Skip to content
Free Security Assessment
All posts

Ransomware As Services

By  Arthur Su  ·  1 minute read

Ransomware has come a long way from just locking down OS systems to using complex crypto-locker versions. The crypto-locker type is the top pick among all. Most of these ransomware use common algorithms for encryption and hashing like AES, RSA, SHA256, MD5 and so on. Often, they're made using standard libraries like OSAPI and OpenSSL. Here are the usual ways to encrypt files on the target computers or systems:

  • Attackers might upload a secret key and encrypt the files on the target computer.
  • They could generate random keys on the target machine for encryption.
  • They might use a constant key for encryption. (You can often solve this by comparing original files with the encrypted file using reverse-engineering.)
  • They could encrypt the files using randomly generated AES keys then use RSA public key to encrypt the AES keys.
  • Other methods like ECDH could be used for encryption.

Attackers have different ways to spread ransomware. In the early days, they typically used SPAM like phishing emails, ransomware ads, waterhole sites and so on. But nowadays, they're focusing more on specific targets who can pay a bigger ransom. That's why they're using more targeted methods like Remote Desktop Protocol brute-force and Exploit Kits. These let attackers look for system weaknesses, systems that haven't been patched, and they can use zero-day exploits. Ransomware keeps evolving with new tech. Some ransomware attacks even show signs of complex evasion and anti-analysis techniques. The rise of international cloud computing gives cybercriminals a bigger playground to launch their attacks. New tech like distributing ransomware through smart contracts and IPFS (InterPlanetary File System), and post-quantum ransomware will likely be used by ransomware creators. Just using tech to fight ransomware will turn into a never-ending battle between attack and defense.

Ransomware as Service is a model where ransomware creators give easy-to-use ransomware packages to affiliate attackers for a piece of the ransom payment. The attackers use the tools provided to get into the target systems and deploy the ransomware. RaaS providers then handle all the communication and payment collection. Researchers think that RaaS was behind more than two-thirds of ransomware attacks in 2020.