Ransomware as a Service Deals in Bitcoins of Course

June 14, 2016

Countless “as-a-service” models exist online. A piece from SCMagazine, Dark web forums found offering Cerber ‘ransomware as a service’, reveals more information about one such service called ransomware-as-a-service (RaaS), which we’ve heard about now for quite some time. Ransomware injects a virus onto a machine that encrypts the user’s files where they remain inaccessible until the victim pays for a key. Apparently, an Eastern European ransomware, Cerber, has been offering RaaS on Russian Dark Web forums. According to a cyber intelligence firm Sensecy, this ransomware was setup to include “blacklisted” countries so the malware does not execute on computers in certain locations. The article shares,

“Malwarebytes Labs senior security researcher Jerome Segura said the blacklisted geographies – most of which are Eastern European countries – provide “an indication of where the malware originated.” However, he said Malwarebytes Labs has not seen an indication that the ransomware is connected to the famed APT28 group, which is widely believed to be tied to the Russian government. The recent attacks demonstrate a proliferation of ransomware attacks targeting institutions in the U.S. and Western nations, as recent reports have warned. Last week, the Institute for Critical Infrastructure Technology (ICIT) released a study that predicted previously exploited vulnerabilities will soon be utilized to extract ransom.”

Another interesting bit of information to note from this piece is the going ransom is one bitcoin. Segura mentions the value ransomers ask for may be changing as he has seen some cases where the ransomer works to identify whether the user may be able to pay more. Regardless of the location of a RaaS provider, these technological feats are nothing new. The interesting piece is the supposedly untraceable ransom medium supplanting cash.

Megan Feil, June 14, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Written by Stephen E. Arnold · Filed Under Dark Web, ECommerce, Financial, News, Security, Technology

Comments

Comments are closed.

Search the site
Subscribe to Beyond Search
Feature archive
News archive

Stephen E. Arnold monitors search, content processing, text mining and related topics from his high-tech nerve center in rural Kentucky. He tries to winnow the goose feathers from the giblets. He works with colleagues worldwide to make this Web log useful to those who want to go "beyond search". Contact him at sa [at] arnoldit.com. His Web site with additional information about search is arnoldit.com.