Ransomware is now becoming standardized to create a lucrative business model, ransomware as a service for amateur hackers.
Ransomware as a Service
Developers of the crypto-ransomware tool, Cerber, have set up a RaaS (Ransomware as a Service) platform for amateur threat actors that could end up bringing in some big money by distributing their tool to a network of affiliates. The business technique could end up netting nearly $2 million.
Security vendor Check Point Software Technologies has gathered data on the ransomware tool and determined that in July alone Cerber-affiliates have extorted $195,000 from victims.
According to the same source, the attacks are multinational with a significant amount of them occurring in South Korea, United States, China, and Taiwan. Additionally, a total of 161 affiliates used Cerber to infect about 150,000 computers during that period.
Check Point released a statement about the ransomware racket and the average rate the attackers have demanded from victims to decrypt their files, around 1 Bitcoin or $590 at the time the statement was made.
“From a yearly perspective, the ransomware author’s estimated take is approximately $946,000—a significant sum.”
All ransom amounts paid are transferred directly to the developers themselves who take a slice of the pie, between 20% and 40%. The rest of the money is then distributed back to the affiliate. TheCerber
developers are also using Bitcoin mixing services to obfuscate the source of the money from the affiliates, keeping their identities anonymous and hidden from everyone — including their customers.
Ransomware Made Easy
The PaaS model, which is often used to standardize some complex system to provide a platform for customers to easily develop applications, is now being used to for amateurs to enter the ransomware business.
Having removed a barrier-to-entry, novice cybercriminals now can more easily join in on the action and has given the hacker community a new way to monetize their wares. Of course, removing barriers-to-entry often is followed by more people entering the market where the barrier was eliminated.
As a result, people must be more cautious as more attackers means more attacks, which for Maya Horowitz, group manager of threat research at Check Point, is reason to reiterate the need for proper security measures.
“It is now not only spread by threat actors who are capable of creating their own malware, but also by less technically skilled actors who merely purchase this service. So for organizations, it emphasizes the need to create backups and to deploy strong security measures.”
What do you think of RaaS and its potential to make ransomware attacks easier? Let us know in the comments below!
Images courtesy of CumulusGlobal.com, Check Point