Ransomware as a service

Ransomware as a service

The ransomware is too profitable to kill. Its brightness is that simple. And mobile device trends are making it easier than ever to curtail cyber activity.

As each passing day brings us a new victim of ransomware, we can clearly see that ransomware is here to stay and businesses and organizations should now invest in their brand, networks, and the protection of their data and customers.

According to the mid-year update of the Cyber ​​SonicWall 2019 Risks Report, ransomware has risen to 110.9 million in the first half of 2019, a 15% increase so far compared to 2018.

The scariest data on ransomware has been found in the United States. After a 59% decline in ransomware in 2018, the region has seen a 195% increase in ransomware as a service since the beginning of the year for the first half of the year.

RaaS, open source malware on the rise

But it's not just about volume. Globally, cybercriminals continue to move towards new innovations. Exclusive data from SonicWall highlights an increase in ransomware-as-a-service (RaaS) tools and open source malware in the first half of 2019.

Cerber has long been one of the most powerful and harmful families of ransomware in use. This is mainly due to the fact that it is available as a service offering low monthly prices.

Other ransomware, such as HiddenTear and Cryptojoker, are available via open source tools. This means that criminals with basic programming skills can detect and customize open source malware to achieve their goals. In many cases, this changes the core of the malware and helps it by bypassing signature-only security checks (eg Antivirus, unsupported firewalls).

As more RaaS and open source options become available, the size and strength of ransomware attacks will only increase. While only a handful of bona fide malware authors are creating new ransomware, these services ensure that cybercriminals have enough modifications to freely purchase or access the Dark Web.

What is ransomware as a Service (RaaS)?

Ransomware as a service, or RaaS, is no different than any legitimate cloud hosting service that businesses use every day. Instead of buying software, you adopt a service delivery module to reduce capital expenses, always have the latest offers, get expected prices, and get support.

Valid or not, business models always have to deal with the distribution method. Do they sell directly to end users, through a distributor channel, or a combination of both?

The same goes for ransomware developers. Many choose to embrace and sell their code of success as a brand, which takes away many of the risk and hard work of distribution while racking up a portion of the reward.

BleepingComputer offered a detailed analysis of how a standard payment model would work.

"Unlike most ransomware-as-a-service offerings, to become a relative a criminal must pay to get into a special subscription package," BleepingComputer wrote. “These packages range from $ 90 USD, where the relative earns 85% of the ransom payments, to $ 300 and $ 600 packages where the affiliates keep their income. enter everything and receive additional benefits such as Salsa20 encryption, various ransomware changes, and various cryptocurrency payment options. . "