Informazioni del gruppo

Ransomware As A Service

Successful  managed ransomware services continue to attract attention as the profits made by cybercriminals increase. In 2015, a ransomware family called CryptoWall brought operators a staggering $ 325 million.

The ransomware works very effectively and generally infects your computer through spam emails and infected websites. Once installed, the ransomware encrypts the files on the victim's system and requires the victim to have a certain amount of decryption key needed to restore access to the files. If the ransom is paid, the ransomware operator will probably send you the required key, but there is no guarantee.

The increasing cases of ransomware infections may be due in part to the Ransomware as a Service (RaaS) business model. This particular strategy has proven to be extremely beneficial to cyber criminals, and malware creators can benefit from ransomware by joining a network of distributors. This scheme works because several distributors can sell and spread a type of ransomware, so the authors can benefit from their profits. Potential distributors don't even need a lot of capital or technical expertise to get started. Even people with no coding experience can start a ransomware campaign.

Thanks to a simple buy-in, the business model has allowed ransomware to spread and grow. A recent Trend Micro survey tracked a 172% increase in the new ransomware family discovered only in the first half of 2016. As more ransomware options mean more choice for distributors, operators have come to use their own business strategy, highlighting the package.


Shark (detected by Trend Micro as Ransom_SHARKRAAS) is one of the newer variants of RaaS. As seen in early August, this particular strain targets a broader dealer base, which is less technically knowledgeable.

RaaS operators often use anonymous networks like Tor to host their files. This is primarily because it is recognized that you provide anonymity. For operators, these online networks are more private and secure, but are not easily accessible to occasional Internet users. Shark behavior is different. As the news outlet reports, Shark is hosted on a public WordPress site and has full internet access. From the Shark site, interested resellers can download a zip file containing everything needed to start the deployment operation, including the ransomware configuration generator, ransomware executables, and important warnings in the ReadMe.txt file.

This ransomware is especially attractive because it can be easily customized without advanced encryption skills. The operator provided a basic ransomware executable file that allows the vendor to change settings such as the destination file type, destination country, and folders to encrypt. Shark operators have also provided detailed examples of how to configure and customize ransomware and suggestions on how much to charge victims in different countries to simplify the process. As you can see from other reports, the payment is fully automated and the operator receives the full amount before dividing it. Operators reduce profits by 20%, dealers by 80%.

Shark operators are looking for new opportunities beyond traditional ransomware distributors who already have many options in other RaaS variants. Reach a larger customer market by targeting distributors with little coding or malware experience. And as customers / distributors grow, so do their profits.

These ransomware operators are evolving their current business models and reflecting legitimate businesses in ways that appeal to customers. They take the user interface more into account, make the service easier to use, and outsource to a wider range of distributors.





Stampado ransomware (detected by Trend Micro as RANSOM_STAMPADO.A) offers a "lifetime license" at an incredibly low price (only $ 39). Bargains occur when other ransomware variants like Locky and the new Goliath can be bought for thousands of dollars. Stamping is an attractive package for low capital distributors. Like sharks, creators design their products to appeal to a broader market.

Further research shows that Stampado has many of the same qualities as prevalent Jigsaw ransomware. After a certain period of time, it will delete the files and force your computer to lock your computer using AES to force the victim to pay. However, the design and coding are not as sophisticated as a puzzle and are easier to decipher and analyze.

Stamped is a low-cost counterfeit product and a family business scheme from high-tech sectors to major fashion brands. Ransomware "services" are not necessary as they are sold as a single purchase, but remain an effective business model. For many vendors, the availability of ransomware is a priority over quality.




  • nickythomas
    nickythomas nuovo gruppo creato
    Ransomware As A Service
    Ransomware As A Service
    Successful  managed ransomware services continue to attract attention as the profits made by cybercriminals increase. In 2015, a ransomware ...
    Aug 11
    0 0

The Wall

You need to sign in to comment
No comments