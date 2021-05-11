Hacker groups that use ransomware viruses and extort millions of dollars from companies receive 20-40% of the ransom, Kaspersky Lab told Izvestia.

Most of the money usually goes to the extortionist’s accomplices. Experts came to this conclusion after studying the messages of cybercriminals on the darknet. In particular, the company examined the records of the REvil group, which last month attacked the Apple contractor and asked the American corporation for $ 50 million.

In total, the company’s specialists divide the participants in ransomware attacks into four conditional groups. Malware developers, botmasters, vendors of access to compromised devices, and, finally, the operators themselves. The latter are involved in the management of attacks: for example, they choose an entry point to the organization and launch malware.

“The work of the operators is extensive. They try to reach the widest audience of potential victims and only then choose the most accessible and profitable from them. Therefore, they use the services of both botmasters and access sellers, ”explained Dmitry Galov, cybersecurity expert at Kaspersky Lab.

Other cybersecurity experts interviewed by Izvestia also note that ransomware operators, whose names make headlines, often use the services of partners.

“Someone is distributing malware on the darknet, someone is carrying out targeted attacks, someone is exploiting and maintaining a botnet, someone is engaged in financial transactions and the withdrawal of electronic currency into real,” the leading specialist of the audit department listed the profiles of hackers Infosecurity a Softline Company Anatoly Sazonov.

Despite the fact that all the “glory” of such attacks goes to the operators, they rarely keep most of the ransom for themselves. Specifically, REvil and Babuk usually claim 20-40%, Kaspersky Lab told Izvestia. Oleg Skulkin, a leading expert in computer forensics at Group-IB, also says that operators most often keep a smaller part of the jackpot for themselves. According to him, operators usually take no more than 30%.

