Ransomware as a Service (RaaS): The new growing trend to face5 min read

Ransomware como Servicio (RaaS)

Ransomware como Servicio (RaaS)As if digital threats were just a few, now it pops up Ransomware as a Service (RaaS). Acting with the same principles that govern Cloud services to satisfy business needs for online services; Ransomware as a Service (RaaS) appears to put its hallmark in the already complex panorama of digital threats.

This is the reason why we need to get familiar with the new enemy, and pay attention to its movements. In this sense, it’s wise to know how it works and what it’s looking for; and what are the options we have to prevent finding the dreadfull rescue message sneaking on our monitors.

Ransomware as a Service (RaaS): Main features and modus operandi

In first place; the main and ultimate purpose of Ransomware as a Service (RaaS) is earning money. As simple as that. What makes a difference between ‘classic’ ransomware and Ransomware as a Service (RaaS); is that hackers have discovered, almost by fluke, an incredible niche market to exploit.

Ransomware as Service (RaaS)This is to say, Ransomware as a Service presents the same modus operandi as other ransomware we have  alreay described: Hackers find a security breach in your systems; hijack your sensitive data and ask for ransom in criptocurrency. With this simple but effective algorithm, hackers offer a new range of services in the black market to get rich quick at your expenses.

Everybody can buy Ransomware as a Service (RaaS) in the deep web.  The most popular modality of Ransomware as a Service (RaaS) is selling codes with instructions for novices to create their own versions of ransomware. 

In short, hackers have identified and begun to exploit a commercial niche for a growing audience that demands for means and instructions to start hacking.  Thus, we visualize the big picture of what the future holds in terms of digital security.


Effects of Ransomware as a Service (RaaS), and its most representative forms

Of course, the effects of Ransomware as a Service (RaaS) are negative and unlimited. We do not have to be very bold to predict that we will witness the proliferation of new ransomware versions much more aggressive than their originals.


An example of modified ransomware is Cerber, one of the most notorious and active on its kind (detected by Trend Micro) that attacks Cloud services users; specifically those with Office 360. This ransomware spreads out through email attachments. Once you open it, Cerber encrypts your files with RC4 and RSA algorithms and following, it renames them with the extension CEERBER.

Also, this ransomware sells itself with first-line marketing strategies: Displays a text file with step-by-step instructions for purchasing the software called Cerber Decryptor; which supposedly decrypts your locked files. Additionally, it presents a curious feature that points to collect a wider spectrum of victims: Cerber cointains a VBS file that allow victims to hear the instructions for purchase.

Cerber was probably created in Russia. Experts belive so because it also cointains a list of countries to automatically deactivate; and among those countries, ex-members countries of Soviet Union count.

A new whole family of dangerous versions were created from Cerber.  Here are some:

  • Cerber3 Ransomware
  • RansomwareCerber 4.0
  • Cerber6 Ransomware
  • Ransomware CerberTear


Another example of Ransomware as a Service (SaaS) is Karmen. Karmen derives from the open source ransomware Hidden Tear.  It was released for educational purposes in August 2015 by Turkish security researchers Utku Sen.

As the previous ransomware, Karmen also has its distinctive hallmark. It consists in its capability of detecting security environment isolation or any other type of digital security analysis. In other words, if Karmen detects digital security systems; it automatically eliminates its decrypting software.  Karmen costs $ 175.


Another example of Ransomware as a Service (RaaS) is Philadelphia. Its preferred target are hospital in the US. Philadelphia infects and spreads out with the same principles of phishing attacks.

Philadephia is a little more sophisticated: It sends an email holding the name of a senior member of the organization. As the email copycats the institution’s formal format, the employee who receives the email clicks with confidence the link embedded in the message. With that simple action, the malicious software activates.

Philadephia’s hallmark is advertising. It has tutorials and videos that explains in detail its features and scope, like if was a legit product or service.

Thus, anyone with Internet access and $400 can buy and configure each and every one of its features, included PDF reports and tracking worldwide the infected mchines by using Google Maps. This software is attributed an organization called The Rainmakers Labs, according to information contained in the video.


What to do if you -anyway- result a victim of Ransomware as a Service (RaaS) attack

If for bad luck you get the Ransomware lottery ticket, the first thing you must avoid doing is paying for the ransom; even if you have the means and the need to recover your sensitive data.

The reason is simple: You will never be totally sure that hackers actually have the intention to release your data once they receive your payment.

On the other hand; paying ransom feeds the cycle because with your money they finance themselves to further develop new versions of ransomware.

Also, check what Vulnerability Management tools have to help you to move forward. After all, a zero day vulnerability is also an opportunity to rethink what you do in terms of digital security for your company.

Additionally, you can also implement these recommendations to protect your company from ransomware attacks:

  • Make regular backups of your files and sensitive data. Having them available allows you to restore your original information without paying for it, and free of damage.
  • Avoid websites with inappropriate content as those with ‘cracked’ versions and unaccredited free downloads. These are the favorite places for hackers to plant their programs and reach your systems.
  • Discard emails with suspicious attachments or extensions.
  • Employ a good combination of antivirus + digital security scanner.

If you follow these recommendations and implement the correct software for digital security, you offer more barriers to keep your digital assets away from the tentacles of hackers. Contact us here to help you choose your best options in digital security.

Did you like this information? Share it with your colleagues:
Scroll to top