RaaS | Ransomware-as-a-Service

Ransomware is becoming increasingly popular in the cybercrime world. Just last year, ransomware caused an estimated $1 billion in damages and became the most popular form of malware in the US. The use of ransomware is on the rise, and many hacking organizations are beginning to offer Ransomware-as-a-Service (RaaS). This means that anyone can easily use this malicious software to infiltrate computers and networks to make some easy money.

In 2016, Ransomware cost victims $1 billion in damages.

Why the Sudden Increase in RaaS?

Ransomware is a specific type of malware used to encrypt files, rendering them unusable until the hacker receives payment. Once files are encrypted, the only way to retrieve them is through payment, and many victims comply out of fear of losing everything.

The rise of RaaS advertisements in hacker forums and darknet marketplaces should have people concerned.

RaaS simplifies the entire ransomware process, providing everyone with the opportunity to become a cybercriminal. Users can easily customize their ransomware with various features, colors, and countdowns. With so many RaaS variants available through forums or darknet marketplaces, it can be an incredibly enticing quick-money scheme.

Some services require an initial payment for the software, while other versions offer their software on a commission basis. Many of the software programs available even provide these new hackers with automated dashboards so that they can track the progress of their bots-of-doom.

Philadelphia RaaS

Rainmaker labs, a hacking organization based in Russia, created a sleek YouTube video ad for Philadelphia ransomware.

Some commentators have scoffed at the Philadelphia code and consider it to be crude. That may be. However, compared to most cybercrime operations, the advertisement itself is pretty advanced. It has very few grammatical errors and presents all the features available including:

  • Bridges that can be hosted anywhere
  • The ability to edit all text and include multiple
  • Select specific colors
  • Edit the ransomware deadline and countdown metrics
  • Edit folders, depth, and extensions
  • Generate filtered reports to see the progress of the campaign

The ad even includes some features exclusive to Philadelphia ransomware like:

  • Worms
  • Sleep time (hold time before beginning the infection or countdown)
  • USB infect
  • Network spread

Rainmaker Labs’ YouTube ad shows just how easy it is to customize their Philadelphia ransomware.

The advertisement shows just how easy it is to customize the malicious software. Rainmaker Labs gives users the option to control every detail or let the ransomware handle it for you. One of the most interesting features gives hackers the option to grant “mercy” on certain data. To many victims, losing irreplaceable family photos is their worst nightmare, so this feature allows hackers to “protect” this information – although there haven’t been reports of this feature being utilized. Once the attack is successful, with or without precious photos, criminals get automated reports that can be filtered into groups based on locations or other presets.

The concern should be less about the product being featured in this ad which in many ways isn’t that impressive… and more about future malicious engineering that this kind of sophisticated business might be able to finance.

Other Types of RaaS

There are many other types of ransomware-as-a-service options available on the dark web. We expect the popularity of RaaS to continue to increase in popularity over the upcoming years. Some other RaaS variants include:

Although many of these RaaS options have decryption solutions available, they will continue to evolve and become more dangerous.

It Comes by Email
Email is, by far, the most common vector for ransomware– usually disguised as innocent-looking attachments or URLs. You can expect more of these email-borne attacks in the months ahead.

The increase in popularity of RaaS could mean a drastic increase in the number of email attack agents that your company has to face. Many of those agents will create subtle variants of the basic malware. This will likely confuse most signature-based email security systems and some of these zero-day variants will succeed in getting past those filters until they are blacklisted. Then new variants will be created until they too are detected and blacklisted. Each time a new variant comes out, some files will be lost or ransoms paid out. The signature-recognition system is like playing a very dangerous game of whack-a-mole. Eventually, signature based systems are overwhelmed.

Vade Secure has developed AI-enabled email security that can detect these zero-day attacks without needing them to be manually flagged and blacklisted.

We’ve successfully detected every variant of CryptoLocker and Locky over the past several years with 100% accuracy.

Don’t wait until you have already experienced an attack to get protection. Vade Secure can protect your organization from ransomware. Contact us today to learn more about how our solution can defend your company from the most vicious threats.

By | 2017-11-07T16:17:03+00:00 March 23rd, 2017|Malware - Ransomware|0 Comments

About the Author:

Chief Solution Architect at Vade Secure

Leave A Comment