Ransomware-as-a-Service is not new; the security industry has been discussing RaaS for over a year. RaaS allows low-skilled ‘wannabe' criminals to download a piece of ransomware, set a ransom amount, and deploy it as desired with the deadline they choose. The criminal either selling or giving away this ransomware will usually get a percentage of the ransom as part of the fee for using the software.
Bleeping Computer has recently reported on the discovery of a new RaaS called ‘Satan.' This ransomware is free with registration, and the owner of the Satan takes a 30% cut from whatever ransom is paid. Satan RaaS is unique in that it guides the wannabe criminal through customization and deployment of the malware. For example:
- The Satan home page explains what it is and how to make money
- An affiliate console provides information on how a Satan user can distribute their software
- A ‘malwares' page allows customization of Satan options such as ransom amount, days until expiration, etc.
- The ‘droppers' page teaches users how to write .doc macros and other installers
- The ‘translate' page enables the user to expand the ransomware into other languages
- The remaining pages include profit tracking, notices from the developer, and a method for sending messages like support requests to the developer
And all of this can be done in under a minute. The barrier to entry into the ransomware game is much lower than it was before Satan. See the article at Bleeping Computer for more details and screenshots.
Satan acts just as you would expect: it encrypts data and scrambles file names, and it will append .stn to the encrypted files. It also wipes data from unused space on the C drive, and then displays the ransom note.
The best way to defend yourself against this type of infection is to follow best practices with your security and data protection infrastructures. A layered approach with security will help close any gaps in your defenses, while a solid data protection and disaster recovery strategy can help you recover without paying the extortion. Barracuda has information on our corporate website here on how you can protect yourself with Barracuda security and storage solutions. We also partner with NoMoreRansom to help educate the public and promote the free decryption of files taken hostage by ransomware.