From JSWORM to Karma: The Hilarious Hustle of Cybercrime’s Ransomware Renaissance Man

While we were perfecting lockdown banana bread, farnetwork was busy kneading a cybercriminal empire. This Ransomware Renaissance Man, a master in Unmasking Ransomware-as-a-service Actor, added his own botnet service to a buffet of cybercrimes. Group-IB predicts an encore, so keep your eyes peeled for this Mozart of Malware!

Hot Take:

In the world of cybercrime, it’s all about the hustle and grind! Meet farnetwork, a cybercriminal mastermind who’s been moonlighting as a freelance ransomware artist and has dabbled in everything from JSWORM to Karma. After years of dabbling in other people’s projects, they’ve finally launched their own ransomware-as-a-service program. Talk about a self-starter!

Key Points:

  • Farnetwork, a notable cybercriminal, has been linked to five ransomware-as-a-service (RaaS) programs over the past four years.
  • Group-IB, a cybersecurity firm, infiltrated a private RaaS program that uses the Nokoyawa ransomware strain and conducted an ‘interview’ with farnetwork.
  • Farnetwork has operated under several aliases and has been involved in several ransomware projects, including JSWORM, Nefilim, Karma, and Nemty.
  • In 2022, farnetwork launched their own botnet service to provide affiliates with access to compromised corporate networks.
  • Farnetwork’s RaaS model allows affiliates to receive 65% of the ransom amount, while the botnet owner receives 20%, and the ransomware developer gets 15%.

Need to know more?

The Ransomware Renaissance Man

While most of us were busy baking banana bread during the pandemic, farnetwork was busy creating a cybercriminal empire. From JSWORM to Karma, this jack-of-all-trades has not only mastered multiple RaaS programs but has also launched their own. The hustle is strong with this one!

James Bond of Cybercrime

Our friends at Group-IB pulled off their best Bond impersonation, infiltrating a private RaaS program and even scoring an interview with farnetwork. Despite the lack of shaken martinis, they got some juicy info about farnetwork's aliases and operations.

Robin Hood, But Not Really

Farnetwork isn't stealing from the rich and giving to the poor. Instead, they've created a unique RaaS model where they generously share 65% of the ransom with the affiliates. The botnet owner gets a 20% cut, while the ransomware developer settles for the remaining 15%. It's like a criminal co-op!

Now You See Me, Now You Don't

Farnetwork may have ceased operations as of October 2023, but just like a bad penny, they're likely to turn up again. Group-IB predicts that farnetwork will resurface under a new name with a fresh RaaS program. So, keep your eyes peeled, folks!

The Mozart of Malware

There's no denying it, farnetwork is a maestro in the dark underworld of cybercrime. Described as an experienced and highly skilled threat actor by Group-IB, this virtuoso is one of the most active players in the RaaS market. Bravo!
Tags: Botnet Service, Group-IB, Nokoyawa Ransomware, phishing campaigns, Ransomware-as-a-Service (RaaS), threat actor, Underground Cyber Markets