Here’s some more scary info. Looks like one can start their own online ransomeware business now with ZERO investment and very little effort: Ransomeware-As-A-Service
Cerber Ransomware Earns Over $2 Million with a little as 0.3% of victims paying up! A new report from Check Point software’s researchers showed that Cerber’s Ransomware-as-a-Service (RaaS) affiliate program is a resounding success with more than 160 participants at current count, and that the combined direct sales plus affiliates was almost 200K in July, despite a victim payment rate of just 0.3%. That puts it on track to earn $2.3 million dollars this year, said Maya Horowitz, group manager of threat intelligence Check Point.
Aspiring criminal affiliates create their own campaigns using the Cerber platform and keep 60 percent of the profits. They also have access to user-friendly management tools, Cerber’s Bitcoin laundering architecture, and obviously the malicious code itself. Eight brand new Cerber ransomware campaigns are launched every day!
This means that there will be more and more such services, more and more attacks, even more than today. Just this week Symantec reported on a new RaaS that competes with Cerber. The new ransomware — dubbed Shark — is currently available for no charge in underground forums. Novice hackers that use the tool to extort money from victims pay only a 20% cut to the Shark developers.
Check Point researchers identified the IP addresses that infected machines used for data traffic with their C&C servers. They were also able to easily identify that the bad guys are probably based in or near Russia.
Currently, there are no infections in Russian-speaking countries and in the configuration of the ransomware, the authors, as default, chose not to operate on machines or PCs that have Russian as their default language. Obviously another indication of the hackers physical location.
This is a tried-and-true strategy of not getting picked up by the FSB, today’s equivalent of the KGB. As long as you don’t hack inside Russia’s borders, the Russian security forces leave you alone.
Follow The Money
What is interesting is that Check Point was able to extract the exact Bitcoin wallets assigned to every victim so that they could track the percentage of people who actually paid the ransom. The next step was to “follow the money” to one ultimate final central wallet through a network of other wallets that are part of Cerber’s Bitcoin architecture.
They followed these hundreds of thousands of different wallets. This is the first time that security researchers can say for sure what percentage of victims pay the ransom.
The people that actually pay ransoms was surprisingly low, compared to earlier estimates by other researchers, but it still pays off handsomely. A small team of four of five specialized cyber criminals can make between $300,000 to $400,000 each per year, which is at least 10 times more than they could earn in any legitimate enterprise where they live.
So with the extraordinary amounts of money that can be made using these Ransomeware-As-A Service programs, we can all expect them to continue to grow and thrive in today’s internet security environment.
A simple method to “help” circumvent this particular attack vector would be to log into your hardware based firewall/router (you do have a hardware firewall right?) and block all incoming WAN traffic from Russian based IP addresses. You should probably block IP addresses that originate from China at the same time.