Ransomware gets easier for would-be crooks as developers offer malware-as-a-service

A recently-released form of ransomware, which has the unusual distinction of being distributed via two different exploit kits, is now being sold ‘as-a-service’ on hacking forums. GandCrab first emerged in January and was found to be distributed by the RIG exploit kit and GrandSoft exploit kit, two sets of tools which provide attackers with all the tools they need to exploit vulnerabilities to deliver malware. Researchers at Flashpoint have described to ZDNet how the ransomware is now being advertised on what’s described as a ‘top-tier Russian hacking forum’.

A translation of a post made on the forum offers would-be crims a ‘partnership program’ for the ransomware, with the creators taking up to 60 percent of the ransom fees paid to their clients. However, successful crooks could earn up to 70 percent of the ransom payments for themselves. In exchange for taking a cut of the profits, GandCrab’s authors offer their users support and updates for the ransomware — including, if necessary, offering step-by-step instructions via the use of a ticketing system and other features associated with legitimate, rather than criminal, software. It’s all to make the ransomware easy to distribute and use.

Read more about the new ransomware-as-service scheme that offers tools and tutorials for getting started with GandCrab, in return for a cut of the profits — and a promise not to attack Russia, on ZDNet.

Track the strategic threats to your business with the Threat Brief, delivered to your email daily.

Subscribe Here