Threat Management, Threat Management

Researcher offers salvation to souls lost to Satan RaaS

PCrisk Founder Tomas Meskauskas posted a step-by-step guide to atonement for those who have fallen victim to Satan ransomware.

Satan is a sinful ransomware-as-a-service (RaaS) allowing disciples to target victims and encrypt files using the unholy RSA-2048 and AES-256 cryptography, condemning victims to pay between $500 and $1,500 to unlock their files while the malware's lords receive a mandatory offering of 30 percent, according to a Jan. 19 blog post.

Lost souls looking to infect users with Satan must create an account and provide the required information as well as download a Bitcoin wallet for the ransomware transactions, after which they are allowed to download the malicious executable file. Satan's domain also features transaction tracking, list of released Satan's versions, and other information to track victims. The RaaS also features ransom notes in English and Portuguese.

Meskauskas offered salvation in the form of a two-step process involving the removal of the virus using safe mode with networking and by removing the ransomware with System Restore. Instructions were tailored to users of Windows XP, Windows 7, Windows 8 and Windows 10 to deliver their devices from evil.

Tripwire Chief Technology Officer Dwayne Melancon told SC Media the prevalence of ransomware-as-a-service illustrates that the barrier to entry for malicious attackers continues to decline and offered advice on how users can avoid becoming infected by the forbidden fruit.

“One of the most effective means of preventing ransomware is to configure all of your users as ‘Standard' users on their desktops and laptops, rather than making them local administrators,” Melancon said. “This approach will mitigate the risk over 90 percent of malicious attacks and exploits, including ransomware.”

The problem is, he said, that Windows' default is to set up new users as Administrator, so only the more security-aware end users are likely to run as a Standard user. Corporate users are more secure since an IT staff can set up users with a standard image, with them configured as Standard users, he added. 

“And, as always, maintaining current, offline or off-site backups is crucial in case you have to recover from a ransomware infection,” Melancon said “Keeping several iterations of backup may be necessary to roll back to a system state prior to the ransomware infection.”

RaaS like Satan also provide more financial opportunities to threat actors, Imperva Chief Strategist Terry Ray told SC Media.

“Attackers are finding it very lucrative to not only steal, then sell data, as they have done in the past, but also create a business impact on the victim post-breach with a remediation service for purchase to grow their bottom line,” Ray said. “Once a business is targeted they will have downtime – whether they choose to pay the ransom or rely on backup systems”

This downtime is expensive to businesses meaning that they may be more likely to submit to the will of the evil doers and pay the ransom, although most researchers agree that victims such resist the temptation to pay as criminals have been known to ignore victims even after they've payed.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.