By Cameron Abbott and Colette Légeret
The expansion of the “service industry” into malware-as-as-service (MaaS), is not the only cyber-attack available online, Bleeping Computer found ransomware-as-a-service (RaaS), that not only uses FilesLocker malware and targets Chinese and American victims, it also offers users a sliding commission pay-scale that rises the more ransomware victims infected.
Bleeping Computer was put on the trail of this RaaS by security researcher, Neutral8✗9eR, who saw it being marketed through a Chinese malware forum on TOR.
The TOR advert, as translated from Chinese, claims that the code is written in C#, is 212KB in size, works against a variety of Windows operating systems, has a Chinese and English ransom note and interface, and comes with an easy-to-use statistics generator that tracks attacks. According to Bleeping Computer, RaaS targets files such as desktop, documents, music and pictures.
RaaS, unlike MaaS is designed for more experienced users, with the RaaS provider asking user to have enough experience pushing malware to keep it from being uploaded to and spotted by an anti-virus service and have the scale to infect at least 10 systems per day.
In return, users are offered a 60 per cent revenue share of any ransom payments received, however, if the user is able to generate more victims, this can rise to 75 per cent. It just goes to show that crime does pay!