Ransomware as a Service (RaaS)

Ransomware is a type of malware that renders the data of infected machines unusable and requests payment of a ransom to restore access to such data. It is more precisely a Trojan Horse which, by encrypting the files on the affected computer, requests a ransom afterwards to release the affected files.

Like any profitable business model, even that of ransomware is constantly evolving and the new frontier of ransomware is the usability of the service not only by professional hackers but also by subjects with limited technical knowledge who aim to rob vulnerable users. Such subjects can be even more dangerous than professional hackers, because they can get to know their victims up close, the value of their data and the security level of their systems.

In the dark web, through the TOR network, it is possible to purchase a ransomware service that can be spread to infect their victims, encrypt their documents and obviously, ask for a ransom.

Examples of services of this type are:

• Philadelphia: It is considered one of the most sophisticated Ransomware kits available as a Service. Conceived by Rainmakers Labs, this on-demand kit contains everything an attacker needs to stage a large-scale attack and is even customizable on demand. The kit can be found, obviously, only on the dark web, for just $389, including technical support. All transactions are in Bitcoin and it is not necessary to divide the profits with the RaaS operator;
• Stampado: It’s considered as the cheapest version of Philadelphia, the Stampado RaaS kit is sold for only $39. Its limitation in terms of functionality is certainly compensated by its speed of distribution. Stampado is actually the first version of Philadelphia dating back to 2016. This malware kit was so easy to distribute and the demand was so high that the producers decided to make an extended version with Philadelphia;
• Princess Evolution: The service asks for a 40% commission on receipts, while 60% remains to the client;
• Satan: It asks for 30% of the profits, while 70% remains to the customer. The user can specify the amount of the ransom, the personalized note to be sent to the victim for non-compliance as well as payment methods other than Bitcoin;
• RaaSberry: Compared to the competition, RaaSberry boasts different price levels. For the price of $60 you will receive a 250 kb executable file (containing both encryption and decryption), free support, multi-OS compatibility and much more. Going up in price, there is a three-year subscription that costs $650. There are not many differences between the packages, apart from the duration of the subscription. RaaSberry allows the customer to collect all revenue without sharing it with the RaaS service provider.
• Frozr Locker: A lightweight tool that has the ability to encrypt around 250 types of extensions. The purchase cost is around $1,200, making it the most expensive RaaS solution in this review. However, once acquired, the generator can be used indefinitely, without the need to update the subscription. After purchasing the product, you will be able to customize the ransomware: payment details, decrypt, UAC bypass and personalized messages.

A company grows by attracting new customers, looking for growth opportunities and keeping up with the competition by developing better and more convenient products, therefore RaaS-type companies sometimes even have affiliate programs that allow partners to obtain a share of the revenue every time a purchase is made.

It is a frontier to pay a close attention.

¹ Abbreviation for malicious software. In the world of computer security, it indicates any program used to disturb the operations performed by a computer user. It was Yisrael Radai who coined the term in 1990.
² A Trojan Horse indicates a type of malware that hides its operation within another apparently harmless program. By running or installing this program, the user unknowingly activates the code of the hidden Trojan.
³ The dark web is the terminology used to define the contents of the World Wide Web in the darknet that can be reached via the Internet through specific software, configurations and authorization accesses. The dark web is a small part of the deep web, the part of the web that is not indexed by search engines, although sometimes the term deep web is used incorrectly to refer to the dark web only.
⁴ TOR is the acronym of The Onion Router. A free software based on BSD license that allows anonymous Internet communication based on the onion routing network protocol. Through TOR, it is much more difficult to track a user’s Internet activity, being onion routing aimed at protecting users’ privacy, their freedom and the possibility of conducting confidential communications without being monitored or intercepted.

Bibliography:

• Repport CLUSIT 2019
• Malware, Rootkits & Botnets A Beginner’s Guide, Christopher Elisan
• Cybersecurity kit di sopravvivenza/ Cybersecurity kit of surviving, Giorgio Sbaraglia
• Computer security: principles and practice, Stallings William