At Infosecurity Europe 2018 security researcher James Lyne explored some of the latest tactics and techniques currently being deployed by cyber-criminals, with particular focus on how 2018 has seen the continued evolution of ransomware to become even more commoditized and business-like.
“I almost feel boring standing here talking about ransomware, as we must all be sick of the topic by now,” he said, “but there’s some quite interesting commercial and business model stuff happening.”
We’re all pretty comfortable with the effectiveness of ransomware, he added, and the fact that it is going to continue to be a part of the ongoing threat. “It’s brilliance is it’s ubiquitous applicability to all of us – stealing credit cards, targeting specific data, going after usernames and passwords, and ransomware struck on the gold of a model where they [attackers] don’t need to care about what data you have, just that you care about your data.
“Since January, there’s been a series of campaigns that are worth paying attention to,” he said. "They are ransomware-as-a service campaigns offering some interesting new features."
An example Lyne pointed to was a “web-based interface where you can set some options, customize the ransom price, the address and so on, click build and download and get delivered a nice, constructed up-to-date piece of malware that authors have put effort into making sure the security community isn’t going to detect.”
They’ve even started giving security advice: “we recommend you to download the file without the xe extension so you don’t accidently run it!”
Another new ransomware service Lyne highlighted is one that is “free for download and use – so we have ‘fremium ransomware’ – who wants to pay for a service in 2018? You login, generate your malicious code and you distribute it, but the difference is, unlike the products and services of before where you owned the ransomware, it’s now an advertising referral scheme. So you generate your malware, you distribute it, and this other criminal gang receives the money and pays you 40% of the profits – so there’s no upfront investment, no difficulties in dealing with the digital currency and potentially getting caught, you don’t even own the people you hack anymore! That’s how commoditized we are – people have options on referral cuts on compromising our computers.”