The state of ransomware inside the dark web.

In Microsoft Office, routine operations can be automated with macros, helping to increase productivity. However, attackers are able to spread a variety of malware, including ransomware, using the same functionality.(Source – Shutterstock)

The path to the dark web is filled with ransomware

  • Macro-enabled ransomware is widely available at bargain pricing, according to Venafi’s investigation of 35 million dark web URLs
  • The research found 475 web pages of sophisticated ransomware products and services

The capacity to look into and stop illegal activities is still essential as ransomware groups continue to emerge and dark web marketplaces flourish. It has virtually become a byword for illegal activity because inside the dark web is a terrifying realm that is hidden from ordinary search engines.

The dark web has allowed organized crime to become a global phenomenon, which has led to the discovery of a thriving ransomware market there. The inventor and leading provider of machine identity management, Venafi, has released the results of dark web research into a ransomware that is disseminated by malicious macros.

The investigation, which was carried out in collaboration with the provider of criminal intelligence Forensic Pathways between November 2021 and March 2022, used the Forensic Pathways Dark Search Engine to evaluate 35 million dark web URLs, including markets and forums. In-depth ransomware products and services were found on 475 web pages, and numerous well-known organizations were aggressively promoting ransomware-as-a-service.

The state of ransomware inside the dark web

According to the survey, malicious macros were used to spread ransomware to targeted systems in 87% of cases on the dark web. A total of 30 different “brands” of ransomware were found in forum posts and marketplace listings. Furthermore, a lot of the ransomware strains that are now for sale, including Babuk, GoldenEye, Darkside/BlackCat, Egregor, HiddenTear, and WannaCry, have been used effectively in high-profile attacks.

Ransomware remains to be one of the largest cybersecurity risks in every enterprise, according to Kevin Bocek, vice president of security strategy and threat intelligence for Venafi. “The ransomware attack on Colonial Pipeline was so severe that it was deemed a national security threat, forcing President Biden to declare a state of emergency,” he added.

For example, in Microsoft Office, routine operations can be automated with macros, helping to increase productivity. However, attackers are able to spread a variety of malware, including ransomware, using the same functionality. Microsoft made a significant announcement in February to address the explosive development of ransomware threats spread via malicious macros, but they briefly reversed course in response to community comments.

“Given that almost anyone can launch a ransomware attack using a malicious macro, Microsoft’s indecision around disabling of macros should scare everyone,” said Bocek. “While the company has switched course a second time on disabling macros, the fact that there was backlash from the user community suggests that macros could persist as a ripe attack vector.”

The investigation also found a wide range of services and technologies that make it simpler for attackers with little technical expertise to start ransomware attacks, in addition to a variety of ransomware at different pricing ranges. Source code, build services, custom development services, and ransomware packages with step-by-step tutorials are the services with the most listings.

Additionally, generic ransomware build services are very expensive, with some listings costing over $900. On the opposite end of the scale, a variety of inexpensive ransomware choices are offered across numerous listings, with the Lockscreen ransomware starting at just $0.99.

The need for a machine identity management control plane to support particular business outcomes like observability, consistency, and reliability is illustrated once again by these findings. Code signing in particular is a crucial machine identity management security measure that removes the risk of ransomware with macro support.

A ransomware attack can be stopped in its tracks by using code signing certificates to authenticate macros, according to Bocek. This prevents any unsigned macros from executing. “This is an opportunity for security teams to step up and protect their businesses, especially in banking, insurance, healthcare and energy where macros and Office documents are used every day to power decision making,” he concluded.