Is There a Future in Ransomware-as-a-Service (RaaS)?

Is There a Future in Ransomware-as-a-Service (RaaS)?

August 15

My wife once asked me why skilled programmers go rogue and create viruses. My response: “money”. Lately, we have seen the case where the people pushing the buttons aren’t necessarily “skilled programmers”, but rather clients of an illicit business model (RaaS). Some malwares are nothing more than nuisances. Others have the sole purpose of generating profits. Thanks to Ransomware-as-a-Service, distribution is easier than ever. This is why having a solid backup solution is a must.

Ransomware as a service RaaS keyboard button

Forward-thinking cybercriminals are hoping this concept will catch on with like-minded villains, yet less skilled and a tad lazier. Ransomware-as-a-Service (RaaS) leverages a proven affiliate marketing business model. RaaS operators offer tools that give aspiring hackers the opportunity to make money by doing very little work.

In a nutshell, they let you use their software to collect ransom funds from as many people as you can infect. Fads come and go, but this monster has legs that may enable it to run wild for quite a long time.

The Evolution of Ransomware-as-a-Service

Ransomware isn’t new, and neither is the RaaS model. Back in 2012, UK publication Wired took focus on the Russian underground scene and the growing number of tools available to cybercriminals. One basic ransomware kit, WinLocker, sold for a cheap $10 to $20.

It seized the operating system and prevent victims from gaining access to their files. However, the files were never encrypted, and actually securing a ransom was difficult to say the least. But ransomware evolved. Attackers implemented military-grade encryption to lock down compromised systems. They used the nearly untraceable Bitcoin economy for transactions. The combination proved to be enough to start convincing victims to pay up.

Like any business sector, the Ransomware-as-a-Service market is confined to the laws of supply and demand. Opportunistic coders are quickly cranking out the tools. Some frustrated victims cave in to their demands. Right now, prices are competitive and incredibly affordable. The price value is too-good-to-be-true, so there are fears that Ransomware-as-a-Service could become a regular threat.

encryption code concept

Prices Go As Low As $1 For Joining A Ransomware Program

For just $1 USD, a cybercriminal wanna-be can join an affiliate program that allows him to distribute the dual threat bundle within Petya. If Petya fails to gain the administrative privileges needed to alter the victim’s master boot record, it installs a second ransomware program known as Mischa to get the job done.

Like most affiliate programs, the Petya-Mischa campaign shares a higher percentage of the profits, the more money you make. However, the creators put an emphasis on timeliness. For instance, affiliates can earn anywhere from 25 to 85 percent of the payments depending on the volume they generate in a one-week period.

A low price point though, might suggest the return on investment might not be stellar.

The AlphaLocker variant of ransomware is a different type of beast. Although more expensive, it may be as cost effective as any RaaS kit based on value. Whereas most services operate as affiliate programs, AlphaLocker delivers the entire package. For one flat fee, customers receive their own copy of the software, complete with a control panel, encryption capabilities, and decryption keys.

AlphaLocker can be also distributed, modified, or even resold for profit, proving that open source software does indeed have a dark side. All these luxuries can be unlocked for as low as $65. At that price, budget-conscious hackers might call AlphaLocker a steal.

“Make Money Online, Fast”? Easier Said Than Done.

In an article profiling the model’s profit potential, Business Insider suggested that the RaaS trend may not be the goldmine some envision. One author revealed that he hadn’t earned a single dime since rolling out his ransomware kit some fourth months prior.

The software had compromised more than 300 devices, but apparently none of the victims were rattled enough to pay the ransom. It wasn’t until a couple weeks later that he netted his first payment. It was a 5 percent commission on the $20 generated by an affiliate who finally succeeded in collecting a ransom.

How Much Can You Make With a RaaS Program?

On the other hand there is Tox, the teenage mastermind behind the ransomware platform of the same name. Tox told Business Insider that users had victimized more than 1500 systems shortly after his service went live. He generated ransom payments ranging from $50 to $200. While he didn’t go into specifics on dollar amounts, he hinted that two to three payments per day could yield “a lot of money”.

Tox’s rise to underground stardom was rapid. Perhaps a little too rapid for his liking. Tox was sitting at the helm of something that grew too big to handle. For fear of getting caught, he hit eject before his creation reached its full potential. He reportedly sold the entire Tox bundle – source code included – for roughly $5,000.

How to Prevent Ransomware and Discourage Data Kidnappers. 

Tox RaaS: So Simple, So Dangerous

Still around today, Tox is looked at as one of the pioneers of the RaaS phenomenon. The current owner explains that while it helps to have hacking experience, interested parties need bring nothing other than their time and a desire to get paid to the table.

The secret to the Tox’s sustainability may very well be its simplicity. Affiliates can be up and running in three easy steps:

1. Set the desired ransom amount.

2. Create a custom ransom note.

3. Enter the provided verification code to authenticate your affiliate ID.

Once these steps are complete, the affiliate receives an executable file that launches the infection and displays the ransom note to the unlucky user. While other kits have emerged, IT security authority Infosec still recognizes veteran Tox as one of the biggest RaaS threats on the scene.
password binary code background

Is RaaS Here to Stay?

The ongoing viability of the RaaS business model is ultimately in the hands of the parties who provide these shady services. So far they’ve succeeded at creating reliable tools that bypass existing security mechanisms, compromise infected systems, and complete the ransom process. Believe it or not, their biggest challenge lies in delivering the type of support that keeps customers coming back.

If these guys can effectively combine the core principles of hacking IT systems and providing professional-level services, the enterprises in their collective crosswire could be in trouble for the foreseeable future.

This is where backup and recovery software comes in. There are services out there that do provide reliable data protection and the ability to recover quickly to keep systems running, instead of paying up the ransom. So keep safe and back up your data!