Cybercrime-as-a-Service (CaaS) has been a emerging move throughout Dark Web forums for several years. Now a days cyber criminal no longer need to rely on their own abilities and exploits resources because in deep web many sites / forum offer a wide range of services for cybercriminals to leverage. Cybercriminals can purchase CaaS services and launch their own malicious campaigns like malware campaigns , spam campaigns , phishing campaigns and many other at the single click of a button. It doesn’t come as a shock that Ransomware-as-a-Service (RaaS) has joined cybercrime-as-a-service.
At present 90% phising mail relied on a Ransomware-as-a-Service (RaaS), Sadly, despite the fact that Companies are generally very good at protecting themselves against external attacks, but only rarely do they guard themselves against internal attacks. By using what’s known as ‘Social Engineering’ ( one of them phishing is a well-known attack technique), hackers exploit unsuspecting people who in good faith open up their doors to unwanted strangers. A cyber criminal operating outside of an organisation would simply aim to gain access to the system of any employee, generally through a spear phishing attack.
How Ransomware-as-a-Service (RaaS) Business operate many RaaS website offers service in which they collects ransom they keep 20-30% of ransom amount and remaining for you. All payments are made via bitcoin which is inconvenient to trace.
This week belongs to ransomware because lots of new ransomware variants released this week. Some of them are :
MalwareHunterTeam discovered a new ransomware called Deadly for a Good Purpose that is set to only encrypt files in 2017.
Venis Ransomware discovered by Antelox which encrypts your data. The ransomware is still in a development phase, but it is designed to encrypt your files and point you to the website “venis.pw” from where the payment and decryption service are situated.
for more info please visit: http://pastebin.com/HuK99Xmj
Doctor Web’s specialists have discovered the first ransomware program written in Go. The Trojan, dubbed Trojan.Encoder.6491, appends encrypted files with the .enc extension. Doctor Web’s security researchers have developed a method for decrypting files compromised by this malware program.
MalwareHunterTeam discovered new version of the Nuke Ransomware that uses the .nuclear55 extension.
Talos has created a configuration extraction tool that supports Locky (all current versions ie; Zepto/Odin) and allows you to extract the following configuration parameters that have been hardcoded into the malicious binary.