Security News New Satan Ransomware available through a Ransomware as a Service.

[LASER_oneXM]

...now everyone has his own custom ransomware: see the first quote... :/

A new Ransomware as a Service, or RaaS, called Satan has been discovered by security researcher Xylitol. This service allows any wannabe criminal to register an account and create their very own customized version of the Satan Ransomware.

Once the ransomware is created, it is then up to the criminal to determine how they will distribute the ransomware, while the RaaS will handle the ransom payments and adding new features. For this service, the RaaS developer takes a 30% cut of any payments that are made by victims. According to the advertisement for the Satan RaaS, the developer will reduce their cut depending on the volume of payments received by an affiliate.

When it has encrypted a file, it will scramble its name and append the .stn extension to the file. For example, test.jpg may become ahasd.stn. While encrypting files it will also create a ransom note called HELP_DECRYPT_FILES.html in each folder that a file has been encrypted.

When it has finished encrypting the computer, it will execute the C:\Windows\System32\cipher.exe" /W:C command to wipe all data from the unused space on the C: Drive.

Finally it will display the ransom note, which contains a unique victim ID and a URL to a TOR payment site.

Unfortunately, at this time there is no way to decrypt the files for free. For those who wish to discuss this ransomware or receive support, you can use our dedicated help topic: Satan Ransomware Help & Support Topic.