If you haven’t been infected by ransomware, ever, you are either very good at taking care of your data, or you have been incredibly lucky. Ransomware has been continuously evolving, and has become incredibly widespread thanks to the ransomware-as-a-service (RaaS) model. Things on this department are getting even worse as a new dark web scheme was just unearthed. This new scheme, dubbed Dot Ransomware, allows any wannabe cybercrook to use ransomware for free under only one condition: to split the profits 50/50.
Until now we have seen many RaaS schemes enabling unprofessional cybercriminals to spread ransomware for a fee or based on a subscription service, and make money out of it. However, this new campaign takes things to a whole new level – now anyone can operate with ransomware without investing anything. The only condition needed is to split the profits of successful infections with the authors on a 50/50 basis.
The scheme was discovered by researchers at Fortinet, who stumbled upon it while “lurking in hacking forums”:
While lurking in hacking forums, we came across a post for this new ransomware service. RaaS services are now switching from a one-time fee or subscription payment model to a commission based strategy. One advantage of this scheme is that the up front price for the ransomware is free, and any profits realized are just split 50/50 between the author and affiliate. This is an easy, no pressure gateway for aspiring affiliates since nothing is invested in obtaining the ransomware.
How Does the Dot Ransomware Scheme Work?
To start off, the potential criminal needs to go to a specific Tor link which will redirect them to the Dot ransomware homepage, a relatively new website. Researchers say that the ad they came across was published on February 21, and the project itself was launched just a couple of days before that. “Recent updates to the site show that this RaaS variant has continued to receive support and refinements from the author in order to improve the product,” Fortinet adds.
To participate in the free program, the wannabe affiliate will have to register via Bitcoin Address. Then, the about-to-become a cybercriminal will be able to download the malware builder, together with the core component. The core component is nothing but the ransomware payload with a default configuration. There is also a statistics page, where participants can track the number and status of infections.
During our testing we found that the statistics only counts an infection as successful if the victim visits the decryption page. This has the advantages of eliminating automated infections and providing a more realistic return from real victims, researchers say.
Since RaaS is a marketing model, be it an underground one, the authors have even included recommendations on the prices for certain countries and regions. There is also a list containing 380 file target extensions as suggestions for encryption.
In conclusion, Dot ransomware comes with a simplistic and easy-to-understand design that makes it easy for anyone to turn to the dark side of cybercrime. There is also support for bugs and constant developments which makes it even harder for security researchers to stay on top of things. The worst is that it has become increasingly easy for any wannabe to join in a RaaS model, especially here as no fee or subscription is needed.
Finally, Dot ransomware hasn’t been caught in active campaigns yet but considering the amount of ads on underground forums, perhaps it won’t take long before Dot starts hitting victims.
Stay Away from (Dot) Ransomware: Protect Your System and Back Up Your Data
Those are the basics of a secure system nowadays. Having an anti-malware program is a necessity, but you can also consider employing additional anti-ransomware protection. In terms of data hygiene, systematically backing up your files is absolutely needed.
More tips on how to avoid and counter ransomware are available in our forum, in the Helpful Tips about Ransomware topic.
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter