Threat Management, Network Security, Malware, Network Security

DDoS and ransomware tools for starter and experienced cybercriminals exposed

A pair of new malware-as-a-service schemes have been uncovered with one designed as an easy to use point of entry for beginner DDoS attackers, while the second offers a sliding commission pay scale that rises if more ransomware victims are infected.

The Fortinet research team of Rommel Joven and Evgeny Ananin has dived into a DDoS as a service being made available on several Dark Web forums, while Bleeping Computer has the details on a new ransomware as a service using FilesLocker malware that is targeting Chinese and American victims.

Fortinet’s DDoS kit disguises itself as a legitimate booter or stresser service and because it is relatively easy to set up almost anyone can go into the “DDoS a website for a fee” business. Some of the offerings are incredibly customizable.

The 0x-booter dashboard.

Joven and Ananin found one such service that went operational on October 17 called 0x-booter which utilizes the Bushido botnet for its attacks. Bushido itself is relatively new having only been identified in September 2018.

An entire DDoS campaign can be initiated, set up and controlled from a single user interface that offers the wannabe attacker a variety of options. The service claims to have the ability to push out a 500GB per second attack from about 20,000 bots, but attacks can be set for different levels of intensity and length with prices ranging between $20 and $150.

A screenshot of the price list shows that for $30 the service will create two 900 second attacks, come with 24/7 support, access to all tools needed and will work on a standard network.

Fortinet was able to a obtain slightly lower performance when it tested the service, but noted that what was generated was more than enough to take down most websites.

Fortinet believes the service has been used to launch about 300 attacks.

The FilesLocker program is a completely different animal requiring a bit more skill to utilize. Bleeping Computer was put on the trail of this RaaS by security researcher Neutral8✗9eR and found it is being marketed through a Chinese malware forum on TOR.

FilesLocker ad courtesy Bleeping Computer.

Those signing up are offered a 60 percent revenue share of any ransom payments received, however, if the participant is able to generate more victims this can rise to 75 percent. The TOR advert, as translated from Chinese, claims the code is written in C#, is 212kb in size, works against a variety of Windows operating systems, comes with a dual Chinese/English ransom note and interface and comes with an easy to use statistics generator that tracks attacks.

Files are encrypted with RSA 2048+AES algorithm. Targeted files are usually desktop, documents, music and pictures, Bleeping Computer wrote.

There is one caveat. The RaaS provider asks the user to have enough experience pushing malware to keep it away from being uploaded to and spotted by an antivirus service and have the scale to infect at least 10 systems per day.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.