- Jun 9, 2013
- 6,720
A new Ransomware-as-a-Service project has sprung up, and the “service providers” are allowing others to use it for free, but take a 20 percent cut out of every ransom that gets paid by the victims. The ransomware is called Shark.
According to security researcher David Montenegro and Bleeping Computer, the project’s site is accessible to anyone who knows the address, and not just to Tor users. It’s a simple WordPress site, from where would-be criminals can download a .zip file containing the ransomware configuration builder (Payload Builder.exe), a warning note (Readme.txt), and the ransomware executable (Shark.exe).
They are instructed to use the configuration builder to choose which folders and files the ransomware will encrypt, the users of which country to target, the amount of money they will ask of the victims, to input an email address to which a notification will be sent when the payload infects a machine.
“When the configuration is entered, a base64 version of the configuration will be generated. This code is then used as an argument to the Shark.exe to specify that the custom configuration that should be used,” Lawrence Abrams explains.
The Bitcoin address to which the payment will go is that of the original malware authors, who should take their 20 percent and forward the rest to the crooks that distribute this custom made version of it.
Whether they actually keep their side of the bargain is still unknown.
Full Article. Shark Ransomware-as-a-Service: A real threat, a scam, or both? - Help Net Security
According to security researcher David Montenegro and Bleeping Computer, the project’s site is accessible to anyone who knows the address, and not just to Tor users. It’s a simple WordPress site, from where would-be criminals can download a .zip file containing the ransomware configuration builder (Payload Builder.exe), a warning note (Readme.txt), and the ransomware executable (Shark.exe).
They are instructed to use the configuration builder to choose which folders and files the ransomware will encrypt, the users of which country to target, the amount of money they will ask of the victims, to input an email address to which a notification will be sent when the payload infects a machine.
“When the configuration is entered, a base64 version of the configuration will be generated. This code is then used as an argument to the Shark.exe to specify that the custom configuration that should be used,” Lawrence Abrams explains.
The Bitcoin address to which the payment will go is that of the original malware authors, who should take their 20 percent and forward the rest to the crooks that distribute this custom made version of it.
Whether they actually keep their side of the bargain is still unknown.
Full Article. Shark Ransomware-as-a-Service: A real threat, a scam, or both? - Help Net Security
