live casino online

Ransomware as a service (RaaS) is designed to lower cybercrime¡¯s barriers to entry. In a typical RaaS operation, developers write the malware, build the infrastructure needed to mount campaigns, then make it accessible for others¡ªwith underground marketplaces serving as their breeding ground. The apparent convenience and incentive of launching their own campaign, regardless of their technical knowhow, make it popular among venturing cybercriminals and script kiddies.?

Case in point? Several ransomware families offered for sale (or rent) emerged this week touting affiliates and distributors with features beyond the ransomware¡¯s file-encrypting capability.?

Other notable ransomware families we¡¯ve seen is the return of what can be considered the (detected by live casino online as ANDROIDOS_SLOCKER or ANDROIDOS_SMSLOCKER), and another with a familiar attack vector: compromised remote desktops.?

Here are the highlights of this week¡¯s ransomware recap:?

FrozrLock offers affiliates ¡°unlimited rebuilds¡±

Also known as AutoDecrypt, FrozrLock (RANSOM_WANTMYFILES.A) is sold in the underground for US $220 and as a ¡°great security tool¡± that can encrypt files in minutes. Its RaaS operation lurks in Tor¡¯s hidden service (.onion). In its homepage, FrozrLock is a C#-coded ransomware that supports .NET framework (4.5 and later versions) and employs Twofish256, AES256, and RSA4096 encryption algorithms to scramble the victim¡¯s files. FrozrLock¡¯s service, which fellow cybercriminals can avail by registering to its website, is packaged with a Tor-based control panel that allows distributors to create as many ransomware builds as they want. The dashboard can also purportedly monitor the infected victims. The changelogs in FrozrLock¡¯s website indicate its developers are actively updating their service.?

Figure 1: One of FrozrLock¡¯s ransom notes

[READ: What does ransomware as a service (RaaS) mean for enterprises?]

Nemes1s RaaS has a support ticket for distributors

Nemes1s is in itself a copy of another RaaS, PadCrypt (RANSOM_CRYDAP), which made back in February 2017 for offering a live help chat to victims.?

What¡¯s notable in Nemes1s is the of refreshes it made to the service. These include an updated dashboard for distributors who can now see statistics such as the operating system (OS) of the infected machine, number of infections, and pending or received payments. It even has a support ticket system where distributors can ask Nemes1s¡¯s Russian and German support members for assistance.?

Given how Nemes1s¡¯ site doesn¡¯t have a registration section¡ªa staple in many RaaS families¡ªit appears that the distribution of Nemes1s¡¯s service is restricted to a select few. It may also mean that Nemes1s¡¯s developer is keeping a low profile to avoid drawing attention from law enforcement and security vendors, or until his service matures enough to serve more distributors.?

[From the Security Intelligence Blog: ?

Fatboy RaaS touts a more honest cybercriminal partnership

Fatboy (RANSOM_PHYTOCRYP.A) RaaS debuted in a Russian underground forum through a user who goes by the handle ¡°polnowz¡±. Fatboy¡¯s payment arrangement is quite : it uses the , a benchmark for measuring purchasing power of currencies, to gauge the amount of ransom it will demand its victims. Those located in more affluent countries are extorted with a bigger sum.?

Another striking feature is the lengths Fatboy¡¯s developer goes to earn the would-be affiliate¡¯s trust. The developer and potential distributors (or ¡°partners¡±) can communicate with each other directly using the Jabber Off-the-Record (OTR) messaging service. Any payment made by the victim is received instantly by the distributor.?

Fatboy is advertised to be capable of working on 32- and 64-bit Windows systems and scrambles files with AES-256 encryption keys, each of which are then encrypted with RSA-2048 algorithm. Fatboy can purportedly scan all disks and network folders, and target a massive 5,000 file types. The malware is a 15.6 kB-binary written in C++ language.?

The ransomware will not work if it infects systems located in the Commonwealth of Independent States. Fatboy demands a ransom of 1 Bitcoin (roughly equivalent to US $1,860 as of May 11, 2017) and threatens victims with a certain time limit (which distributors can customize) before the files are deleted.?

[From the Security Intelligence Blog: ]?

Mobile ransomware SLocker resurges

SLocker was one of the first ransomware to emerge in the mobile landscape, and after a lull in activity it staged a comeback with over 400 unique samples in tow. They masquerade as jailbreaking applications as well as legitimate, recreational and business apps, using obfuscation techniques to evade detection.?

Based on live casino online¡¯s analysis, SLocker was notable for to lock the device¡¯s screen. SLocker is also known to impersonate law enforcement agencies accusing victims of crimes to capitalize its fear-mongering tactic against unwitting victims.?

Several iterations of SLocker like SMSLocker also operated as banking Trojans, locking the mobile device while also pilfering its online banking credentials.?

[READ: ]?

RSAUtil ransomware targets compromised remote desktops

Another ransomware that made rounds is RSAUtil (RANSOM_DONTSLIP.A) that targets hacked remote desktop services. RSAUtil¡¯s attack chain is multipart: a package comprising various tools and RSAUtil itself are uploaded to the compromised machine. The package¡ªwhich contains configuration files, executables and dynamic -link libraries (DLL)¡ªis then executed in order to install the ransomware.?

The files in the package are the ones responsible for:

• RSAUtil¡¯s encryption routine and the public encryption key to use in the infected file
• Erasure of event logs in the machine to remove traces of how it was compromised
• Indicating what ID number and email to use in the ransom note
• Selecting which extension name to put in the encrypted files
• Preventing the machine from being idle, sleeping or hibernating to ensure RSAUtil doesn¡¯t get disrupted?

[Infographic: A multilayered defense against ransomware]?

Indeed, ransomware continues to diversify in order to hit more targets. This is particularly true for RaaS. Outsourcing cybercrime and turning it into a turnkey service puts threats such as ransomware in the hands of a wider swathe of bad guys. The result? An ever-rising number of different builds of similar ransomware in the wild with varying degrees of capabilities. Cybercriminals, too, will set their sights into other viable targets like mobile platforms as they become more prevalent among users and businesses.?

While there is no silver bullet against ransomware, a proactive approach to security helps mitigate it. Some of the best practices for defending against ransomware include:

• Regularly
• Keeping the system updated with the latest patches
• Employing virtual patching to avert attacks that use unknown vulnerabilities
• Identifying and defending common entry points used by ransomware such as email and suspicious websites
• Integrating