While farmer’s markets are popular for their vintage clothes and artisanal treats, the deep and dark web offers marketplaces of a very different kind. Instead of vintage clothes, a trip to the dark web might result in the purchase of any number cyber attack tools – such as the newly discovered and highly sophisticated RaaSberry Ransomware (our researchers have identified it over the past 24 hours).
No, that’s not a typo – the first four letters signify that this product is ‘Ransomware-as-a-service’ and the criminals behind it are highly organised. In fact, you might find you receive better customer service from these hackers than some ISPs, though that’s a different story.
RaaSberry is currently being offered in a range of packages starting from around $60 USD up to $250 USD, each with varying levels of customer support. The criminals behind this enterprise claim the ransomware can be used to target any Windows operating system from Windows XP to Windows 10.
The ransomware is advertised as being highly customisable, and can be configured to target particular types of files along with the Shared Location and mapped network drives files. The encryption method uses a 256 bit AES key to lock files, which are then encrypted again using unique RSA key.
The ransomware authors also offer bundled packages with unique email addresses which can be used by the victim to pay the ransom. Another feature is the ability to ‘try before you buy’ with a “Testnest” mode which can be executed on the Virtual machine before distribution. The service promises to use a Polymorphism technique for all the Ransomware binary that is being sold, which means the ransomware is self-replicating and this technique helps it to evade almost 90 per cent of the Antivirus Product on the market.
Other key features include fully automated decryption once the bitcon payment has been received and the ability to execute the ransomware payloads without Administrative Privilege.
Not only that, but the Raasberry user guide is available multiple languages including English, Spanish, Mandarin, Hindi, Arabic, Portuguese, Russian, Japanese, German, French, and Italian.
According to our researchers, this kind of ransomware service has become increasingly popular with other ransomware packages including MacRansom, HostMan and Flux, though Raasberry looks to be far more sophisticated.
This business model evolution will only continue as the combined anonymity offered through the deep and dark webs and the untraceable nature of cryptocurrency masks the offenders from law enforcement. These advantages have made the ransomware service business model more lucrative and competitive, meaning rival ‘businesses’ while continue to improve their offers as they compete for customers.
Who knows, maybe ISPs will one day hire hackers for business development and customer service consultations.