Recoil, Cryptonite, Ghostly, etc. are just some of the ransomware programs offered for sale in late 2019. No, you're not dreaming. It is now possible to buy Ransomware “thanks” to the development of Ransomware-as-a-service.
What is Ransomware-as-a-service?
Ransomware is malicious software that takes data hostage. Ransomware encrypts and blocks files stored on your computer and demands a ransom in exchange for a key to decrypt them. As-a-service means that it is offered as a service instead of a one-off purchase.
Ransomware-as-a-service makes it possible for experienced cybercriminals to sell their services to the general public. This allows inexperienced thugs to team up with experts in the creation of ransomware to attack you.
For instance, Cryptonite has begun advertising on websites (based on .onion, the dark web accessible though a simple Tor browser) as though it was an everyday product. They explain its benefits and suggest that you buy Ransomware.
One of the latest ones –Recoil– offers the ability to operate offline, which is attractive to criminals as traditional Endpoint Protection, which doesn't work offline, is completely useless. Furthermore, it generates few alerts that could be triggered by an IPS, IDS, firewall, etc.
Unfortunately, there are many others: Ghostly, WannaCry, NotPetya, etc.
How does it work?
Users simply create an account and pay a subscription to download the executable malware, ready to infect their victims' computers. In exchange, these “companies” charge commissions on the money recovered during ransomware attacks, which is quite absurd.
It's a real business model that's coming together. It widens access to malware for a large number of new customers. Therefore, it's important for companies to implement solutions to protect themselves against these attacks.
What should you remember?
The way Ransomware-as-a-service borrows and uses modern marketing ideas in order to gain the trust of inexperienced users.
With these clever and competitive marketing tricks, ransomware attacks are increasing and are likely to get worse in 2020.
There is even more reason for concern. The highly skilled players behind this sales process have an interest in encouraging attacks. This could be compared to the “Gold Rush”, with some hackers willing to do anything to hurt your business.
How can you protect yourself?
Deploying security software to fight these ransomware attacks is essential. Solutions to detect and react to threats on devices (EDR) and protection against advanced threats (ATP) optimise the security perimeter in your company through behavioural analysis.
To do so, at EASI, we offer next-generation Endpoint protection, which is fully capable of preventing attacks using Ghostly, Recoil, Cryptonite and other forms of Ransomware.
So don't hesitate to come challenge us!