New ransomware-as-a-service caters to cybercriminals with commercial expansion

Security firm Adlumin has been tracking various attacks across multiple industries all leveraging the Play ransomware and found striking similarities between the attacks, suggesting it is being offered in the RaaS format. The similarities between separate attacks included copied passwords in the creation of high-privilege accounts and the same folders used for malware delivery.

Pay-per-Play

In a report, Adlumin stated, “The unusual lack of even small variations between attacks suggests that they are being carried out by affiliates who have purchased the ransomware-as-a-service (RaaS) and are following step-by-step instructions from playbooks delivered with it.

“When RaaS operators advertise ransomware kits that come with everything a hacker will need, including documentation, forums, technical support, and ransom negotiation support, script kiddies will be tempted to try their luck and put their skills to use.”

RaaS has been highlighted by multiple threat intelligence organisations as a growing sector within cybercriminal enterprise, as highly organized cyber gangs rent out their infrastructure, tactics, techniques and procedures to fledgling groups or individuals looking to make some money without the necessary investments in their own architecture.

In the wake of some ransomware attacks, cybercriminals have been known to leverage stolen data by threatening to sell/release it as a means of further extorting organizations and forcing them to pay. The US, alongside a number of other leading economies, recently signed a pledge to never pay a ransom to cybercriminals again.

Via The Hacker News

More from TechRadar Pro

• The US government wants to offer better cybersecurity to major infrastructure firms
• Keep yourself safe by taking a look at our rankings of the best endpoint protection software
• Take a look at our list of the best Black Friday antivirus deals