Recently, researchers have uncovered a new ransomware as a service (RaaS), which would allow free access for wannabe hackers.
The Dot ransomware operates on a commission-based strategy, offering cybercriminals free access to the software while splitting the profits 50/50 on successful attacks. Security researchers claim that the new ransomware came out on February 19, and it is available via a .onion.market website on the Tor network.
Cybercriminal forums and dark net marketplaces offer a wide selection of malicious software. When ransomware (and malware) became popular among hackers, cybercriminals who wished to use such software to gain profits from innocent victims by locking their computers and demanding money for a decryption code, had to be tech-savvy to commit such crimes. However, as the malicious software evolved, forum members started offering services, such as RaaS, MaaS (Malware as a Service) and DDoS as a Service, which helped even players new to the game to conduct successful attacks. These services allow cybercriminals to purchase malware, ransomware, and DDoS codes.
“This is an easy, no pressure gateway for aspiring affiliates since nothing is invested in obtaining the ransomware. Recent updates to the site show that this RaaS variant has continued to receive support and refinements from the author in order to improve the product,” researchers at cybersecurity company Fortinet said regarding the Dot ransomware.
According to Fortinet, the RaaS requires users to register using a bitcoin wallet. After that, the service allows them to log in and download the malware builder and the core component. Dot ransomware has also created a statistics page “for affiliates to track the number and status of infections”. The service also offers a tutorial for the users, consisting of the recommended prices for specific countries and a list of 380 suggested file target extensions. Most importantly, if a successful attack has been conducted by a user, the funds from the victim goes straight to the author, not to the attacker.
“The simplistic and straight-forward design of Dot ransomware enables just about anyone to conduct cybercrime. With all the support for bug fixes and developments, it’s astonishing to think that these malware services have evolved using traditional business models. Moreover, it allows cyber criminals to easily start a RaaS business with the free additional safety of an online anonymity framework from Tor service and Bitcoin,” the researchers said. “Although we haven’t seen this ransomware in the wild, with the advertisements being made accessible on hacking forums it’s only a matter of time until people start taking the bait.”
Ransomware has been a great problem for both corporate, governmental, and private victims. If the victim’s computer becomes infected, the malware locks the full device and threatens the user that it will delete all files from its system if a specific price is not paid within the required time frame. Victims have to either decide to pay the fee and get back their data for a great price or get their hard drives wiped by the attackers.
According to a research conducted by Solutionary’s Security Engineering Research Team for Q2 2016, 88 percent of all ransomware attacks targeted hospitals. According to the study, hospitals are easy targets for hackers since the institutions use numerous devices and systems, which provides more entry and pivot points to the attackers to exploit. Apart from easy, the healthcare industry is a favorable target for ransomware attackers. Firstly, if a healthcare institution’s system gets locked, workers can’t use just only a handful of devices to treat the patients, which could lead to major problems. Because of this, the directors of the institution have to react fast to the attacker’s demands. Another reason is that the value of information stored in the system of a hospital is really high. If for example, a hospital gets infected by a ransomware and the data gets wiped from the systems, it could lead to even the deaths of some high-risk patients.
If a freely available RaaS, like the Dot ransomware, becomes popular among cybercriminals, it could lead to major disasters, especially in the healthcare industry. Law enforcement authorities, the government, and security companies have to all identify the issue and take major steps to prevent such thing from happening as soon as possible.