Wednesday, August 17, 2016

Invisible bitcoins for the ransomware-as-a-service

Ransomware industry has been positioned as one of the most profitable industry for cyber crime. Victims are extorted to pay a good deal of money to get all their files back, relying on the good faith of the thieves.

Check Point Software Technologies has published a report analyzing the economic and operational impact of one of the biggest ransomware-as-a-service (RaaS) in circulation. It uses a new variant of the well known Cerber ransomware and it is generating about $2,5 million in returns to its creators.

There are now 161 active campaigns and 8 new campaigns are launched everyday. It is believed that criminals made around $200,000 just for the month of July. Victims have deposited money into different Bitcoin wallets which results 1 bitcoin (around $590) per attack.

But what has impressed investigators the most is the money laundering system that has been established.

Cyber criminals ensure that payments can not be tracked thanks to a technique called Bitcoin mixing:


"This technique allos the ransomware author to transfer Bitcoin and receive the same amount back to a wallet that cannot be associated with the original owner... The process mixes other user's money, using tens of thousands of Bitcoin wallets, making it almost impossible to track them individually. Furthermore, the user can divide the money among several Bitcoin wallets at the end of the mixing process".

A new variant of Cerber (Cerber 2), active since February 2016, is being used in several exploit kits (Magnitude, RIG, Nuclear Pack). It has democratized what some experts had proclaimed that was only disposable to intelligence agencies. 

"In the past this type of coordinated attacks were the work of nation state actors. Now, automated attack tools and RaaS networks have put cyberattacks in the reach of the masses. Affiliates can buy exploits and rent the ransomware. They don't need any technical knowledge or tool. They just need access to the Dark Web and pay someone for the services".

And here is the biggest problem. This operational decentralization is making the work of authorities more difficult.

Who attacks is an intermediary. Reaching the attacker doesn't mean to end the attacks.

We also stress the results of the spam camping of Panda Banker malware published by Proofpoint and the discovery of and a ransomware based on PokemonGo

0 comments:

Post a Comment