Ransomware – Ransomware-As-a-Service
Ransomware is malware that encrypts your files and data so you can’t access them. It then demands a payment in order to return your files or data back to you. The criminals that perpetrate ransomware have developed a variety of tactics to get victims to pay. They use email, sound and video downloads, images and Remote Desktop Protocol (RDP) to gain a foothold on computers. Some even force a user’s computer to mine crypto for them, requiring expensive electricity.
Ransomware has evolved dramatically since it was first discovered. It began as small groups of criminals who targeted random users, usually extorting a few hundred dollars in cryptocurrency to unlock private files they’d encrypted. As the malware matured, it became a business. Gangs started advertising on the dark web, buying and selling stolen credentials, finding vulnerabilities and enhancing their malware to avoid detection by anti-malware scanners.
Reveton, which appeared in 2012, was one of the most famous examples. It began as a password stealer and later changed into locker ransomware that popped up on the victim’s pc as a bogus police agency, claiming they were being charged for copyright infringement, child pornography, etc. It earned hackers $400,000 per month.
More recently, Locky, Troldesh and DarkSide are all examples of ransomware that has been offered as a “Ransomware-as-a-Service,” catering to smaller crime syndicates who don’t have the technical know-how to develop their own malware. Its popularity has been boosted by its availability through various underground markets.