Franchises are as American as apple pie, and franchise businesses account for hundreds of billions of dollars of economic output into the U.S. economy each year. So perhaps it should come as no surprise that cybercriminals have figured out that the franchise model can be very lucrative for them.
While cybercriminals are not signing template franchise agreements to allow them to sell branded burgers and shakes, they are using the ransomware as a service (“RaaS”) model, sometimes called ransomware affiliate schemes, to effectively license the ransomware software developed by hacking “masterminds”—thereby avoiding the need to develop their own hacking software. These transactions take place in the dark web.
DarkSide, the ransomware software purportedly responsible for the recent attack on Colonial Pipeline, is said to be provided to “customers” on a subscription basis under the RaaS model. Under this arrangement, hackers who may lack the skills to develop their own ransomware software, can pay for their use of DarkSide, and the owners of DarkSide collect a share of the ransom payments collected by the hackers. It’s a win-win for the cybercriminals and has lowered the barrier of entry for would-be ransomware hackers.
Nixon Peabody’s Cybersecurity and Privacy Team will continue to monitor the surging level of ransomware activity.