Mr Huber said affiliates who earn between 70% to 90% of the ransom payment, are charged with the task of doing the dirty work to gain access to networks through tried-and-true methods such as spear-phishing, deploying brute force attacks on remote desktop protocol (RDP) systems, exploiting unpatched or zero-day vulnerabilities and purchasing stolen credentials from the dark web.
Affiliates may also work with IABs, which are individuals or groups that have already gained access to networks and are selling access to the highest bidder. According to the Tenable research, their fees range on average from $303 for control panel access to as much as $9,874 for RDP access.
"The initial extortion tactic was the ... 'we're just going to encrypt your systems'," Mr Huber said.
"For you to gain access back, you have to pay and we'll unencrypt them, which takes some time to the unencrypted system – it's not like you pay a fee and all of a sudden you have access to your data right away.
Ransomware’s current dominance was directly linked to the emergence of a technique known as double extortion, according to the Tenable data. The tactic, pioneered by the Maze ransomware group, involves stealing sensitive data from victims and threatening to publish these files on leaked websites, while also encrypting the data so that the victim cannot access it.
Satnam Narang, senior research engineer at Tenable, said with RaaS and double extortion, Pandora's box had been opened.
"Attackers are finding holes in our current defences and profiting from them,” Mr Narang said.
“The Australian Cyber Security Centre recorded a 15% increase in ransomware cybercrime in 2021. So long as the ransomware ecosystem continues to thrive, so too will the attacks against organisations and governments."
“Ransomware groups have recently added a variety of other extortion techniques to their repertoire, including launching DDoS attacks to contacting customers of their victims, making it even more challenging for defenders. These tactics are part of the ransomware gangs' arsenal for placing additional pressure on victim organisations.
"It's imperative that these entities prepare themselves in advance so they are in the best position possible to defend against and respond to ransomware attacks.”