Experts Expose Farnetwork’s Ransomware-as-a-Service Business Model

Experts Expose Farnetwork's Ransomware-as-a-Service Business Model

November 8, 2023 at 03:21AM

Cybersecurity researchers have identified a threat actor known as farnetwork, who has been involved in multiple ransomware-as-a-service (RaaS) programs, including JSWORM, Nefilim, Karma, and Nemty. They have recently launched their own RaaS program using the Nokoyawa ransomware. The threat actor is adept at using stolen corporate account credentials to carry out attacks and demands a percentage of the ransom as payment. It is expected that farnetwork will reemerge under a different name with a new RaaS program.


– Cybersecurity researchers have identified a threat actor named farnetwork who has been involved in several ransomware-as-a-service (RaaS) programs over the past four years.
– farnetwork has contributed to ransomware projects like JSWORM, Nefilim, Karma, and Nemty before launching their own RaaS program based on the Nokoyawa ransomware.
– They have operated under various aliases on underground forums and have recently focused on Nokoyawa and launched a botnet service to provide access to compromised networks.
– farnetwork recruits individuals to facilitate privilege escalation and deploy ransomware using stolen corporate account credentials.
– The RaaS model ensures affiliates receive 65% of the ransom, the botnet owner receives 20%, and the ransomware developer receives 15% (potentially dropping to 10%).
– Nokoyawa has ceased operations, but there is a possibility that farnetwork will resurface with a new RaaS program.

Please let me know if you need any further information.

Full Article