Ransomware as a Service Deals in Bitcoins of Course
June 14, 2016
Countless “as-a-service” models exist online. A piece from SCMagazine, Dark web forums found offering Cerber ‘ransomware as a service’, reveals more information about one such service called ransomware-as-a-service (RaaS), which we’ve heard about now for quite some time. Ransomware injects a virus onto a machine that encrypts the user’s files where they remain inaccessible until the victim pays for a key. Apparently, an Eastern European ransomware, Cerber, has been offering RaaS on Russian Dark Web forums. According to a cyber intelligence firm Sensecy, this ransomware was setup to include “blacklisted” countries so the malware does not execute on computers in certain locations. The article shares,
“Malwarebytes Labs senior security researcher Jerome Segura said the blacklisted geographies – most of which are Eastern European countries – provide “an indication of where the malware originated.” However, he said Malwarebytes Labs has not seen an indication that the ransomware is connected to the famed APT28 group, which is widely believed to be tied to the Russian government. The recent attacks demonstrate a proliferation of ransomware attacks targeting institutions in the U.S. and Western nations, as recent reports have warned. Last week, the Institute for Critical Infrastructure Technology (ICIT) released a study that predicted previously exploited vulnerabilities will soon be utilized to extract ransom.”
Another interesting bit of information to note from this piece is the going ransom is one bitcoin. Segura mentions the value ransomers ask for may be changing as he has seen some cases where the ransomer works to identify whether the user may be able to pay more. Regardless of the location of a RaaS provider, these technological feats are nothing new. The interesting piece is the supposedly untraceable ransom medium supplanting cash.
Megan Feil, June 14, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph