Netflix of Crime: Criminals Rent Kits for System Kidnapping

Criminal cybercrime has professionalized and now operates on a ‘subscription’ model similar to Netflix. The LockBit criminal group is behind Ransomware as a Service (RaaS), a platform where criminals ‘rent’ attack kits and even earn benefits from extortions. This illegal market structure was detailed in an exclusive finding by ESET, obtained by Tilt.
The business model is simple and attractive to novice cybercriminals. The group acts as a technology provider, offering support and infrastructure for ransom negotiations. Those who rent the kit gain access to dark web forums, a complete set of tools, regular updates, and manuals.
LockBit receives a 20% commission after successful extortions. The affiliate criminal focuses on breaching the victim’s network (usually through phishing or exploiting vulnerabilities) and stealing the data. Upon the victim’s ransom payment, the extorter keeps 80% of the amount and forwards the remainder.
The ease of access to LockBit’s arsenal is the main concern. According to Daniel Barbosa, a security researcher at ESET Brasil, by professionalizing cybercrime in the RaaS model, groups like LockBit reduce barriers to digital attacks and increase risks for companies of all sizes.
Those who use these kits receive the entire structure and only need to focus on data theft and victim extortion.
Professionalization of LockBit raises alarms for Brazilian companies. In a scenario where accelerated digitization contrasts with low security measures, data from an annual ESET report show that 94% of security professionals already consider ransomware a critical risk, yet less than half of the companies adopt adequate preventive measures.
More than half of Brazilian companies do not have cyber insurance, accounting for 73% according to the study. Another 29% of organizations reported experiencing ransomware incidents in the past two years.
Protection is basic. Currently, most rely solely on backup. Practices like encryption, data classification, and Data Loss Prevention (DLP) solutions are still underutilized. ESET recommends moving away from a single defense and investing in multiple layers of protection.
The risk lies not only in financial losses but also in operational disruptions and the reputational damage to affected organizations. ‘In Brazil, accelerated digitization, coupled with a lack of robust security culture, creates the perfect setting for the proliferation of these attacks,’ highlights the ESET researcher Daniel Barbosa, a security researcher at ESET Brasil.