Security News Malware creators increasingly run their business like legitimate software companies

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
The continuing increase in ransomware attacks is, partly, due to how easy the malware can be built and used by attackers that have limited technical skills.

Take for example the Philadelphia Ransomware-as-a-Service (RaaS) offering. Offered for sale by a group (or individual?) that calls itself The Rainmakers Labs, it is just a part of the overall arsenal of “anti-security solutions” on offer
Click to expand...
Philadelphia is a typical piece of crypto-ransomware and, as it’s usual with RaaS offerings, the buyer will get (almost) everything he or she needs to create a ransomware sample, set up a C&C server to communicate with victims, and manage the attacks.

For more technical information about the malware, you can check out this Sophos Labs report.
Click to expand...

Malware sales techniques
But the most interesting thing about the group is their approach to marketing and sales.

“The Rainmakers Labs run their business the same way a legitimate software company does to sell its products and services,” the researchers explained.

“While it sells Philadelphia on marketplaces hidden on the dark web, it hosts a production-quality ‘intro’ video on YouTube, explaining the nuts and bolts of the kit and how to customize the ransomware with a range of feature options. A detailed Help Guide, walking customers through set-up is also available on a .com website.”

As expected, they advertise the malware on dark web forums and markets, but are also pushing it via other means. As noted by ClearSky Security earlier this year, they have been aggressively spamming potential buyers via the Jabber messaging platform.
Click to expand...

They use brochures to explain the ransomware’s features, refer to news coverage and blog posts from security professionals as a means to show that their offerings are of good quality, and offer discounts or justify the high price ($389 for Philadelphia) by highlighting the lifetime access, constant updates and easy setup/usability of their product.
Click to expand...
 
  • Like
Reactions: brambedkar59, Winter Soldier, Fritz and 1 other person
You must log in or register to reply here.

Similar threads

[correlate]
    • Like
    • +Reputation
Security News Ransomware gang deploys new malware to kill security software
Replies
0
Views
1,578
Security News
[correlate]
[correlate]
Gandalf_The_Grey
    • Wow
Security News Casio confirms customer data stolen in a ransomware attack
Replies
0
Views
1,485
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • +Reputation
    • Like
    • Thanks
Malware News Ransomware gang targets IT workers with new SharpRhino malware
Replies
0
Views
2,233
Security News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top