VaaS – a new way to make money in the digital age?

By Ahmad Faizun

Virus as a Service, known as RaaS (“Ransomware as a Service”) and MaaS (Malware

as a Service), early access brokers (IAB) have recently been more popular than any
other hacking activity worldwide. Most hacking activities or APTs (“Advanced
Persistent Threat”) involve breaking into a target's IT environment, obtaining
confidential information and/or modifying some information for specific purposes.
But stealing or modifying information doesn't make money. Ransomware is designed
to create an Industry that can leverage hacking tools to monetize the attack.

The term advanced persistent threat (APT) refers to cybercriminals with sophisticated
capabilities and strong motivation - whether political (state-sponsored), financial
(cybercrime), or ideological (hacktivism) - for targeted attacks. APTs are generally in
groups, sometimes with an international presence. In addition to in-depth knowledge
of computers and networks, they may also have some familiarity with esoteric
hardware and financial systems, important skills needed to achieve their goals.

In Indonesia, with the recent infamous Ransomware attack on one of the major
Indonesian banks (BSI Bank), information about this RaaS surfaced.

The LockBit Ransomware group released 1.5 TB of employee and customer data to
the Internet, after their 900 Billion Rupiah ransom went unpaid. The implication of
this attack is the continuity of the Bank's operations for 3 days, until the transaction
data is recovered, and the loss of reputation which has an impact on customer trust in
the bank. Due to this attack, many customers moved their funds to other banks, the
share price for Bank Harga Efek BSI (BRIS) touched the lowest ARB (Auto Reject
Lower) / rejected stock price.
Is BSI Bank the only one hurt by this kind of attack?
This kind of attack has spread globally and affected many industries in many countries.
Why Ransomware can make money for hackers?
The ransomware uses 4-5 extortion methods. The deeper and wider the extortion, the more
damage the attack will do to the organization, as we can see, paying the ransom is quite
profitable on average.
This paper is not a comprehensive analysis of ransomware, but our aim is to increase security
awareness among practitioners and government officials, and then take serious action to address
this kind of security issue.
What is Raas?
Ransomware as a Service (RaaS) is a business model between ransomware operators and their
affiliates in which the affiliate pays to launch an operator-developed ransomware attack. Think
of ransomware as a service as a variation of the software as a service (SaaS) business model.
RaaS kits allow affiliates with neither the skill nor the time to develop their own ransomware
variant to get up and running quickly and affordably. They are easy to find on the dark web,
where they are advertised the same way items are advertised on the legitimate web.
RaaS kits may include 24/7 support, offering packages, user reviews, forums and other features
identical to those offered by legitimate SaaS providers. Prices for RaaS kits range from $40 per
month to several thousand dollars – a trivial amount, considering the average ransom demand in
2021 is $6 million. A threat actor doesn't need every attack to be successful in order to get rich.
Anyone, young or old with access to the internet, can probably join the RaaS squad and make
some money. This became the industrial model of hacker criminal activity.
The ransomware uses 4-5 extortion methods. The deeper and wider the extortion, the more
damage the attack will do to the organization, as we can see, paying the ransom is quite
profitable on average.
This paper is not a comprehensive analysis of ransomware, but our aim is to increase security
awareness among practitioners and government officials, and then take serious action to address
this kind of security issue.
What is Raas?
Ransomware as a Service (RaaS) is a business model between ransomware operators and their
affiliates in which the affiliate pays to launch an operator-developed ransomware attack. Think
of ransomware as a service as a variation of the software as a service (SaaS) business model.
RaaS kits allow affiliates with neither the skill nor the time to develop their own ransomware
variant to get up and running quickly and affordably. They are easy to find on the dark web,
where they are advertised the same way items are advertised on the legitimate web.
RaaS kits may include 24/7 support, offering packages, user reviews, forums and other features
identical to those offered by legitimate SaaS providers. Prices for RaaS kits range from $40 per
month to several thousand dollars – a trivial amount, considering the average ransom demand in
2021 is $6 million. A threat actor doesn't need every attack to be successful in order to get rich.
Anyone, young or old with access to the internet, can probably join the RaaS squad and make
some money. This became the industrial model of hacker criminal activity.
There are 4 common RaaS revenue models:
1. Monthly subscription for a flat fee
2. Affiliate programs, which are the same as a monthly fee model but with a percentage of profits
(usually 20-30%) going to the ransomware developers
3. One-time license fee without revenue sharing
4. Pure profit sharing

Malware-as-a-service (MaaS) refers to malware that is sold underground. Just as software as a

service is harmless, MaaS vendors issue bug fixes and version updates. They maintain a
customer support hotline for customer feedback and complaints, or to make feature requests.
Think of APT producing MaaS with a structure similar to a typical software startup, complete
with a team that handles product, sales, and marketing.

Ransomware As A Service Offered For $39 On The Dark Net (eg Stampado). Stampado
encrypts files and gives victims 96 hours to pay the ransom. It is advertised as completely
undetectable and usable in .exe, .bat, .dll, .scr and .cmd files. In addition, Stampado deletes
randomly selected files every six hours if the ransom is not paid.

Just in case potential buyers think $39 for a ransomware subscription is too good to be true, the
creators have created this YouTube video showing the program in action.
In particular, because most underground actors are unable to create their own malware, the deep
and dark web provides a huge potential client base for MaaS. Aspiring threat actors can purchase
robust, ready-to-use, and simple malware for a few dozen to a few hundred dollars. This allows
anyone to launch more complex cyberattacks regardless of their technical skills.
With some luck and guts, beginners or with little knowledge of hacking can become a part of this
criminal industry. That's from the business side, how does it work?

How Ransomware Works

To be successful, the ransomware needs to gain access to the target system, encrypt files there,
and demand a ransom from the victim. While the details of implementation vary from one
ransomware variant to another, they all share the same three core stages

Step 1. Vectors of Infection and Distribution

Ransomware, like other malware, can gain access to an organization's systems in a number of
ways. However, ransomware operators tend to prefer certain infection vectors.

One of them is a phishing email. The malicious email might contain links to websites hosting
malicious downloads or attachments that have a built-in downloader function. If the email
recipient falls for the phish, then the ransomware is downloaded and run on their computer.

Another popular ransomware infection vector makes use of services such as Remote Desktop
Protocol (RDP). With RDP, an attacker who has stolen or guessed an employee's login
credentials can use it to authenticate and remotely access computers within a corporate network.
With this access, attackers can directly download malware and execute it on the machines they
control.

Others might try to infect the system directly, like how WannaCry exploited the EternalBlue
vulnerability. Most of the ransomware variants have multiple infection vectors.

Step 2. Data Encryption

Once the ransomware gains access to the system, it can start encrypting its files. Since
encryption functionality is built into the operating system, this simply involves accessing the
files, encrypting them with an attacker-controlled key, and replacing the original with the
encrypted version. Most ransomware variants carefully select files to encrypt to ensure system
stability. Some variants will also take steps to delete backups and shadow copies of files to make
recovery difficult without a decryption key.

Step 3. Ransom Request

Once the file encryption is complete, the ransomware is ready to make ransom demands.
Different ransomware variants implement this in different ways, but it is not uncommon for the
display background to change to a ransom note or a text file placed in each encrypted directory
containing the ransom note. Typically, these notes ask for a certain amount of cryptocurrency in
exchange for access to the victim's files. If the ransom is paid, the ransomware operator will
provide a copy of the private key used to protect the symmetric encryption key or a copy of the
symmetric encryption key itself. This information can be entered into a decryption program (also
provided by cyber criminals) which can use it to reverse the encryption and restore access to the
user's files.

While these three core steps are present in all ransomware variants, different ransomware may
include different implementations or additional steps. For example, ransomware variants such as
Maze perform scanning of files, registry information, and data theft before data encryption, and
the WannaCry ransomware scans other vulnerable devices to infect and encrypt them.

There are many types of malware, and they can complement each other when carrying out
attacks.
• A botnet (short for robot network) consists of computers that communicate with each other via
the internet. Command and control centers use them to send spam, perform distributed denial-of-
service (DDoS) attacks (see below) and commit other crimes.

• A rootkit is a collection of programs that allows administrator-level access to a computer or

computer network, thereby allowing an attacker to gain root or privileged access to the computer
and possibly other machines on the same network.

• A worm propagates itself through computer networks and performs malicious actions without
guidance.

• A trojan acts as, or is embedded within, a legitimate program, but designed for malicious
purposes, such as spying, stealing data, deleting files, expanding botnets, and carrying out DDoS
attacks.

• File infectors infect executable files (such as .exe) by overwriting them or inserting infected
code that disables them.

• A backdoor/remote access Trojan (RAT) remotely accesses a computer system or mobile

device. It can be installed by other malware. This gives the attacker almost total control, who can
perform a variety of actions, including:

• monitoring actions

• executing orders

• sending files and documents back to the attacker

• logs keystrokes

• take screenshots

• Ransomware stops users from accessing their devices and asks them to pay a ransom via
certain online payment methods to regain access. A variant, police ransomware, uses law
enforcement symbols to provide authority to ransom messages.

• Scareware is fake anti-virus software that pretends to scan and find malware/security threats on
a user's device so they will pay to remove it.

• Spyware is installed on computers without the owner's knowledge to monitor their activity and
transmit information
Dozens of ransomware variants exist, each with its own unique characteristics. However, some
ransomware groups are more prolific and successful than others, making them stand out from the
rest.
1. Ryuk
2. Mazes
3. REvil (Sodinokibi)
4. Lockbits
5. DearCry
6. Lapsus$A study conducted by our colleagues, showed that a well-defined ransomware kit
could not be detected by any of these antiviruses. Only one can identify a file as suspicious, but
cannot be defined as a ransomware malicious file. With the 1,500$ library for the compiler sold
by the makers of the ransomware kit, signatures and other aids as viruses will cease to exist, and
no antivirus will be able to detect them.

Contextual, actionable threat intelligence is critical to organizational security. The Deep

Web/Dark Web provides multiple opportunities to extract intelligence, identify, profile and
mitigate cybersecurity risks. For example, identifying leaked account credentials allows your
organization to identify and prevent potential cyberattacks before they happen. In this context,
Deep Web/Dark Web greatly contribute to your security ecosystem if used correctly. However,
this process must be done through the right team or tools, as data collection, remediation and
threat hunting can be time consuming.
Why Do Ransomware Attacks Appear?
The modern ransomware craze started with the WannaCry outbreak in 2017. This large-scale and
widely publicized attack demonstrated that ransomware attacks are possible and potentially
profitable. Since then, dozens of ransomware variants have been developed and used in various
attacks.
The COVID-19 pandemic has also contributed to the recent spike in ransomware. As
organizations rapidly shift to remote work, gaps are being created in their cyber defenses.
Cybercriminals have exploited this vulnerability to deliver ransomware, resulting in a spike in
ransomware attacks. In Q3 2020, ransomware attacks increased by 50% compared to the first
half of the year. How do we fight against this kind of attack?
1. Implement ZTA (“Zero Trust Framework”)
The National Institute of Standards and Technology (NIST) Special Publication (SP) 800-207
provides the following definition of zero trust and ZTA operation:
Zero trust provides a collection of concepts and ideas designed to minimize uncertainty in
enforcing accurate and least-privileged access-request decisions in information systems and
services in the face of networks that are perceived as compromised. ZTA is an enterprise
cybersecurity plan that uses the concept of zero trust and includes component relationships,
workflow planning and access policies. Therefore, the enterprise without trust is the network
infrastructure (physical and virtual) and operational policies that exist for the enterprise as a
product of the ZTA plan.
The idea behind Zero Trust is “never trust, always verify”. Basically, no one is trusted,
regardless of whether the user is inside or outside.
Why do we need such a strict security framework?
We need to keep improving or security
Perimeter and race with attack tool creators to prevent or self. On the dark web, the creators of
Ransomware and other attack tools, have, and will continue to work and their money to
outperform defense tools and technologies.
1. Check yourself against the CVE (Known Exploited Vulnerabilities Catalog / Common
Vulnerabilities and Exposures) list, use the Vulnerability Assessment tool or hire a white hat
hacker to perform penetration testing services for your organization and cover any findings.
2. Once you have implemented a strong ZTA, you can ask your insurance company to cover your
cyber risks. With strong security exposure, the insurer will agree to cover your risk for a
reasonable fee instead of you simply paying the insurance to cover your "unprotected system."
3. Implement good practice of security measures such as:
• multifactor authentication (MFA).
• Business Continuity Plans and Facilities and Disaster Recovery Policy.
4. Hire a SOC team with good XDR/SIEMS technology, to monitor, detect and respond in a
timely manner to your entire system (network, application, database, server, mobile application).
5. Lock your end user access (pc, laptop, phone, tablet) with endpoint protection (antivirus,
antimalware, etc.).
6. Cyber Awareness Training and Education
7. Filling and Hardening Practices – timely and updated.
When did it happen? Do we need to pay for it?

Facilitating ransomware payments to sanctioned entities may be illegal according to the US

Department of the Treasury, and similarly to EU cybercriminal groups, they may be subject to
financial sanctions. The UK's Terrorism Act 2000 also prohibits payment of ransomware
requests suspected of being linked to terrorism.

In a Cybereason study for example, of the organizations that reported paying ransom demands
after a successful attack, only 42 percent indicated that the attempt resulted in the restoration of
all services and data, while 54 percent said some had returned to normal but some problems
persisted. , or some data is corrupted after decryption.
Congress should not seek to address the ransomware threat by making ransom payments to
cybercriminals illegally, a top FBI official told US lawmakers Tuesday.

Unintentionally prohibiting ransom payments could create opportunities for further extortion by
ransomware gangs, said Bryan Vornran, assistant director of the FBI's cyber division.
"If we prohibit paying ransoms now, you are putting US companies in a position to face another
racketeering, which is extorted for paying the ransoms and not sharing them with the
authorities," Vornran said at a Senate Judiciary Committee hearing on ransoms.
Transportation Security Administration administrator David Pekoske said paying the ransom
should be a "business decision and a security decision with government guidance."

As such, any intention to ban payments must first consider how to build an organization's
cybersecurity maturity, and how to provide an appropriate backstop to enable the organization to
survive the initial period of extreme testing. Ideally, such an approach would also be coordinated
internationally to avoid giving ransomware attackers another avenue to pursue.
Yes, paying the ransom will not guarantee 100% loss of your data, in fact, it may create the next
level of extortion. Prohibiting the payment of ransoms, however, can lead to unreported attacks
and a higher risk to victims. We suggest that the decision to pay or not pay is the final decision
of the business owner. Those who really understand the going concern situation for their
business. Totally bankrupt or suffer losses as a result of the attack.
Government view
For governments, we can suggest that governments have a strong team to assist their business
owners, citizens and all government agencies with adequate protection, education and post-attack
action plans.
As we can learn from the US, where they have the Patriot Act, OFAC and FBI to monitor and
take countermeasures to recover their business owners money from ransomware attacks.
Examples of their success stories are:
• by 2020, helping law enforcement recover more than $1 billion from the Silk Road dark web
market crash.
• DOJ, FBI hack Hive Network, saving US$130 million from crypto ransomware attack
• In October 2019, the company helped the United States Department of Justice shut down the
world's largest child abuse website.
• It also assists the attribution of seven 2021 cryptocurrency thefts to North Korea's Lazarus
Group.
• Working with American investigators and South Korea's National Intelligence Service, the
company traced $100 million stolen from cryptocurrency firm California Harmony to North
Korean hackers, who have stolen billions of dollars from banks and cryptocurrency firms,
funding its illegal missile program. $1 million of the stolen funds were recovered in April 2023.
Why the need for government intervention? Hackers have stolen a record $3 billion in
cryptocurrency this year. Criminals laundered $8.6 billion (£6.4 billion) worth of cryptocurrency
in 2021, up 30% from the previous year. Illegal crypto transactions total US$20 billion. Crypto
market cap stands at $1.1 trillion, down from $2.1 trillion a few months ago.

This fact forms a baseline where the government must protect its citizens from the threat of
security problems in the digital money era. Using tools like chain analysis, will not be enough, as
the Darkweb has the mixing engine to obfuscate crypto transactions, coupled with monero-like
capabilities, to hide the true owner of crypto assets, and make law enforcement like the FBI have
yet another challenge to track down stolen or stolen crypto. ransom payments to the real
criminals directly.

The Indonesian government must act more quickly.

As it is now, more and more Americans are Using Digital Assets. However, we are also sure that
the millennial generation in Indonesia will soon follow this pattern.
According to a March 2022 NBC News poll, 1 in 5 Americans have invested, traded, or used
digital assets. 5 That figure goes up to 50% for men ages 18 to 49, 42% for everyone ages 18 to
34, and 40% for black Americans. According to blockchain analytics firm Chainanalysis, the
total volume of transactions across all digital assets rose 567% in 2021 to $15.8 trillion.
Adoption of digital assets is increasing at a significant pace, according to Deloitte research,
almost 75% of businesses expect to accept digital assets as payment within the next two years.
Data on the blockchain is as ripe for exploitation as data obtained through hacking, social media,
or data brokers, as it can provide foreign adversaries a window into various aspects of American
life. Also concerning, it gives foreign governments the ability to track user activity and
movements in near real-time, as transactions are publicly posted to most blockchains within 10
minutes. So if I buy a cup of coffee at my local coffee shop using most digital assets, a foreign
government can know where I am within 10 minutes. We know that foreign governments have
been collecting and exploiting data of US citizens through various channels for various purposes.

For years, China has embarked on campaigns to steal the personal data of American citizens and
businesses. They use this data to drive artificial intelligence, research and development
programs, and to facilitate their military and economic goals. Recently, China has turned its
internal surveillance network outward by analyzing Western social media and other publicly
available data to provide information about foreign targets and government critics to the Chinese
government, military, and police.

We need to protect ourselves now more than ever. With the cyber war, between the US and
China, it is impossible for us to also be a part of their victims, where we intentionally provide our
data to them, through the transactions we make on ecommerce platforms, technology platforms
and many others.

We need to start adopting best practices to protect our data privacy, either by the efforts of
individuals, each person and each company or we can provide strong data protection across the
country, using our own national internet technology, technology independent protocols and
encryption. It is a time where we are in a race against time and technology globally. We must
embrace the latest data protection frameworks and technologies, to the highest and optimal level.

Reference:

- TERRORISM AND DIGITAL FINANCING: HOW TECHNOLOGY IS CHANGING THE

THREAT

(PDF) Cryptocurrency Risks, Fraud Cases, and Financial Performance

93 Must-Know Ransomware Statistics [2023]

A guide to APTs on the Deep and Dark Web | Cybersixgill

Antivirus and Cybersecurity Statistics, Trends & Facts 2023

As Ransomware Payments Continue to Grow, So Too Does Ransomware’s Role in Geopolitical

Conflict - Chainalysis

Belajar dari Kasus BSI, Cek 10 Ransomware Terganas di Dunia!

Beyond Ransomware: Navigating Threat, Risk and Damage - ACAMS Today

BSI - Ransomware attacks

Chainalysis - Wikipedia

Chainalysis Business Data - Chainalysis

Chainalysis In Action: How FBI Investigators Traced DarkSide's Funds Following the Colonial
Pipeline Ransomware Attack - Chainalysis

Chainalysis launches stolen cryptocurrency tracking team for enterprise | SC Media

Chainalysis Reveals Colonial Pipeline Bitcoin Retrieval

Crypto hackers stole record US$3.8 bln in 2022: Chainalysis

Crypto money laundering rises 30%, report finds - BBC News

Cryptocurrency Investigations Basics & Chainalysis Reactor - DataExpert EN

Cybercrime trends in 2023 | DW Observatory

Cybercriminals Turn to Android Loaders on Dark Web to Evade Google Play Security

Dark Web Profile: Royal Ransomware - SOCRadar

Dark Web Recruitment: How Ransomware Groups Hire Cybercriminal Talent - ReliaQuest

Defending Against Ransomware Attacks: 11 Best Practices for Success - CBI, A Converge
Company

Department of Justice Seizes $2.3 Million in Cryptocurrency Paid to the Ransomware

Extortionists Darkside | OPA | Department of Justice

Diserang Ransomware dan Isu Data Dibobol, Harga Saham BSI (BRIS) Langsung Terhempas
hingga ARB

DOJ, FBI hack Hive Network, save US$130 mln from crypto ransomware attacks

Dugaan Serangan Ransomware Lockbit 3.0 di BSI, 1,5 TB Data Nasabah BSI Dicuri

Evaluating Criminal Transactional Methods in Cyberspace as Understood in an International

Context · CrimRxiv

Evaluation by Chainalysis Declare 2022 to be "The Year of Crypto Thefts" - CySecurity News -
Latest Information Security and Hacking Incidents

Exposing a Thriving Ransomware Marketplace on the Dark Web | Venafi

FBI Busts Russian-Linked Cybercrime Group Behind Colonial Pipeline Attack Via Chainalysis'
Crypto-Tracer

FBI Infiltrated Hive Network, Blocking Over $130 Million in Crypto Ransomware - Decrypt

FBI seized Colonial Pipeline ransom from DarkSide affiliate | TechTarget

FBI tells Congress ransomware payments shouldn't be banned | CNN Politics

FBI: Hackers Are Exploiting DeFi Bugs to Steal Funds - Infosecurity Magazine

GIC invests in blockchain-forensics firm Chainalysis, raising valuation to US$8.6 billion as

governments gear up to fight illegal activity | South China Morning Post

Global Ransomware Damage Costs Predicted To Exceed $265 Billion By 2031

Hacker Ransomware LockBit Klaim Curi 15 Juta Data BSI, Pakar: Diperkirakan sejak Libur
Lebaran Halaman all - Kompas.com

Hackers have stolen record $3 billion in cryptocurrency this year - CBS News

Hit by Cyber Attack, BSI System Knockout! - Medcom.id

How Chainalysis Uses Datalore for Blockchain Analytics

How governments seize millions in stolen cryptocurrency | MIT Technology Review

https://aipol.org/wp-content/uploads/2022/06/AiPol-Police-Journal-June-2022.pdf

https://arxiv.org/pdf/2211.15405.pdf

https://brandefense.io/blog/dark-web/top-deep-web-websites-for-threat-intelligence/

https://broadbandindiaforum.in/wp-content/uploads/2022/03/Crypto-Crime-2022.pdf

https://cybersecurityventures.com/global-ransomware-damage-costs-predicted-to-reach-250-
billion-usd-by-2031/

https://cybersixgill.com/news/articles/apts-on-the-deep-dark-web

https://databoks.katadata.co.id/datapublish/2023/05/15/klaim-serang-bsi-lockbit-termasuk-grup-
ransomware-top-global

https://f.hubspotusercontent20.net/hubfs/7288424/Reports%20and%20White%20Papers/
CYWARE_Final_Ransomware_Index%20Update%20Q321-CSW%20-%20Nov%209.pdf?

https://gbhackers.com/ransomware-as-a-service-2/

https://investor.id/market/329646/diserang-ransomware-dan-isu-data-dibobol-harga-saham-bsi-
bris-langsung-terhempas-hingga-arb

https://keuangan.kontan.co.id/news/dugaan-serangan-ransomware-lockbit-30-di-bsi-15-tb-data-
nasabah-bsi-dicuri

https://logrhythm.com/uws-ransomware-as-a-service-white-paper-ppc/
https://www.cisa.gov/stopransomware

https://publications.parliament.uk/pa/ld5803/ldselect/ldfraudact/87/87.pdf

https://securityandtechnology.org/wp-content/uploads/2021/09/IST-Ransomware-Task-Force-
Report.pdf
https://techinformed.com/ransomware-youve-been-hacked-so-whats-the-plan/

https://theblockchaintest.com/uploads/resources/Chainalysys%20-%20Crypto%20Crime
%20Report%20-%202022%20Feb.pdf

https://theblockchaintest.com/uploads/resources/Chainanalysis%20-%20Ransomware%202021-
Critical%20mid-year%20update%20-%202021%20-%20may.pdf

https://thehackernews.com/2023/04/cybercriminals-turn-to-android-loaders.html

https://venafi.com/blog/babuk-source-code-darkside-custom-listings-exposing-thriving-
ransomware-marketplace-dark-web/

https://www.afp.gov.au/sites/default/files/PDF/Reports/afp-annual-report-2021-2022-1.pdf

https://www.antivirusguide.com/cybersecurity/ransomware-statistics

https://www.atlanticcouncil.org/wp-content/uploads/2022/08/
Behind_the_rise_of_ransomware.pdf

https://www.bleepingcomputer.com/news/security/the-dark-web-is-getting-darker-ransomware-
thrives-on-illegal-markets/

https://www.bsi.bund.de/EN/Themen/Unternehmen-und-Organisationen/Cyber-
Sicherheitslage/Analysen-und-Prognosen/Ransomware-Angriffe/ransomware-
angriffe_node.html

https://www.cfr.org/task-force-report/confronting-reality-in-cyberspace/download/pdf/2022-07/
CFR_TFR80_Cyberspace_Full_SinglePages_06212022_Final.pdf

https://www.cfr.org/task-force-report/confronting-reality-in-cyberspace/download/pdf/2022-07/
CFR_TFR80_Cyberspace_Full_SinglePages_06212022_Final.pdf

https://www.checkpoint.com/cyber-hub/threat-prevention/ransomware/

https://www.cisa.gov/cross-sector-cybersecurity-performance-goals

https://www.cisa.gov/known-exploited-vulnerabilities-catalog

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-131a

https://www.cisa.gov/sites/default/files/2023-05/aa23-131a_malicious_actors_exploit_cve-2023-
27350_in_papercut_mf_and_ng_1.pdf

https://www.cnbcindonesia.com/tech/20230512145240-37-436909/belajar-dari-kasus-bsi-cek-
10-ransomware-terganas-di-dunia
https://www.consumerfinancialserviceslawmonitor.com/wp-content/uploads/sites/501/2022/03/
FINAL-Chainalysis-JL-Senate-Banking-Written-Testimony-March-2022-v2.pdf

https://www.crimrxiv.com/pub/48bmtkg0/release/3

https://www.crowdstrike.com/cybersecurity-101/ransomware/ransomware-as-a-service-raas/

https://www.cybereason.com/blog/what-is-the-dark-web-ransomware-marketplace

https://www.datto.com/resource-downloads/UKDatto-State-of-the-Channel-Ransomware-
Report-v2-2.pdf

https://www.europol.europa.eu/crime-areas-and-statistics/crime-areas/cybercrime

https://www.forbes.com/sites/kevinmurnane/2016/07/15/ransomware-as-a-service-being-offered-
for-39-on-the-dark-net/?sh=76076f8b55a6

https://www.genevaassociation.org/sites/default/files/research-topics-document-type/
pdf_public/ransomware_web.pdf

https://www.govinfo.gov/content/pkg/CHRG-117hhrg45867/html/CHRG-117hhrg45867.htm

https://www.justice.gov/ag/page/file/1510931/download

https://www.justice.gov/archive/ll/what_is_the_patriot_act.pdf

https://www.kompas.com/tren/read/2023/05/13/134500165/hacker-ransomware-lockbit-klaim-
curi-15-juta-data-bsi-pakar--diperkirakan?page=all

https://www.liputan6.com/tekno/read/5287845/kelompok-ransomware-lockbit-akhirnya-sebar-
15-tb-data-karyawan-dan-nasabah-bsi-ke-internet

https://www.medcom.id/english/business/0kpM5x6K-hit-by-cyber-attack-bsi-system-knockout

https://www.packetlabs.net/posts/ransomware-as-a-service-dark-web/

https://www.radware.com/getattachment/Security/Hackers-Corner/2181/
rad1290_DarkNet_v2_Final.pdf.aspx/?lang=en-US

https://www.radware.com/getattachment/Security/Hackers-Corner/2181/
rad1290_DarkNet_v2_Final.pdf.aspx/?lang=en-US

https://www.reliaquest.com/blog/dark-web-recruitment-how-ransomware-groups-hire-
cybercriminal-talent/
https://www.researchgate.net/figure/Ransomware-for-sale-on-dark-web_fig3_343706763/
download

https://www.safetydetectives.com/blog/antivirus-statistics/

https://www.safetydetectives.com/blog/ransomware-statistics/

https://www.scmagazine.com/analysis/ransomware/nearly-three-quarters-of-ransomware-
revenue-generated-by-russian-strains

https://www.sxsw.com/wp-content/uploads/2018/03/Legality-of-Paying-Ransom-FINAL-
2018.1.19.pdf

https://www.tijthailand.org/public/files/highlight/Cryptocurrency%20and%20Crime/3/
Virtualcurrencies%20rusi.pdf

https://www.trendmicro.com/vinfo/ru/security/news/cybercrime-and-digital-threats/shurl0ckr-
ransomware-as-a-service-peddled-on-dark-web-can-reportedly-bypass-cloud-applications

https://www.un.org/counterterrorism/sites/www.un.org.counterterrorism/files/malicious-use-of-
ai-uncct-unicri-report-hd.pdf

https://www.un.org/counterterrorism/sites/www.un.org.counterterrorism/files/malicious-use-of-
ai-uncct-unicri-report-hd.pdf

https://www.unitrends.com/blog/ransomware-as-a-service-raas#:~:text=Ransomware%20attacks
%20as%20well%20as,and%20extorting%20ransom%20from%20victims.

https://www.cisa.gov/zero-trust-maturity-model

Illegal crypto transactions hit high of US$20 billion: Chainalysis - Cryptocurrency - Digital
Nation

Kelompok Ransomware LockBit Akhirnya Sebar 1,5 TB Data Karyawan dan Nasabah BSI ke
Internet - Tekno Liputan6.com

Klaim Serang BSI, LockBit Termasuk Grup Ransomware Top Global

Losses from crypto hacks surged 60% to $1.9 billion in Jan-July: Chainalysis | Mint

Meet the cybercriminals of 2022 | TechCrunch

Nearly three-quarters of ransomware revenue generated by Russian strains | SC Media

Ngaku-ngaku Retas BSI, Ini Profil Ransomeware LockBit 3.0

Patriot Act - Wikipedia

Patriot Act Summary, Pros & Cons | What is the Patriot Act? - Video & Lesson Transcript |
Study.com

Pengertian dan Cara Kerja Ransomware as a Service - Phintraco Group

Protection Cyber Security | Netmarks Indonesia

Ransomware as a Service - Download Free Ransomware From Dark Web

Ransomware as a Service [What Is It and How Does It Work?]

Ransomware As A Service Being Offered For $39 On The Dark Net

Ransomware Facts, Trends & Statistics for 2023

Ransomware for sale on dark web | Download Scientific Diagram

Ransomware Payments: What Should You Do? | Fortinet Blog

Ransomware Protection from BlackBerry

Ransomware Protection Services: Subscription-based Cyber Attacks - Xigent

Ransomware Revenue Down As More Victims Refuse to Pay - Chainalysis

Ransomware: The hackers and their marketplace

Ransomware: To Pay or Not to Pay? It Just Got More Complicated

Should we Make Ransomware Payments Illegal? - Infosecurity Magazine

ShurL0ckr Ransomware as a Service Peddled on Dark Web, can Reportedly Bypass Cloud
Applications - Новости о безопасности - Trend Micro RU

Stop Ransomware | CISA

Success story: Chainalysis | Rise created by Barclays

TERRORISM AND CRYPTOCURRENCY: INDUSTRY PERSPECTIVES | Congress.gov |

Library of Congress

The Blockchain Analysis Company - Chainalysis

The Blockchain Data Platform - Chainalysis

The Dark Web is Getting Darker - Ransomware Thrives on Illegal Markets

The FBI Is Launching a Task Force to Tackle Crypto Crimes

The rise of crypto laundries: how criminals cash out of bitcoin | Financial Times

Top Deep Web Websites For Threat Intelligence - BRANDEFENSE

Trouble Ahead: Ransomware-as-a-Service on the Dark Web

USA PATRIOT Act | FinCEN.gov

USA PATRIOT Act Regulations | CSI

Using blockchain to 'follow the money' in ransomware - KPMG Australia

Using the MITRE ATT&CK Framework to Boost Ransomware Defenses | LogRhythm

What are the Legal Implications from a Ransomware Attack?

What is RaaS (Ransomware-as-a-Service)? | Kaspersky IT Encyclopedia

What is Ransomware as a Service (RaaS)? - CrowdStrike

What is Ransomware-as-a-Service (RaaS)? | Unitrends

What is the Dark Web Ransomware Marketplace?

White Paper: Five Lessons Learned from Ransomware Attacks

Who’s Buying And Selling Ransomware Kits On the Dark Web