Ransomware-as-a-service tool generates $195,000 profit in July
There are a number of high profile ransomware programs doing the rounds at the moment and we know that it can generate lucrative returns for the people behind it.
But just as in the legitimate commercial world, the as-a-service model is starting to gain traction with attackers. Security vendor Check Point is releasing details of Cerber, which it believes is the world's biggest ransomware-as-a-service scheme.
Cerber operates as a franchise, with its developer recruiting affiliates who then spread the malware further for a cut of the profits. In July 2016 alone, Cerber had over 160 active campaigns, targeting 150,000 users in 201 countries and generating profits of $195,000 during the month. Cerber is believed to originate from Russia and, in the spirit of not fouling its own nest, actively does not infect targets in 12 former Soviet Union countries.
Cerber is built to enable non-technical criminals to take part in the highly profitable ransomware business and run independent campaigns, using a set of command and control servers and an easy-to-use control interface that's available in 12 different languages.
The malware creates a unique BitCoin wallet for each of its victims. When the ransom (usually one BitCoin, currently worth $590) is paid, the victim receives the decryption key. The BitCoin is then transferred to the malware developer and affiliates by flowing through thousands of BitCoin wallets, making individual payments practically untraceable.
"This research provides a rare look at the nature and global targets of the growing ransomware-as-a-service industry," says Maya Horowitz, group manager, research and development at Check Point. "Cyber-attacks are no longer the sole essence of nation-state actors and of those with the technical ability to author their own tools; nowadays, they are offered to anyone and can be operated fairly easily. As a result, this industry is growing extensively, and we should all take the proper precautions and deploy relevant protections".
More detail on Cerber is available on the Check Point website and the company has also released a free decryption tool to allow users to recover files that have been encrypted by Cerber.
Photo credit: Ton Snoei / Shutterstock