Delaware, USA – February 20, 2018 – Last week, researchers from MalwareHunterTeam discovered a new Saturn Ransomware. Methods of virus spreading are common for Ransomware: spam and malvertising campaigns. The amount of ransom payment for the decryption is about $300 in bitcoins, and the payment site is hidden in the Tor network. A few days later Bleeping Computer reported about RaaS portal in Darknet, where anyone can download the generated file with Saturn Ransomware to embed it in any document or executable file. Unlike other similar portals, the authors of RaaS Saturn do not require prepayment for the virus. Instead, if a victim pays the ransom, 70% of it is transferred to the account of the attacker who generated a sample and Saturn authors receive 30% of the payment. At the moment, researchers have not found a way to restore files encrypted by this virus.
The possibility to get a new Ransomware strain for free attracts many unskilled attackers. To protect against an ongoing Ransomware campaign, you need to make sure that sensitive data in your organization is backing up in a timely manner. To detect malware at different stages of Cyber Kill Chain, you can use Ransomware Hunter for ArcSight, QRadar and Splunk. This SIEM use case leverages behavior analysis and statistical profiling methods to detect malware that bypasses traditional security solutions.