Just a few weeks ago we made a prediction. Here on the RCS security blog we predicted that come 2016, we would see a rise in a phenomenon that we like to call CCaaS – or Cyber Crime as a Service. For those who missed that post (tsk tsk, go back and read it, it’s a good one) CCaaS works like this – I, the bad guy, sell you, another would-be bad guy, a pre-made program or code that you can use to attack people’s devices in all sorts of nasty ways. Sometimes it’s in the form or a banking trojan, other times it comes by way of the famed Angler Exploit which rocked devices in 2015. Recently we have seen different variations of ransomware using the CCaaS model in creative ways. Either way, the idea is simple – You deploy my creation and take home the big bucks. Then I get a kickback. Nifty stuff, eh?
Well, we aren’t ones to brag (especially not about calling something so rotten) but nary six days into 2016 and Ars Technica.com is already reporting that researchers have just discovered this years first sampling of CCaaS in the form of Ransom32. To the victim, Ransom32 appears as a typical (albeit very unwelcome) specimen of ransomware. It locks the victim’s screen, encrypts files and demands payment via bitcoin services. It’s rotten to be sure but not very different than its predecessors in that respect.
What is different is that Ransom32’s creator wants to help novice baddies get a piece of the action. As long as someone has their own bitcoin address and uses the TOR network, he or she can become a ransomware kingpin without knowing even a stitch of code. Teeming with beginner-friendly features like an easy to understand dashboard and step-by-step set-up instructions, the creators have made sure that anyone, even that 11 year old nerd in your kid’s class can set up their own ransomware exploit. Complete with helpful pearls of guidance like “ “BTC amount to ask – Don’t be too greedy or people will not pay”, the admin console also conveniently displays a hackers success rate – how many people installed the malware, how many have paid and how long it took victims to pay up.
Another striking feature of the program is that it was written using the NW.js framework. In “normal people-ese”, this means that it was written in a platform that specializes in cross-platform applications – even more simply put, NW.js can be used to run programs on Windows, Apple and even Linux platforms. Ransomware has typically targeted Windows OS but Ransom32 seems to have been created for worldwide (or at least all platform-wide) domination.
A dangerous trend
This follows this past falls’ Chimera Ransomware which we discussed in our predictions article – Chimera allows a would-be-victim “an out” by allowing them to become part of the crime ring instead of paying the unlock fee. All a HIT (hacker-in-training, but of course) has to do is tell Chimera Alpha that they want to join up and, viola, their files are decrypted and now they can start distributing Chimera on their own. What fun!
Then there was Fakben which also started making rounds this past November. Fakben is like renting your own (sort of) ransomware. For a 10 percent cut of all earnings, the programs creators allow hackers to use their platform to distribute the ransomware as they see fit. According to Softpedia.com Team Fakben states on its website “Is not our interest who will be infected or which kind of methods you will do, is important for you to use brain and intelligence in order to spread it”
What it all boils down to is that any hacker regardless of skill level, looking for an easy out and big earnings, has lots of choices at his or her disposal. As your grandmother would probably say, “Feh! No goodniks!”
If this all sounds like one big joke, remember that it’s only January and April 1st is still a long way off. These new methods of “sharing the wealth” are all real and can have dire implications, especially a program like Chimera, appealing to victims to get out of their bind by joining up forces. ‘
Meanwhile the best way you can protect yourself from ransomware is to set up a super strong multi-layer security approach using anti-virus and anti-malware like RCS and to make sure your files are backed up. Never pay these goons, it just encourages them to keep going.
Well like we said, we told you so, but we’re not happy about it.