Delaware, USA – April 19, 2018 – Experts from CSE ZLab published a report on existing Ransomware-as-a-Service platforms. Almost all of them are hiding in Darknet and allow anyone to carry out and monitor their ransomware campaigns. Platforms differ in both the features provided and the price for services. For example, the Createyourownransomware platform allows generating malicious software completely free of charge, specifying only the bitcoin address for payment and the amount of ransom. Advanced platforms offer users to purchase a subscription or simply pay for a malicious file generation. Users of the paid platforms can customize generated ransomware file, the types of files for encryption and create their own ransom notes, and then use dashboards to monitor their campaign.
Malware authors are continually updating the platforms and ransomware they provide, also, new players come to this business and experiment with new platforms. So, since the beginning of this year there have appeared three new platforms – Saturn, GrandCrab and Datakeeper, two of which have already ceased to exist.
The number of ransomware attacks on business continues to grow, and the Ransomware-as-a-Service platforms are one of the reasons for this growth, as they allow inexperienced hackers to get tools for malicious campaigns. You can detect the beginning of such attacks with SIEM and Ransomware Hunter use case, which leverages specialized feeds and correlation rules helping find and stop malware before files are encrypted.