CyberWisdom Safe Harbor Commentary on Ransomware as a Service:
Malware authors make money by distributing Ransomware as a service that sells malware as a criminal business model instead of distributing malware and infecting computers.
In such cases, ransomware developers typically host their services on dark sites, anyone can buy them, and they can change their edits, such as ransom money and ransom records.
In addition, some sophisticated Ransomware features some advanced features such as evasion techniques to avoid detection and analysis, and users will be provided with a control panel to control every infected victim.
Buyers just need to set their vault address, they need to customize it, and then they will spread malware.Ransomware is as a service
So once the infected victim pays the ransom amount, the percentage of the amount will be delivered to the buyer and the malware author who created the ransomware.
This kind of Ransomware works as a service
This Ransomware as a Service underground process well-organized, well-planned cybercrime operation.
Buyers can obtain ransomware from the secret Tor site (onion), which includes a guide to help buyers make the right configuration.
In this case, before reaching the original version, the buyer can try the demo version of the ransomware. The buyer just needs to add the bitcoin wallet address and ransom amount they want to request from the victim.
After this process is completed, the malware will be successfully generated and the user can download it.
Once the buyer successfully distributes and compromises the victim, and if the victim is to be paid a ransom amount, a 10% ransom amount will be transferred to the original developer’s wallet.
Free Ransomware run process
Once it enters the victim system, initially it checks the internet connection and if it finds an internet connection then it will terminate its process.
But once it finds the connection, it communicates with the specific address and downloads the encryption key.
According to McAfee Labs, once the file is running, it creates multiple files on the system:
Encryption_key: AES-encrypted RSA key
Lock_file: the system has been encrypted indicators
Uuid_file: Reference for the infected machine. Use this ID to generate the TOR address.
After a successful encryption process, it displays the ransom note on the user’s desktop and points to the TOR site hxxp: // kdvm5fd6tn6jsbwh using the ID of the infected machine. ]onion.
Once the victim pays, they can download the decryption key to unlock the encryption key.
“The target extensions include many photos and photographic files related to Canon, Kodak, Sony, etc. There are also extensions to AutoCAD, Autodesk projects, scalable vector images and Microsoft Office files, which are created mainly by designers, photographers, architects and Used by others. ”
Researchers discovered a new Ransomware as a service threat available in the Dark web with free of cost without any registration. Instead of distributing the Malware and infect the computer, Malware authors are earning money by selling their malware via Ransomware as a service cybercrime business model. In this case usually, ransomware developer host their Engaging post, Read More…
thumbnail courtesy of gbhackers.com.
If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post »