Cybersecurity researchers have recently adopted a unique approach to infiltrate a private Ransomware-as-a-Service (RaaS) program associated with the Nokoyawa ransomware strain. By engaging in a distinctive “job interview” process with farnetwork, they gained valuable insights into this threat actor’s background and multifaceted role in the cybercriminal landscape. This article explores the details of farnetwork’s operations, its involvement in various RaaS programs, and the recruitment efforts related to Nokoyawa.
Inside Farnetwork Operation – A Major RaaS Player
Farnetwork began its cybercriminal career in 2019 and has since been involved in various ransomware projects, contributing to the development of JSWORM, Nefilim, Karma, and Nemty. Notably, they played roles in developing ransomware and managing RaaS programs before venturing into their own RaaS program centered around the Nokoyawa ransomware.
The Many Faces of Farnetwork RaaS
Operating under aliases such as farnetworkit, farnetworkl, jingo, jsworm, piparkuka, and razvrat on underground forums, farnetwork initially gained attention by advertising a remote access trojan named RazvRAT as a vendor.
In 2022, farnetwork expanded its horizons by shifting its focus to Nokoyawa and reportedly launching its own botnet service, providing affiliates with access to compromised corporate networks.
Recruitment Efforts and RaaS Model
Throughout the year, farnetwork has been actively linked to recruiting efforts for the Nokoyawa RaaS program. Potential candidates are sought to facilitate privilege escalation using stolen corporate credentials, deploy ransomware, and demand payment for decryption keys. The RaaS model allocates a 65% share to affiliates, 20% to the botnet owner, and 15% to the ransomware developer, potentially dropping to 10%.
While Nokoyawa ceased operations in October 2023, cybersecurity experts caution that there is a high probability of farnetwork resurfacing under a different name with a new RaaS program. Described as an experienced and highly skilled threat actor, farnetwork remains one of the most active players in the RaaS market, according to Nikolay Kichatov, a threat intelligence analyst at Group-IB.
To protect your system from threats like RaaS and similar cyberattacks, follow these steps:
Removal Guide
If you suspect your system is compromised by RaaS or similar threats, take the following steps:
- Isolate Infected System: Disconnect the infected system from the network and the internet to prevent further communication with the attacker’s servers.
- Data Backup: Ensure that you have up-to-date backups of your important data in a secure location.
- Antivirus Scan: Run a full system scan using reputable antivirus software to detect and remove any malware. Follow the software’s recommendations for quarantining or deleting malicious files.
- Secure Your Network: Review your network security settings and update your firewall rules to prevent unauthorized access.
- Password Reset: Change passwords for your critical accounts to prevent unauthorized access.
Safeguarding Your System
To minimize the risk of future encounters with similar threats:
- Regular Software Updates: Keep your operating system and all software up to date to patch known vulnerabilities.
- Email Security: Be cautious with email attachments and links, especially from unknown sources. Enable email filtering and use anti-phishing tools if available.
- Secure Passwords: Use strong, unique passwords for all your accounts. Consider using a password manager to generate and store complex passwords.
- User Training: Educate yourself and your team about safe online practices and how to recognize potential threats.
- Network Security: Implement robust network security measures, including intrusion detection systems and firewalls.
Conclusion
The “job interview” process with farnetwork sheds light on the multifaceted world of Ransomware-as-a-Service and its key players. Cybersecurity experts remain vigilant, ready to respond to emerging threats, and individuals can protect their systems by following these removal and safeguarding steps. Farnetwork’s activities highlight the ever-evolving landscape of cybercrime and the importance of proactive defense measures.
