Ransomware-as-a-Service is not new; the security industry has been discussing RaaS for over a year. RaaS allows low-skilled ‘wannabe' criminals to download a piece of ransomware, set a ransom amount, and deploy it as desired with the deadline they choose. The criminal either selling or giving away this ransomware will usually get a percentage of the ransom as part of the fee for using the software.
Bleeping Computer has recently reported on the discovery of a new RaaS called ‘Satan.' This ransomware is free with registration, and the owner of the Satan takes a 30% cut from whatever ransom is paid. Satan RaaS is unique in that it guides the wannabe criminal through customization and deployment of the malware. For example:
- The Satan home page explains what it is and how to make money
- An affiliate console provides information on how a Satan user can distribute their software
- A ‘malwares' page allows customization of Satan options such as ransom amount, days until expiration, etc.
- The ‘droppers' page teaches users how to write .doc macros and other installers
- The ‘translate' page enables the user to expand the ransomware into other languages
- The remaining pages include profit tracking, notices from the developer, and a method for sending messages like support requests to the developer
And all of this can be done in under a minute. The barrier to entry into the ransomware game is much lower than it was before Satan. See the article at Bleeping Computer for more details and screenshots.
Satan acts just as you would expect: it encrypts data and scrambles file names, and it will append .stn to the encrypted files. It also wipes data from unused space on the C drive, and then displays the ransom note.
The best way to defend yourself against this type of infection is to follow best practices with your security and data protection infrastructures. A layered approach with security will help close any gaps in your defenses, while a solid data protection and disaster recovery strategy can help you recover without paying the extortion. Barracuda has information on our corporate website here on how you can protect yourself with Barracuda security and storage solutions. We also partner with NoMoreRansom to help educate the public and promote the free decryption of files taken hostage by ransomware.
Christine Barry est blogueuse en chef et responsable des réseaux sociaux chez Barracuda. Son travail consiste à rédiger des articles captivants en lien avec les services Barracuda et à faciliter la communication entre le public et les équipes internes. Avant de rejoindre Barracuda, Christine a été ingénieure de terrain et chef de projet dans l'éducation et auprès de PME pendant plus de 15 ans. Elle est titulaire de plusieurs diplômes technologiques, d'une licence de l'université du Michigan, et d'une maîtrise en administration des affaires.
Connectez-vous avec Christine sur LinkedIn.