Whether it’s in January when you read your credit-card statement, or if it’s right now that you check the state of your bank balance, you’d be forgiven for thinking you’ve been held to ransom once again this Christmas time. The ‘need’ to spend, spend, spend in our materialist, capitalist, consumerist society has surely hidden the true meaning of Christmas behind the curtain of having to buy ‘the must-have toy’ or the ‘trendiest gadget’. You’d also be forgiven for thinking that if you haven’t bought the right present for (or spent the right amount of money on) your spouse / partner / child / parent / BFF (delete as applicable) then you’ll surely experience the consequences in the New Year.
But at least you’re not literally being held to ransom. Not just yet, anyway.
In recent months Sophos has been warning us about ransomware distribution kits that are being sold on the dark web to anyone who can afford them. One for the acronym-lovers out there – these RaaS packages allow people with very little technical knowledge to carry out a ransomware attack with great ease.
RaaS, of course, standing for ‘Ransomware as a Service’.
Whilst RaaS packages have been available for some time, the threat is continuing to grow and the number of kits that are available will only increase with time. In fact, Sophos are warning of a surge in Ransomware fuelled by RaaS in 2018.
[clickToTweet tweet=”Whilst #RaaS packages have been available for some time, the #threat is continuing to grow ” quote=”Whilst RaaS packages have been available for some time, the threat is continuing to grow “]
What makes RaaS particularly ingenious is the fact that creating malware – even selling it – is not currently illegal. According to Leon Adato, Head Geek at SolarWinds what is illegal is the intent to sell for criminal use. However, intent may be hard – perhaps even impossible – to prove if suitable precautions are used by the cybercriminals.
Dorka Plotay, Threat Researcher at Sophos, has even pinpointed one such company – Rainmaker Labs – which, he says, runs its business very much the same as a legitimate software company, and whilst it sells some RaaS on marketplaces hidden on the Dark Web, it hosts production quality “intro” videos on YouTube which explain how the RaaS kits work and how they can be customised with a range of options.
As hard as it is to prove intent, the ability to disprove intent is similarly difficult.
With an anticipated surge in RaaS-originated attacks we are likely to see renewed efforts to combat these threats from well-meaning security researchers – both employed by professional security firms as well as operating on their own. But Mr. Adato has also urged caution with respect to this as well. As hard as it is to prove intent, the ability to disprove intent is similarly difficult.
Mr. Adato cites the case of ‘ransomware cyber-hero’, Marcus Hutchins – aka MalwareTech – who defused the WannaCry attack. Although Hutchins attempted to remain anonymous, the high-profile nature of the attack generated too much interest in his identity and it was eventually uncovered. In August 2017, Hutchins was arrested over a separate attack relating to malware designed to infiltrate the banking industry. Many in the security community believe he has been falsely charged and he himself maintains his innocence.
This is one of the latest in several years’ worth of cases covered by the 1986 Computer Fraud and Abuse Act (CFAA). In theory, it outlaws hackers, but in practice, it does not – and cannot – distinguish been cyber-villains and cyber-heroes.
Because of the ambiguity in the CFAA, there is the potential for security researchers to fall foul of the law during the course of their work. A further complication is highlighted by the fact that there’s currently a dearth of properly qualified security professionals (a recent survey revealed that fewer in one in four security professionals have the necessary qualification to keep their organisation secure) and this shortage could be massively exposed in 2018.
The task of fighting any conflict starts with knowing your enemy. Dorka Plotay, Threat Researcher at Sophos, has identified five RaaS kits that we could be seeing more of in 2018 if the proper steps at prevention aren’t taken.
- Philadelphia – which is one of the most sophisticated RaaS kits. For $389 it is possible to purchase a full, unlimited licence which allows for personalisation.
- Stampado – which was Rainmaker Labs’ first available RaaS kit, which was first made available in summer 2016 for the extremely low price of £39.
- Frozr Locker – offered for 0.14 bitcoin. Once infected, the victim’s files are encrypted. Its creators even offer online support to the ‘customers’ and they help to troubleshoot problems!
- Satan – allows you to set your own price and payment conditions and collects the ransom on your behalf. Once paid, a decryption tool is sent to victims who pay up and 70% of the ransom is paid to you via Bitcoin.
- RaaSberry – Customers can choose from a number of available ‘packages’ – from a one month ‘Plastic’ command-and-control subscription to a ‘bronze’ three-month subscription.
Sophos has also advised that the best ways to combat ransomware in 2018 are as follows:
- Back up regularly and keep a recent backup copy off-site.
- Don’t enable macros in documents received as email attachments
- Be cautious about unsolicited attachments
- Patch early; patch often
However, don’t just assume that Malware is PC or laptop / desktop specific. Sophos also warns that Ransomware is on every platform. When reviewing Google Play, Sophos found that the number of different threats had doubled since last year and they warn that there could be an explosion of Android malware in 2018. And whilst Windows PCs will continue with their well-known, ongoing threats, expect to see further efforts to infect Mac computers in the coming 12 months. The recent problems experienced by Apple only serve to highlight that Mac’s previous reputation for near-invincibility is an over-exaggeration and not something to be taken for granted.
Being held to ransom – over Christmas presents or your data – is not an inevitability. Just as we can get pleasure at Christmas through the joy of giving, we can get pleasure from our data and applications by giving them the care and attention they deserve as well.
Enjoy Christmas! Enjoy the New Year! And enjoy staying safe and secure in 2018 by being aware of the risks associated with RaaS and Ransomware in general and taken appropriate measures to prevent them from affecting you.