Cisco: How Adversaries Are Refining and Improving Ransomware in 2017
Here’s a quick look at some of the key trends in ransomware we’ve observed during the first half of 2017:
Ransomware-as-a-Service (RaaS) platforms, such as Satan, are becoming commonplace, significantly decreasing the “barrier to entry” for threat actors who want to get into the ransomware business without doing the hard work of programming, or amassing network resources. The operators of the RaaS platforms take a portion of adversaries’ profits, similar to the way in which many legitimate software platforms work. Some of the operators even provide additional “customer service,” such as deploying the ransomware and tracking the progress of ransomware distribution campaigns over time, making it even easier for threat actors to launch and manage their ransomware campaigns.
Open-source ransomware codebases are also being leveraged by adversaries to help them launch new ransomware campaigns quickly. As covered in the MCR, several open-source ransomware codebases such as Hidden Tear and EDA2 have been released publicly “for educational purposes” Threat actors can simply tweak the code to suit their specific objectives and then deploy the malware to launch ransomware attacks. We know that this is a strategy used by some adversaries: many of the supposedly new ransomware families that Cisco has recently observed appear to be directly based on these open-source codebases.
Read the entire article here, How Adversaries Are Refining and Improving Ransomware in 2017
via the fine folks at Cisco Systems.