Ransomware-as-a-Service Will Bring Chaos to Everyone

Gavin Phillips 21-02-2017

Ransomware is evolving A History of Ransomware: Where It Started & Where It's Going Ransomware dates from the mid-2000s and like many computer security threats, originated from Russia and eastern Europe before evolving to become an increasingly potent threat. But what does the future hold for ransomware? Read More . I hear you cry “Evolving again?” To which I say, “Yes, friends, and you’d better watch out…” Because this time, ransomware is moving from its roots 3 Essential Security Terms You Need to Understand Confused by encryption? Baffled by OAuth, or petrified by Ransomware? Let's brush up on some of the most commonly used security terms, and exactly what they mean. Read More as the tool of criminals and malefactors into a worrying service industry.


Very soon there will be a defined line between ransomware creators, and those who distribute ransomware to the wider public. In some quarters, ransomware-as-a-service is advertised as an educational tool. In others, it is simply a means to an end, as the ransomware merchant collects 20 percent of the ransoms received.


The proliferation of easy-to-access is a win-win situation for malware developers and distributors. It is utterly abhorrent for just about anyone else The Ultimate Ransomware Website You Should Know About Ransomware is a growing threat, and you should do everything you can to prevent it. Whether you need info or need help after being hit by ransomware, this awesome resource can help. Read More . Malware variants have long been sold, and not only to the highest bidder. Commoditized malware distribution networks shouldn’t be a surprise, and Pay-per-Install services have long played an integral part in the modern malware marketplace.

Miscreants simply determine the raw number of victim systems (including specific geographical distribution, if desired) that fits within their budget, supply a PPI service with payment and malware executables of the miscreants’ choice, and in short order their malware is installed on thousands of new systems. In today’s market, the entire process costs pennies per target host — cheap enough for botmasters to simply rebuild their ranks from scratch in the face of defenders launching extensive, energetic, take-down efforts. — Measuring Pay-per-Install: The Commoditization of Malware Distribution, IMDEA Software Institute

Ransomware is an obvious choice for criminal development. Given the almost unparalleled difficulty of removing a crypto-ransomware infection Beat Scammers With These Ransomware Decryption Tools If you've been infected by ransomware, these free decrypting tools will help you unlock and recover your lost files. Don't wait another minute! Read More along with the immediate, direct, and essentially untraceable payment method of Bitcoin Cybercrime Goes Offline: The Role of Bitcoins In Ransom and Extortion Read More , ransomware-as-a-service (RaaS) has been on the cards for some time.


Independent malware researcher @Xylit0l discovered the Satan ransomware. This variant used RSA-2048 and AES-256 cryptography, making it essentially — at least with current computing power — unbreakable. Despite the extremely strong encryption, Satan was otherwise unnoteworthy, asking for a ransom between $500 to $1,500, to be paid in Bitcoin. However, research shows that the Satan ransomware distributors didn’t actually make good on a payment, illustrating the danger of dealing with criminals.


Further investigation revealed that Satan was ransomware-as-a-service, offering a free-to-use ransomware kit. A potential user would only have to register an account on the site before gaining access to the ransomware kit. The ransomware developer only asks that the distributor agrees to part with 30 percent of the revenue generated by the kit. Below is the Satan ransomware login page, complete with the 30 percent fee “contract.”

Ransomware-as-a-Service Will Bring Chaos to Everyone Ransomware as a Service Satan

It is a comprehensive service, too, not stopping with just the ransomware. The Satan RaaS site came with detailed instructions on how to create a gateway proxy to assure anonymity, how to make an encrypted dropper, translation services, an account overview page, notes for victim tracking, and a message board.


Ransomware-as-a-Service Will Bring Chaos to Everyone Ransomware as a Service Satan Dropper Creator

Is the Satan Ransomware Demonic?

While the threat offered by ransomware varies from strain to strain, it is important to understand how dangerous even a free kit can be.

Cylance completed a comprehensive tear-down of the Satan ransomware. They discovered that “the actual binary is encrypted and contains a lot of anti-debugging and anti-analysis techniques to make dynamic and static analysis difficult. Most likely, malware authors already have a readily available library for these techniques that they include in their malware, since they have been seen in other malwares before.”

Ransomware-as-a-Service Will Bring Chaos to Everyone Satan ransomware Joe Security scan
Image Credit: SC Magazine


The Satan ransomware may well be free, but it is a professionally developed piece of advanced malware being unleashed into the hands of children. I’m not even going to pose the questions of responsibility and morality, because I think we can agree they are both moot.

Satan Came With Friends

Satan isn’t the only RaaS out there. There are at least eight other services, offering different ransomware kits and demanding a cut.

These options represent a serious problem. The entry bar for advanced ransomware is now extremely low. Furthermore, there is no guarantee that encrypted files will be returned 5 Reasons Why You Shouldn't Pay Ransomware Scammers Ransomware is scary and you don't want to get hit by it -- but even if you do, there are compelling reasons why you should NOT pay said ransom! Read More once the ransom is paid.

Service Continues As Normal

Cybercrime continues to evolve. The immerging ransomware-as-a-service market illustrates the highly-organized business-orientated approach being applied to malware. Not only has ransomware developed into an easily saleable product (that can be packaged with other cybercrime and/or hacking products), it is easier than ever to gain access to extremely powerful, truly destructive malware.


Moving forward, the potential for disruption to almost everyone is difficult to gauge. What if it creates an ultra-competitive ransomware black market where the top developers seek to outshine their competitors? We may be facing an unprecedented tranche of advanced ransomware. Of course, this is all just hypothetical.

However, the smart (ransom) money says, at the very least, there will be more ransomware coming our way.

Are you worried about ransomware? What about the people distributing it? Do they have a moral responsibility to keep it to themselves? Let us know your thoughts below!

Image Credits: Monkey Business Images/Shutterstock

Related topics: Online Security, Ransomware.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *