Skip to content

Madit

For all of those MAD about IT

Satan ransomware-as-a-service gives malware customising tools to hackers on Dark Web

Posted on 21st January 2017 - 12th September 2019 by TheLordMayor1983

A new ransomware-as-a-service (RaaS) has reportedly emerged, offering cybercriminals on the dark web the option of using ransomware created by someone else in exchange for subscription payments.

According to a report by ZDNet, independent security researcher going by the Twitter handle Xylitol uncovered the Satan malware as part of the Gen:Trojan.Heur2.FU malware family. Satan now however has been launched as part of a RaaS platform, which allows prospective cyber criminals access to ransomware in exchange for 30% of the revenues generated.

Once a victim has been infected with Satan via either malicious links or phishing campaigns, the victim’s files are encrypted and the attackers instruct the victims about ransom demands. Satan reportedly contains a HTML file that claims that restoring the encrypted files are impossible. According to researchers, this claim is not unfounded, indicating that the only way victims can regain access to their stolen files is by paying up the demanded ransom.

Satan’s ransom note instructs victims to install the Tor browser and then redirected to an .onion link to make the ransom payments. The ransom amount varies according to the specification of the cybercriminals using the RaaS platform.

Cybercriminals who want to use the Satan RaaS platform need to sign up for an account with the ransomware’s domain, which is hosted on the dark web. Those interested in the RaaS’ services must connect a Bitcoin wallet to their account and point out a cost for decryption.

Satan RaaS comes with several features, including fee payment records, transaction tracking, ransomware version releases and more. The platform provides hackers with tips on how to customise ransomware demands. Satan also helps hackers learn how to set up gateway proxies, and how to test their malware on systems. The platform also provides hackers with the option of translating their malware into different languages.

Additionally, Satan RaaS’ creators warn cybercriminals not to upload their ransomware onto VirusTotal or other online scanners, in efforts to ensure that they remain undetectable to security researchers.

A message of Satan RaaS’ sign up page reads, “Now, the most important part: the bitcoin paid by the victim will be credited to your account. We will keep a 30 percent fee of the income, so, if you specified a 1 BTC ransom, you will get 0.7 BTC and we will get 0.3 BTC. The fee will become lower depending on the number of infections and payments you have.”

Unlike some other ransomware authors who either fail to come up with a decryption key or store it in a way that allows security researchers to access it an create decryption tools based off them, Satan’s developers store the decryption keys on a remote server. As of now, there is not decryption tool available.

By India Ashok

Source http://www.ibtimes.co.uk/satan-ransomware-service-gives-malware-customising-tools-hackers-dark-web-1602311

Posted in Threats and Attacks

Post navigation

Windows 10 Blocks Zero-Days Before Patches Arrive: Microsoft

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Login

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Recent Posts

  • Satan ransomware-as-a-service gives malware customising tools to hackers on Dark Web
  • Windows 10 Blocks Zero-Days Before Patches Arrive: Microsoft
  • Carbanak Group Used Numerous Tools in Recent Attacks

Categories

  • Legal Issues, Crimes and Punishment (14)
  • Patches and Workarounds (8)
  • Threats and Attacks (95)
  • Tools, Paper and Reports (17)
  • Vulnerabilities and Exposures (56)

Archives

  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
Proudly powered by WordPress | Theme: micro, developed by DevriX.