Ransomware-as-a-Service (RaaS) portals have been creating havoc for a while now whenever they were launched. To an average person, cyber crime is known to be associated with theft, stealing of money or data which can be sold for profit. These threats are prevalent, and people should be aware of being precocious.
What is an RaaS?
However, it’s a misjudgment to say that the hackers only deal with money. Extortion has been hiking up recently where the cyber criminals started stealing the data and the scams that involve the theft of data are called ransomware thefts which involve a software or a kind of free Login generator that can encrypt the files of a network or computer and then demand the victim to pay the price. Ransomware-as-a-Service implies coders selling the required data to normal individuals by creating different forms of malware.
Ranion, a new Ransomware
One such portal has been recently launched which is accessing a distribution network through the Dark Web. This Ranion ransomware is fully working and therefore is selling the required information for an extremely low price. Known as Ranion, this new RaaS service has been discovered by a researcher, Daniel Smith of Radware Security.
He indexed this particular RaaS on the Dark Web through the URL indexing service. When inquired, it has been claimed that the RaaS is created for ‘Educational Purposes’. The hacker group involved in designing this RaaS is now selling the access to the distribution network for very low prices say $960/year and $605/6 months which are less than 1 Bitcoin.
Extraction of Data through Ranion
According to the crew, each buyer of the Ranion will receive immediate access to the distributed network which is pre-configured and which works on 32 and 64 bit Windows devices. They can also additionally gain access to a Backend panel that is being hosted on (.onion site) Tor hidden service. Ransomware.exe will encrypt all the files irrespective of the formats within a PC (usually it searches for the files used on C-Z HDDS) using a key AES256 which will be sent to your Dashboard.
When done, it will create various README files on your desktop in different languages right from English, Russian, Germany, French, Italian along with a banner message that gets executed when you boot the device. The Ransomware is not designed to destroy the PC even when it is a malware and it encrypts the .exe files as they won’t be encrypted without your permission.
Data formats Supported by the Ranion
The Ranion as a RaaS, targets particular file formats of the user data. It has been said that the formats were limited before and are recently extended and listed with new extensions. They include:
.txt, .rtf, .doc, .docx, .xls, .xlsx, .ppt, .pptx, .odt, .ods, .jpg, .jpeg, .png, .bmp, .csv, .sql, .mdb, .db, .accdb, .sln, .php, .jsp, .asp, .aspx, .html, .htm, .xml, .psd, .cs, .java, .cpp, .cc, .cxx, .zip, .pst, .ost, .pab, .oab, .msg
Ranion Vs. Antivirus Software
The Ranion developer gang says that it goes undetected even with the finest of the Antivirus products and can only be restrained by the few best antivirus software. Also, the RaaS doesn’t take anything from the payments of the buyers but usually gains from the service task which ranges between 20% and 60% from the payment on the top of the rental fee.
It’s because of the cheaper and optimized business model, it started attracting buyers, and the RaaS started gaining the limelight. To avoid it turn out into a scam and to dispell the rumors, the crew is also allowing buyers test the service first before buying which rather is a brave move.
Decryption and Encrypted Data through Ranion
The buyers are also provided with information including the workstations’ usernames, AES decryption keys of every victim and also the infected computer IDs’. If the victim pays, the RaaS gives another decrypter than ables the user to recover the files. The Ranion customers can also customize the ransomware by sending the details to the authors like the Bitcoin address to pay the ransom and also the email address where they can be reached out.
The payment through Bitcoins allows the ransomware bypass the antivirus software, and once the transaction is done, the customer will be provided with two links. One link that gives the access to the backend panel and another to download the binary with settings and the decrypter to unlock the files.
So RaaS is already making it’s way to turn out most dangerous way to spread Ransomware around the world at low price. The service is being sold at low prices and the sellers say that it’s just for educational purposes. Keep visiting our Ransomware News section to stay updated with latest Ransomware.