Satan is the latest Ransomware as a Service and may be the easiest access point ever created to get into the ransomware business.
Ransomware programmers continue to fine tune RaaS (Ransomware as a Service) opportunities for prospective cyber criminals. Since the introduction of the ransomware phenomenon which burst onto the scene in 2015, options have become more user friendly, more sophisticated, more effective and therefore, more prevalent. Say hello to “Satan.”
Satan maybe the simplest RaaS program for users since the inception of the outbreak. Delivered via a web portal even ransomware hackers with no coding skills can join the fray. A cyber crook simply has to sign up and enter some information. Then Satan creates a new custom strain of the ransomware ready to attack victims.
Satan’s service lets ransomware “distributors” build a customized executable file for their campaign, The RaaS software is coded with a bevy of anti-debugging techniques. And Satan ransomware includes an elaborate array of trickery to avoid easy analysis making deployment more effective (Cylance, Feb 2017).
As for the income potential, the original programmers takes a 30% commission on any ransom collected and the “affiliate” gets to keep 70%. Since the creators gets a cut, they have actually developed a guide with deceptive tips and tricks to get the ransomware deployed and how to execute attacks and avoid detection.
Interesting note: Satan requires registrants to fill in a CAPTCHA box so their site doesn’t get hit with bots. So even ransomware hackers, don’t want to have their site hit by a bot that can disrupt traffic, steal information, or mess up analytics tracking.
Satan attacks more than 130 file types, and appends them with a .stn extension name. Files are encrypted with multiple encryption algorithms (Trend Micro, March 2017), Once the files have been encrypted, the program creates an HTML file that shows up on the infected computer’s desktop. The file contains the ransom demand as well as instructions on how to make the ransom payment (socpedia.com, Jan. 2017).
Joining the Ransomware billion dollar business continues to become more effortless every day. The ease of entry with no startup costs means there will be a continued proliferation of attacks. The US Government estimates that there are 4,000 ransomware attacks released daily. This puts the burden of prevention squarely on the shoulders of IT pros.
You need to protect your data from Ransomware. Unitrends can help you in 5 ways:
Unitrends provides both local and cloud protection options, Giving IT pros 3-2-1 protection, 3 copies of your data – 2 different types of media – 1 copy off-site.
The transition away from malware susceptible Windows backup software to a purpose-built hardened Linux solution dramatically hampers hackers from successful attacks. By running on a hardened Linux platform Unitrends Recovery Series backup appliances and Unitrends backup virtual machines are resistant to malware and ransomware attacks.
A key component of Unitrends portfolio’s security capability is Unitrends Recovery Assurance. It provides automated testing of recovery for backups — both local and in the cloud.
Recovery Assurance secures the recoverability of mission critical applications. Recovery will occur in the time required to meet an organization’s IT service demands, no matter what causes the disaster or outage.
By analyzing your data’s change rate through de-duplication during backup, Unitrends can monitor signs of potential file encryption. Proactive alerts are dispatched to administrators when ransomware conditions are detected.
Unitrends instant recovery roll servers back to their state before attack. Near-zero downtime and data loss. Unitrends has created an iron-clad security platform, a virtual force field, to ensure that the digital assets of their client’s are protected.
Learn more about how Unitrends defends against ransomware here.