[German]Ransomware groups are continuously developing their business models and also acting as service providers, offering their tools in return for a share of the profits. A new Ransomware-as-a-Service (RaaS) group is trying to simplify the cyber extortion business a bit more. Customers can book the services for a fixed price.
Advertising
The past 12 months have been marked by successful ransomware infections at large organizations. A recent IBM report shows that a successful cyber attack cost victims an average of $4.24 million per incident – the highest in the last 17 years. Although ransomware reportedly already accounts for 69% of attacks on businesses, that number could rise even further. CyberNews security researchers have come across a new RaaS group on the Darknet that is making it easier for people interested in ransomware extortion to get in.
Large ransomware groups such as REvil, Conti or DarkSide usually demand their customers' participation of 30% per ransom payment. These actors provide the malware while the threat actors carry out the attacks.
- The new RaaS group calls itself Ranion and requires only a one-time upfront payment for its malware, with no additional service fees. Various Ranion malware packages are priced from $150 to $1,900 – a shockingly low price compared to the multi-million dollar losses companies suffer from ransomware per attack. The more expensive offerings supposedly guarantee fully undetectable (FUD) status.
- The Ranion malware uses AES-256 encryption and is virtually undetectable. This is because customers supposedly receive a unique stub, making each malware file different and thus difficult to detect. The stub is executable and a crypto-packer, which gives the malware its unassailable properties. Currently, only one enterprise antivirus solution is capable of detecting this ransomware.
To provide threat actors with a wider range of damage capabilities, Ranion added a feature to the malware that causes a delay between infection and execution of the encryption program. Moreover, the cybercriminals also offer real-time support to their customers. However, the malware only works on Windows, which gives users of other operating systems some breathing space.
The facilities offered by Ranion Group are relatively inexpensive and expected to be difficult to detect. Therefore, their Ransomware-as-a-Service (RaaS) offering could allow opportunistic threat actors to get in on the extortion with ransomware game. Cases such as the attack on U.S. agricultural services provider New Cooperative Inc. with a ransom demand of $5.9 million are certainly likely to spark covetousness. CyberNews has published the details in this blog post.
