What’s Next After Ransomware Gangs Have Consultants and Arbitrators?

ransomware

Ransomware professionals are starting to operate more like legitimate businesses, selling ransomware-as-a-service (RaaS) to non-technical would-be cyber thieves — a subscription-based or pay-for-use malware. There are also consultants for hire to gather intel on potential victims, determine realistic demands and act as negotiators between victims and thieves.

Arbitration services to collect payments and help the cyberthieves resolve disputes among themselves is the latest side service, according to the 2021 ransomware trends report issued this month by the FBI, the NSA, and the Cybersecurity and Infrastructure Security Agency in the U.S., as well as the U.K. National Cyber Security Centre and the Australian Cyber Security Centre.

Like any business, even nefarious operations hustling deals on the dark web need arbitrators and consultants. Ransomware gangs are known at being quite proficient at hacking major systems, encrypting data and halting business operations, pipelines and all kinds of everyday infrastructure. But the other details — the ransom negotiations, the collection of funds and even the distribution among gang members — require different levels of expertise.

See also: Ransomware Reaches Beyond Money With More Sinister Goals

Cybercrime-consultancy-as-a-service? Cybercrime-arbitration-as-a service? The possibilities are numerous, from accountants and lawyers to enforcement and penalties. Experts in the field as well as government agencies around the globe are recognizing that the professionalization of ransomware will likely lead to many more adjacent services.

High-profile attacks last year on the world’s largest meat-packing company (JBS lost one-fifth of the nation’s meat supply) and the biggest U.S. fuel pipeline (Colonial Pipeline lost access to its 5,500-mile natural gas pipeline for five days) are just two of the major hacks with big implications.

Last November, the FBI and the Secret Service warned in separate reports that the BlackByte ransomware group hit at three critical infrastructure sectors — government facilities, financial services and food and agriculture.

Read more: Digital Fraud Tracker: Explaining Third- and First-Party Fraud

The U.K. National Cyber Security Centre said in the trends report that it’s seen some ransomware gangs offering a 24/7 help center to assist victims with processing payments and get data restored.

The multi-agency trends report also points to the expanding tech skills of ransomware gangs, with the ability to target cloud infrastructure, which is touted as being the safer way to store data. U.S. authorities reported there have been ransomware attacks involving 14 out of 16 designated critical infrastructure sectors, including the defense industrial base, agriculture and information technology sectors.