It’s becoming easier and more affordable to turn into a cybercriminal. Ransomware is now being offered as a service — like many cloud services are. Not only can you subscribe to ransomware-as-a-service (RaaS) on what is known as the dark web, the providers will also give you step-by-step instructions on how to launch an attack. Even a novice can launch sophisticated, and often profitable, attacks.
The dark web is a part of the worldwide web that requires special software to access — like Tor or Freenet — and is not indexed by search engines. Once in the network, there are forums of hackers, drugpeddlers and others, who guide people to what they are looking for.
Ransomware attacks, through the use of service providers, grew from the second half of 2016, said Venugopal N, director of security engineering for India and SAARC in security solutions firm Check Point. “A particular ransomware called Cerber was being offered as a service by 170 people actively last year, and infected nearly 150,000 victims across 200 countries, including India. This number has definitely grown this year,” he said.
Average ransom sought was $500/device in bitcoins
Once a cybercriminal (service provider) generates the code to a ransomware, it is sold to a user who purchases the package with the intent to hack. The package comes with step-by-step instructions on how to launch the attack, along with a dashboard where the user can monitor the status of the attack.
Ransomware encrypts and locks a victim’s device. The victim gets a decoder to unlock the device only if he pays a ransom. Those who urgently need the device are the most susceptible. The ransom is split, usually 50:50, between the the developer and the the attacker. The developer can make up to $2 million annually, Venugopal said. Cybercriminals are also paying 5% extra for referring their services to others.
While Cerber was the most rampant in the as-aservice programme, accounting for 25% of all attacks, malwares like Satan, Shark, and Hostmen were also prominent. The average ransom asked is about $500 per device, and is usually sought in bitcoins.
According to security solutions firm Symantec, India was one of the top countries to be affected by ransomware till the first half of 2017, accounting for 4% of all attacks. The US led the list with 29%. Check Point said India was also among those most affected by Cerber.
Kartik Shahani, IBM India’s head for integrated security, said this method of attack started in 2008 with a malware called Zeus, which was designed to steal banking credentials from the machine it infected. “It was becoming an organised crime with cybercriminals providing support services for Zeus. It’s easily available. There are also pamphlets provided which teach you how to launch an attack. The price can begin from as low as $20 for a password hack now,” he says.
The gold-rush mentality has pushed more and more cybercriminals to distribute ransomware, which, in turn, has contributed to the rise of RaaS as a specialisation. Tarun Kaura, director of product management for Asia Pacific and Japan, says the ransomware builder freely distributes the ransomware to aspiring attackers and takes a percentage cut of any ransom payment.
“It’s easy to attack a network of companies through this. While a lot of the victims were mainly enterprises, it is now also penetrating expensive IoT (internet-of-things) devices like smartwatches and smart TVs. Individuals are not generally aware of these operations and are an easy target,” he said.
Experts say there is no way of knowing who the perpetrators are since the mode of payment is always bitcoins. “They create a secure wallet for every victim and leave no trace of who launched the attack,” says Venugopal, adding 90% of the attacks happen through phishing emails.
The only preventive action possible is for companies to install anti-ransomware solutions that regularly provide patches for gaps in the security system. IBM’s Shahani says antiransomware-as-a-service is a service being provided by white hackers to check vulnerabilities. “Never pay the ransom. Always create a backup, which will ensure that you can reset your systems when attacked,” says Venugopal.