Ransomware as a service (RaaS) continues to be a booming business with entrepreneurs working in this illegal space hauling in a nifty profit and continuing to roll out new types on a regular basis.
Check Point released a study Tuesday that looked at Cerber and how it is being used as the key product in a RaaS scheme that netted at least $195,000 just in the month of July for its users and is so simple to use even a novice could easily launch himself into the ransomware business. Meanwhile, Symantec reported the appearance of a new ransomware threat, dubbed Shark, being distributed as freeware with a requirement that a portion of the ill-gotten gains be handed over to its creators.
The research firm found the profits were generated by 161 active Cerber campaigns infecting about 150,000 victims with many in South Korea and the United States. The business model has the malware's authors receiving about 40 percent of the profits with the remainder being split by the groups that handle distribution. This means users don't have to lay out any money upfront and are guaranteed to make money on every victim.
The group behind Shark is using the same different business model offering its ransomware as freeware, but its set up forces the distributor to channel any ransom payments through the main organization. This enables the creators to skim 20 percent of the take as their own, Symantec wrote.
Maya Horowitz, group manager for Check Point's threat intelligence division, told SCMagazine in an emailed statement that Cerber is the leading RaaS product on the market and there is no sign of RaaS going away any time soon.
“RaaS works, and earns the entire business a lot of money. We see no reason for this concept to evaporate any time soon,” she said.
While ransomware is generating income for the cybergangs, the Check Point report found the number of victims who actually pay the ransom is very small. About 3 percent do so with an average payment of $500. The top countries for purchasing the decoder are Australia, Canada, Great Britain, the United States, Germany, France, Italy, and India.
Other findings include Cerber's origin. Check Point believes it is a Russia-based service citing the fact that some of the RaaS advertisements are written in Russian and that the malware does not target Armenia, Azerbaijan, Belarus, Georgia, Kyrgyzstan, Kazakhstan, Moldova, Russia, Turkmenistan, Tajikistan, Ukraine and Uzbekistan.