Russian ransomware groups are actively recruiting penetration testers to strengthen their malicious operations, according to a new threat report from Cato Networks. The gangs, including Apos, Lynx, and Rabbit Hole, have posted multiple job listings on Russian-language forums seeking skilled professionals.
Penetration testers, who typically work to identify security vulnerabilities in legitimate systems, are now being targeted by cybercriminals to help perfect their ransomware attacks. The recruitment drive highlights the growing professionalization of ransomware operations.
"Ransomware gangs are hiring people with penetration testing expertise - not to secure systems, but to target them," explains Etay Maor, Chief Security Strategist at Cato Networks. "There's a whole economy in the criminal underground just behind this area of ransomware."
The criminal groups aim to thoroughly test their ransomware before deployment, similar to how legitimate software undergoes testing. This methodical approach demonstrates the sophistication of modern ransomware operations.
The report reveals concerning trends in the ransomware ecosystem, including the lowering barriers to entry for cybercriminals. Examples include ransomware source code being sold for $45,000 and the emergence of ransomware builder tools.
Adding to these concerns, artificial intelligence is making it easier for newcomers to enter the cybercrime space. "The bar keeps going down in terms of how much it takes to be a criminal," notes Maor. "Now you don't need to even buy [malware] because other cybercriminals will do this for you."
The findings come from Cato Networks' analysis of 1.46 trillion network flows across more than 2,500 customers globally between July and September 2024. The report underscores the persistent evolution of ransomware threats and the need for enhanced cybersecurity measures.