Ransomware-as-a-Service is not new; the security industry has been discussing RaaS for over a year. RaaS allows low-skilled ‘wannabe' criminals to download a piece of ransomware, set a ransom amount, and deploy it as desired with the deadline they choose. The criminal either selling or giving away this ransomware will usually get a percentage of the ransom as part of the fee for using the software.
Bleeping Computer has recently reported on the discovery of a new RaaS called ‘Satan.' This ransomware is free with registration, and the owner of the Satan takes a 30% cut from whatever ransom is paid. Satan RaaS is unique in that it guides the wannabe criminal through customization and deployment of the malware. For example:
- The Satan home page explains what it is and how to make money
- An affiliate console provides information on how a Satan user can distribute their software
- A ‘malwares' page allows customization of Satan options such as ransom amount, days until expiration, etc.
- The ‘droppers' page teaches users how to write .doc macros and other installers
- The ‘translate' page enables the user to expand the ransomware into other languages
- The remaining pages include profit tracking, notices from the developer, and a method for sending messages like support requests to the developer
And all of this can be done in under a minute. The barrier to entry into the ransomware game is much lower than it was before Satan. See the article at Bleeping Computer for more details and screenshots.
Satan acts just as you would expect: it encrypts data and scrambles file names, and it will append .stn to the encrypted files. It also wipes data from unused space on the C drive, and then displays the ransom note.
The best way to defend yourself against this type of infection is to follow best practices with your security and data protection infrastructures. A layered approach with security will help close any gaps in your defenses, while a solid data protection and disaster recovery strategy can help you recover without paying the extortion. Barracuda has information on our corporate website here on how you can protect yourself with Barracuda security and storage solutions. We also partner with NoMoreRansom to help educate the public and promote the free decryption of files taken hostage by ransomware.
For more information on ransomware, follow our ransomware blog here, and visit our corporate website here.
Christine Barry ist Senior Chief Blogger und Social Media Manager bei Barracuda. In dieser Rolle hilft sie, Barracuda-Geschichten zum Leben zu erwecken und die Kommunikation zwischen der Öffentlichkeit und den internen Barracuda-Teams zu erleichtern. Bevor sie zu Barracuda kam, war Christine über 15 Jahre lang als Außendiensttechnikerin und Projektmanagerin für K12- und KMU-Kunden tätig. Sie hat mehrere Abschlüsse in Technologie, einen Bachelor of Arts und einen Master of Business Administration. Sie ist Absolventin der University of Michigan.
Vernetzen Sie sich hier auf LinkedIn mit Christine.