Ransomware as a Service (RaaS) – A Contemporary Mal du siècle?

[harlan4096]

What is Ransomware as a Service?

A wise man once said that a business without customers is just a hobby. True, for the most part, but when your business-to-be pastime is a crime or, in this case, cybercrime, it makes you wonder if you should be called a businessperson or a kingpin.

Ransomware is yesterday’s news. In fact, according to a report drafted by the FBI, since 2016, over 4,000 ransomware attacks occur each day.

One might be inclined to infer that ransomware has become more prevalent than the common cold – a sound analogy and quite accurate. In this ever-shifting landscape, where a person’s stock-and-store is fraud, the attempt to capitalize on the suffering of others is only natural.

Ransomware as a Service (RaaS) is what happens when a malicious actor stops thinking like a virtual highwayman and starts acting like a businessman. The term is used to describe a nascent industry, one that, by its very design, caters to the needs of cyber criminals.

RaaS – Another face of evil?

In all regards, RaaS is akin to SaaS (Software as a Service) and PaaS (Platform as a Service) concepts: we do the heavy-lifting, so you don’t have to. More than that, it makes perfect sense: why should one bother to learn how to create malware kits from scratch, when you can rent or purchase one from a RaaS provider?

Taking a step back, in the ‘traditional’ malware-dispersal model, the roles were well-defined: the malicious actor, who is also called a ‘ransomware’ operator, would disseminate malware content among his victims, using either an infectious agent of his own design or segments (i.e. spam, Botnet, Bulletproof hosting, etc.) acquisition from anonymous dealers called ‘peddlers.’

In contrast, the Ransomware as a Service ‘business’ model relies on an aggregator – a person or a group that sells or rents malware to interested parties, which are called ‘ransomware operators.’ This aggregator, the RaaS operator, either purchases malicious items from peddlers or has an ‘in-house incubator.’.

Although young compared to the rest of the ‘industry’, RaaS has begun to get traction, especially among the ‘hit-and-run’ community – people with limited technical knowledge but with the willingness to prey on vulnerable users.

In this article, we are going to place the Ransomware as a Software industry under the proverbial looking glass. My goal is to try and figure out whether or not RaaS is the worst blight that ever hit the digital world.

Soldiers-of-Fortune or Fortunate Soldiers?

Generally, hacking is regarded as a wanton, random, and lightning-fast incursions aimed at stealing various forms of data. In reality, there’s nothing random about hackings – the person or persons behind the attack know exactly where and when to strike. And, the culmination and epitome of cybercrime are when these groups band together in order to create a sophisticated form of online Mafia.

Furthermore, very much like the real-life organization, this entity has its rules, its credo, and even a drumhead court. In this case, the underworld is the dark web, where technical know-how is worth its weight in gold. Mum’s still the word, but spilling the beans would be a futile exercise given the dark web’s emphasis on anonymity.

Soldiers-of-fortune? Unlikely. Ransomware as a Service operators are businessmen, not guns for hire. Remember Lord of War featuring Nicolas Cage? That’s how RaaS operators are regarded.

In a nutshell, RaaS-type businesses sell or rent out compact, easy-to-deploy, and scalable malware kits to individuals or groups who want to stage cyberattacks.

And how does a business grow? By attracting new customers, seeking growth opportunities, and staying ahead of competition by developing better and more cost-effective products. It’s interesting though that RaaS-type businesses often feature affiliation programs that enable ‘partners’ to get a share of the revenue each time a purchase is made.

‘Businessnifying’ Unethical Digital Ops

How do you turn something as unethical as hacking into a full-time business? By providing your would-be customers with ease-of-access to your wares. And what better place to conduct business than the dark web? As you are probably aware, the dark web is a hub for illegal activities, from selling ‘hot’ items to human trafficking.

Ransomware as Service providers usually keeps up well-stocked malware portals, where anyone can drop by and look at the wares. Since the aim is businessnification, these portals come with all the bells and whistles – discounts, bundles, around-the-clock support, reviews page, forums, and everything in between.

It’s not too difficult to imagine why this type of business would exist in the first place – it takes less time to mount a full-scale attack than it would with a ‘home-brewed’ code. Since the transactions are all made through the dark web, they are virtually untraceable.

So, what happens after the purchase is made? Most of these ‘businesses’ have a share-the-spoils M.O.; depending on how much you spend on the malicious code, the owner could ask for a bigger or smaller percentage of the profit one would virtually gain after a successful attack.

For instance, Satan, one of the most popular ransomware resellers on the dark web, can supply the customer with an on-demand file-encryption sample which can be used to demonstrate the ‘full’ version’s potency.

If the user wants to upgrade to ‘full’, they can keep 70% of the profit. On the other hand, other RaaS operators such as RaaSberry, claim that all the ‘revenue’ earned through hacking go to the customer.

Remember that for tech-savvy people, RaaS is what we call a side-gig: a passive income usually derived from a hobby.
...

Continue Reading