the Payload.bin leak site. KELA researched the contents of the new site and assessed its chances to succeed.
*All the forum contents are described based on what KELA observed on RAMP until July 27, 2021, when the access became was restricted.

Ransomware Gangs are Starting to Look Like Ocean’s 11

Victoria Kivilevich, Threat Intelligence Analyst

The cybercrime underground ecosystem once housed cybercriminals who would perform attacks from start to finish on their own. This one-man show has nearly completely dissolved though as one of the most prominent trends that emerged instead is the specialization of cybercriminals in different niches. If we take a typical attack, we’ll see that not necessarily every cybercriminal will have the know-how to perform each stage involved in the attack:

  • Code (code or acquire malware with the desired capabilities)
  • Spread (infect targeted victims)
  • Extract (maintain access to infected machines)
  • Monetize (get profits from the attack)