{"id":16743,"date":"2021-09-13T16:14:39","date_gmt":"2021-09-13T15:14:39","guid":{"rendered":"http:\/\/riskinsight-prepro.s189758.zephyr32.atester.fr\/?p=16743"},"modified":"2021-09-15T08:19:05","modified_gmt":"2021-09-15T07:19:05","slug":"newsletter-cert-w-from-the-front-line-summer-2021","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/newsletter-cert-w-from-the-front-line-summer-2021\/","title":{"rendered":"Newsletter CERT-W, from the front line &#8211; Summer 2021"},"content":{"rendered":"\n<figure id=\"post-16207 media-16207\" class=\"align-center\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-16207\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/06\/CDT-WATCH.png\" alt=\"\" width=\"1621\" height=\"455\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/06\/CDT-WATCH.png 1621w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/06\/CDT-WATCH-437x123.png 437w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/06\/CDT-WATCH-71x20.png 71w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/06\/CDT-WATCH-768x216.png 768w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/06\/CDT-WATCH-1536x431.png 1536w\" sizes=\"auto, (max-width: 1621px) 100vw, 1621px\" \/><\/figure>\n<h1 style=\"text-align: center;\"><strong>DECRYPTION<\/strong><\/h1>\n<h2 style=\"text-align: center;\">The underground economy of the ransomware<\/h2>\n<p>In recent years the products of the underground economy have evolved quickly. Cyber criminals now offer services for others to purchase, the most popular being: <strong>Ransomware-as-a-service (RaaS).<\/strong><\/p>\n<p><strong>Let\u2019s pretend you are a hacker<\/strong> aiming to launch a successful ransomware attack. Only, you are quite new to the business. What do you think you need? A very sophisticated level of coding and development skills? Not anymore. The whole underground economy of RaaS can provide you with every necessary element to conduct your attack, from the access credentials to the mixers helping you to launder your gains.<\/p>\n<p><strong>What do I need for my ransomware attack? <\/strong><\/p>\n<p><strong>Need #1<\/strong>&nbsp;<strong>\u2013 <\/strong><strong>Enter my target\u2019s network.<\/strong> In order to do so, you need to acquire access to the victim\u2019s network: your first providers are the&nbsp;<strong>initial access brokers (IABs)<\/strong>&nbsp;or&nbsp;<strong>botmasters.<\/strong><\/p>\n<p>They are specialized in vulnerability exploit. They identify the flaws through massive phishing campaigns and\/or scans and then <strong>access the system. <\/strong>Once inside, <strong>they set up remote persistent access&nbsp;<\/strong>to the target\u2019s network. <a href=\"https:\/\/ke-la.com\/all-access-pass-five-trends-with-initial-access-brokers\/\">The botmasters then sell you the access: depending on its level of quality, prices can range from $1K to $100K (seen for a Mexican government body). The average price for network access in 2020 was $5,400.<\/a> The botmaster\u2019s services also include information on the financial health of the targeted victim, to help the attacker set the highest realistic price for the ransom<\/p>\n<p><strong>Need #2<\/strong>&nbsp;\u2013&nbsp;<strong>Anonymous<\/strong> <strong>infrastructure to host my hacking tools and store my data<\/strong><strong>. <\/strong>The second actor of the chain is the&nbsp;<strong>bulletproof hoster<\/strong>, <a href=\"https:\/\/www.recordedfuture.com\/bulletproof-hosting-services\/\">providing you with infrastructure-as-a-service, including anonymization services. The subscription can go from $5 per month to any price.<\/a><\/p>\n<p><strong>Need #3 \u2013 A ransomware to encrypt my victim\u2019s files! <\/strong><\/p>\n<p>Now the main part: where can you find a ransomware? The most popular way is to subscribe to a&nbsp;<strong>RaaS platforms<\/strong>, offering 4 main services:<\/p>\n<ul>\n<li><strong>Provide necessary information<\/strong>: potential victims, their financial status, security level\u2026<\/li>\n<li>The&nbsp;<strong>ransomware: <\/strong>the malicious code&nbsp;and a tool kit to facilitate the attack<\/li>\n<li><strong>Negotiation service<\/strong>&nbsp;(including support to collect the ransom)<\/li>\n<li><strong>Money laundering service<\/strong><\/li>\n<\/ul>\n<p>Other services are offered, according to what you are ready to pay. <a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2021\/05\/11121219\/Ransomware_world_in_2021_08.png\">Here<\/a> is an example of different price subscriptions and services on a RaaS platform. <a href=\"https:\/\/cybersecurityventures.com\/whos-buying-and-selling-ransomware-kits-on-the-dark-web\/\">It can go from $100 to $84,000 (Maze).<\/a><\/p>\n<p><strong>Where is the money going? <\/strong><\/p>\n<p><strong>Need #4 \u2013 Clean my money! <\/strong>Once the attack is successful, the people in charge of <strong>the money laundering<\/strong> and<strong> money mules <\/strong>take the stage.<\/p>\n<p><a href=\"https:\/\/media.threatpost.com\/wp-content\/uploads\/sites\/103\/2021\/04\/19080601\/0354039421fd7c82eb4e1b4a7c90f98e.pdf\">After a payment to the perpetrator\u2019s wallet is made, money is then dispersed and mixed across numerous wallets, to provide anonymity.<\/a> This <strong>bitcoin mixing<\/strong> through multiple other wallets makes the payment tracing quite difficult. In the Colonial Pipeline case, <a href=\"https:\/\/www.coindesk.com\/colonial-pipeline-paid-almost-5m-crypto-ransom-soon-after-attack-report\">the wallet received the 75 BTC from them, mixed with 57 payments from 21 different wallets.<\/a> However, this case has proven that <strong>the tracing is not insurmountable.<\/strong> No matter how many times the bitcoins are moved, ultimately it has to go through cryptocurrency trading platforms (such as BTC-E) and be cashed out at exchange points.<\/p>\n<p><a href=\"https:\/\/www.elliptic.co\/blog\/buried-treasure-criminals-to-go-to-extreme-lengths-to-cash-out-crypto\">Recently, the situation involves global anti-money laundering (AML) regulators armed with blockchain sleuthing tools to trace and screen transactions, making the cash-out process harder to go unnoticed<\/a>. To face this upgrade, cybercriminals can use a system described as \u201c<strong>The Treasure Man\u201d<\/strong>. You can find and hire them on darknet marketplaces (such as Hydra). They will <strong>cash-out your gains and hide them \u2013 physically &#8211; <\/strong>for you to pick up. <a href=\"https:\/\/www.ft.com\/content\/4169ea4b-d6d7-4a2e-bc91-480550c2f539\">\u201c<em>They bury it underground or hide it behind a bush, and they will tell you the coordinates. There is a whole profession<\/em>\u201d (Elliptic)&nbsp;<\/a><\/p>\n<p><strong>Who are the people behind the RaaS platforms? <\/strong><\/p>\n<p>RaaS platforms are based on&nbsp;<strong>very organized and structured groups<\/strong>&nbsp;such as SMEs. REvil (one of the biggest RaaS) indicated having <u>a <\/u><u><a href=\"https:\/\/www.cyjax.com\/2021\/07\/09\/revilevolution\/\">team of 10 developers and systems admins<\/a><\/u>, besides their project managers. To recruit the best experts, <strong>the platform&#8217;s leaders choose their employees after a challenging recruitment process. <\/strong>The candidates prove themselves through job interviews, hacking exercises and agree to an \u201cethical charter\u201d. <a href=\"https:\/\/cybernews.com\/security\/how-we-applied-to-work-with-ransomware-gang\/\">You can read here the undercover investigation of journalists who followed the process to be hired as hackers by a RaaS.<\/a><\/p>\n<p>The <strong>subscribers<\/strong> or <strong>affiliates<\/strong> of a RaaS platform (in this story, that\u2019s you) are \u201conly\u201d in charge of the intrusion, the data collect and the ransomware deployment on the victim network. The affiliates usually pocket <strong><u>between<\/u><\/strong><u>&nbsp;<\/u><u><a href=\"https:\/\/media.threatpost.com\/wp-content\/uploads\/sites\/103\/2021\/04\/19080601\/0354039421fd7c82eb4e1b4a7c90f98e.pdf\"><strong>60<\/strong> <strong>and 80 % of the ransom<\/strong>, with the rest going into the operators\u2019 coffers.<\/a><\/u> The RaaS platform of&nbsp;Netwalker requires 20% of the ransom, but other groups can ask 70%. <u>REvil recently announced being&nbsp;<\/u><u><a href=\"https:\/\/www.youtube.com\/watch?v=ZyQCQ1VZp8s&amp;ab_channel=RussianOSINT\">paid at least 100,000,000$ per year.<\/a><\/u><u>&nbsp;<\/u><\/p>\n<p><strong>No honor among thieves?<\/strong><\/p>\n<p>If the RaaS market is a very well-organized business model, it still is the underground economy we are talking about.&nbsp;It\u2019s not because you are a potential RaaS client, that you are in a safe place.<\/p>\n<p>The two&nbsp;<a href=\"https:\/\/www.sciencedirect.com\/science\/article\/pii\/S0167404820300468\">years of research on the darknet of H\u00e5kon Melanda<\/a>&nbsp;have shown that&nbsp;<strong>most of the RaaS items sold on the darknet markets are frauds<\/strong>, where the buyers either get rubbish or ransomware that redirects the whole payment somewhere else than the buyer\u2019s wallet. If the authentic RaaS vendors are indeed taking the lion\u2019s share in terms of gains,&nbsp;the others are not doing bad either by <strong>targeting naive cybercriminals.&nbsp;<\/strong><\/p>\n<p>If the RaaS distribution process significantly facilitated the ransomware attack for more people, it does not mean it is accessible to every internet user. Not only employees of a RaaS platform need to have a strong resume to be hired, but&nbsp;the <strong>affiliates too have to prove their skills before being allowed to subscribe<\/strong> to a RaaS service.&nbsp;<a href=\"https:\/\/media.threatpost.com\/wp-content\/uploads\/sites\/103\/2021\/04\/19080601\/0354039421fd7c82eb4e1b4a7c90f98e.pdf\">Well-established RaaS groups such as NetWalker are known to be rather picky and carefully check any new affiliate with interviews and a short trial period<\/a>. The basic requirement for an affiliate candidate is &#8211; at least &#8211; to demonstrate experience in carrying out network intrusions and lateral movement.<\/p>\n<p><strong>Conclusion: The Circle of money<\/strong><\/p>\n<p>This very well-organized and profitable economic system yearns for one thing: to be even more profitable, like any business. <strong>To hire better experts, with better tools and launch more sophisticated attacks to collect more money<\/strong>. How can they develop themselves? <strong>Through the ransom paid by previous attacks<\/strong>. According to <a href=\"https:\/\/searchsecurity.techtarget.com\/news\/252503170\/DarkSide-ransomware-funded-by-cybercriminal-investors\">Ondrej Krehel studies, most of the largest ransomware gangs were launched with seed money from previous operations such as Darkside with Zloader.<\/a> <a href=\"https:\/\/www.fastcompany.com\/90650142\/ransomware-venture-capital-ecosystem-lifars\">Moreover, as groups sought to diversify with new operations, members adopted a sort of <strong>venture capital<\/strong> structure<\/a>, in which one team provides funds to help another build the infrastructure and tools needed to start its operations. <strong>The more ransom that is sent to the system, the more experts will be attracted by this profitable business<\/strong>, <a href=\"https:\/\/www.lemagit.fr\/actualites\/252503610\/Derriere-les-ransomwares-en-mode-service-Des-investisseurs\">the more investors will fund it.<\/a><\/p>\n<p>Besides, once a ransom is paid, the payer is identified as a \u201cgood client\u201d by the market. <a href=\"https:\/\/www.cybereason.com\/press\/new-cybereason-ransomware-study-reveals-true-cost-to-business\">Cybereasons studies indicated that 80% of organizations that paid the ransom after a ransomware attack were hit again.<\/a> <strong>When a victim pays a ransom, it does not guarantee recovery of their system, but it is for sure the best way to fund a future attack, more sophisticated, against themselves.<\/strong><\/p>\n<p>&nbsp;<\/p>\n<figure id=\"post-16210 media-16210\" class=\"align-center\">\n<figure id=\"post-16367 media-16367\" class=\"align-center\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-16367\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/image1.jpg\" alt=\"\" width=\"940\" height=\"493\"><\/figure>\n<\/figure>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<h1 style=\"text-align: center;\"><strong>CERT-W: FROM THE FRONT LINE<\/strong><\/h1>\n<h2 style=\"text-align: center;\">The CTI Word<\/h2>\n<figure id=\"post-16221 media-16221\" class=\"align-center\">\n<figure id=\"post-16228 media-16228\" class=\"align-center\">\n<figure id=\"post-16369 media-16369\" class=\"align-center\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-16369\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/image2.jpg\" alt=\"\" width=\"940\" height=\"572\"><\/figure>\n<\/figure>\n<\/figure>\n<h1>&nbsp;<\/h1>\n<p>&nbsp;<\/p>\n<h1 style=\"text-align: center;\"><strong>FOCUS TECH<\/strong><\/h1>\n<h2 style=\"text-align: center;\">File Obfuscation<\/h2>\n<p>&nbsp;<\/p>\n<figure id=\"post-16215 media-16215\" class=\"align-center\">\n<figure id=\"post-16371 media-16371\" class=\"align-center\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-16371\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/1.png\" alt=\"\" width=\"889\" height=\"251\"><\/figure>\n<figure id=\"post-16373 media-16373\" class=\"align-center\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-16373\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/2.png\" alt=\"\" width=\"918\" height=\"279\"><\/figure>\n<figure id=\"post-16375 media-16375\" class=\"align-center\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-16375\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/3.png\" alt=\"\" width=\"922\" height=\"531\"><\/figure>\n<figure id=\"post-16377 media-16377\" class=\"align-center\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-16377\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/4.png\" alt=\"\" width=\"922\" height=\"531\"><\/figure>\n<figure id=\"post-16379 media-16379\" class=\"align-center\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-16379\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/5.png\" alt=\"\" width=\"917\" height=\"552\"><\/figure>\n<figure id=\"post-16381 media-16381\" class=\"align-center\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-16381\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/6.png\" alt=\"\" width=\"915\" height=\"806\"><\/figure>\n<\/figure>\n<figure id=\"post-16383 media-16383\" class=\"align-center\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-16383\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/7.png\" alt=\"\" width=\"830\" height=\"243\"><\/figure>\n<p style=\"text-align: center;\"><strong>To learn more about the given malwares:<\/strong><\/p>\n<figure id=\"post-16217 media-16217\" class=\"align-center\">\n<figure id=\"post-16385 media-16385\" class=\"align-center\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-16385\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/8.jpg\" alt=\"\" width=\"762\" height=\"198\"><\/figure>\n<\/figure>\n<p>&nbsp;<\/p>\n<h1 style=\"text-align: center;\"><strong>Reading Of The Month<\/strong><\/h1>\n<p style=\"text-align: center;\">Instead of a report, we recommend for the reading of the summer the interview of BlackMatter, who has his heart set on explaining how there are taking the best from REvil and DarkSide, their business model and their guidelines of victims\u2019 target.<\/p>\n<figure id=\"post-16219 media-16219\" class=\"align-center\">\n<figure id=\"post-16387 media-16387\" class=\"align-center\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-16387\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/9.jpg\" alt=\"\" width=\"289\" height=\"196\"><\/figure>\n<\/figure>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>DECRYPTION The underground economy of the ransomware In recent years the products of the underground economy have evolved quickly. Cyber criminals now offer services for others to purchase, the most popular being: Ransomware-as-a-service (RaaS). Let\u2019s pretend you are a hacker&#8230;<\/p>\n","protected":false},"author":1364,"featured_media":16720,"comment_status":"open","ping_status":"closed","sticky":false,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[3225,3972],"tags":[2596,3483,265],"coauthors":[3488],"class_list":["post-16743","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ethical-hacking-indicent-response","category-newsletter-cert","tag-cert","tag-indicators-2","tag-malware"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Newsletter CERT-W, from the front line - Summer 2021 - RiskInsight<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/newsletter-cert-w-from-the-front-line-summer-2021\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Newsletter CERT-W, from the front line - Summer 2021 - RiskInsight\" \/>\n<meta property=\"og:description\" content=\"DECRYPTION The underground economy of the ransomware In recent years the products of the underground economy have evolved quickly. Cyber criminals now offer services for others to purchase, the most popular being: Ransomware-as-a-service (RaaS). Let\u2019s pretend you are a hacker...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/newsletter-cert-w-from-the-front-line-summer-2021\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2021-09-13T15:14:39+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-09-15T07:19:05+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/03\/Image9.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"780\" \/>\n\t<meta property=\"og:image:height\" content=\"520\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"CERT-W\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"CERT-W\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/newsletter-cert-w-from-the-front-line-summer-2021\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/newsletter-cert-w-from-the-front-line-summer-2021\/\"},\"author\":{\"name\":\"CERT-W\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/b3138a95b8559cf24bf256c8e9994eca\"},\"headline\":\"Newsletter CERT-W, from the front line &#8211; Summer 2021\",\"datePublished\":\"2021-09-13T15:14:39+00:00\",\"dateModified\":\"2021-09-15T07:19:05+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/newsletter-cert-w-from-the-front-line-summer-2021\/\"},\"wordCount\":1284,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/newsletter-cert-w-from-the-front-line-summer-2021\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/03\/Image9.jpg\",\"keywords\":[\"CERT\",\"indicators\",\"malware\"],\"articleSection\":[\"Ethical Hacking &amp; Incident Response\",\"Newsletter CERT\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/newsletter-cert-w-from-the-front-line-summer-2021\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/newsletter-cert-w-from-the-front-line-summer-2021\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/newsletter-cert-w-from-the-front-line-summer-2021\/\",\"name\":\"Newsletter CERT-W, from the front line - Summer 2021 - RiskInsight\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/newsletter-cert-w-from-the-front-line-summer-2021\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/newsletter-cert-w-from-the-front-line-summer-2021\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/03\/Image9.jpg\",\"datePublished\":\"2021-09-13T15:14:39+00:00\",\"dateModified\":\"2021-09-15T07:19:05+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/newsletter-cert-w-from-the-front-line-summer-2021\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/newsletter-cert-w-from-the-front-line-summer-2021\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/newsletter-cert-w-from-the-front-line-summer-2021\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/03\/Image9.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/03\/Image9.jpg\",\"width\":780,\"height\":520},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/newsletter-cert-w-from-the-front-line-summer-2021\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Newsletter CERT-W, from the front line &#8211; Summer 2021\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/b3138a95b8559cf24bf256c8e9994eca\",\"name\":\"CERT-W\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/cert-w\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Newsletter CERT-W, from the front line - Summer 2021 - RiskInsight","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/newsletter-cert-w-from-the-front-line-summer-2021\/","og_locale":"en_US","og_type":"article","og_title":"Newsletter CERT-W, from the front line - Summer 2021 - RiskInsight","og_description":"DECRYPTION The underground economy of the ransomware In recent years the products of the underground economy have evolved quickly. Cyber criminals now offer services for others to purchase, the most popular being: Ransomware-as-a-service (RaaS). Let\u2019s pretend you are a hacker...","og_url":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/newsletter-cert-w-from-the-front-line-summer-2021\/","og_site_name":"RiskInsight","article_published_time":"2021-09-13T15:14:39+00:00","article_modified_time":"2021-09-15T07:19:05+00:00","og_image":[{"width":780,"height":520,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/03\/Image9.jpg","type":"image\/jpeg"}],"author":"CERT-W","twitter_misc":{"Written by":"CERT-W","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/newsletter-cert-w-from-the-front-line-summer-2021\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/newsletter-cert-w-from-the-front-line-summer-2021\/"},"author":{"name":"CERT-W","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/b3138a95b8559cf24bf256c8e9994eca"},"headline":"Newsletter CERT-W, from the front line &#8211; Summer 2021","datePublished":"2021-09-13T15:14:39+00:00","dateModified":"2021-09-15T07:19:05+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/newsletter-cert-w-from-the-front-line-summer-2021\/"},"wordCount":1284,"commentCount":0,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/newsletter-cert-w-from-the-front-line-summer-2021\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/03\/Image9.jpg","keywords":["CERT","indicators","malware"],"articleSection":["Ethical Hacking &amp; Incident Response","Newsletter CERT"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/newsletter-cert-w-from-the-front-line-summer-2021\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/newsletter-cert-w-from-the-front-line-summer-2021\/","url":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/newsletter-cert-w-from-the-front-line-summer-2021\/","name":"Newsletter CERT-W, from the front line - Summer 2021 - RiskInsight","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/newsletter-cert-w-from-the-front-line-summer-2021\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/newsletter-cert-w-from-the-front-line-summer-2021\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/03\/Image9.jpg","datePublished":"2021-09-13T15:14:39+00:00","dateModified":"2021-09-15T07:19:05+00:00","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/newsletter-cert-w-from-the-front-line-summer-2021\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/newsletter-cert-w-from-the-front-line-summer-2021\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/newsletter-cert-w-from-the-front-line-summer-2021\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/03\/Image9.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/03\/Image9.jpg","width":780,"height":520},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/newsletter-cert-w-from-the-front-line-summer-2021\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"Newsletter CERT-W, from the front line &#8211; Summer 2021"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/b3138a95b8559cf24bf256c8e9994eca","name":"CERT-W","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/cert-w\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/16743","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/1364"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=16743"}],"version-history":[{"count":3,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/16743\/revisions"}],"predecessor-version":[{"id":17398,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/16743\/revisions\/17398"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/16720"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=16743"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=16743"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=16743"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=16743"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}