Who said the criminal economy of ransomware has to thrive? As Yelisey Boguslavsky, the new director of research at cyber-threat firm RedSense, explains to The Wall Street Journal, in the fall cybercriminals parted ways with some 45 operators at several dubious call centers due to unprofitable deals.
Answering a question from ZDNET.fr, Elisey Boguslavsky clarified that the last observed activities of these call centers date back to November 2022. The location of these call centers remains unclear. Although they appear to have been based in India and Turkey, their whereabouts could not be determined with certainty.
In fact, the lack of profitability of these centers would lead the managers to stop spending. Perhaps this is a new weak signal that the ransomware criminal industry is treading water after a few good years. Blockchain analyst Chainalysis reported a notable decrease (-40%) in its ransomware estimates in 2022. The trend points, according to the company, to an increase in the number of organizations refusing to succumb to the blackmail of cybercriminals.
As Elisey Boguslavsky explains to the American economic newspaper, forty cybercriminal call center operators were in charge of persuading potential victims to install remote access software on their networks. You can then take control of the victim’s computer to deploy the ransomware there. The Microsoft threat intelligence team has already detailed the processes of such fake call centers in 2021.
As for the leaders, this cybercriminal group specialist adds, they will be former members of the Conti ransomware franchise scattered across new groups, from Silent Ransom Group, Royal, Zeon, Black Basta to Diavol. Active since early 2020, Conti exploded after showing himself in support of the Russian invasion of Ukraine. This stance led to a major data breach that forced the criminal organization to draw a curtain on its demo site last June.