sb-as logo
Story image

No joke: Ransomware-as-a-Service is a thing

Symantec has uncovered a new type of ransomware being distributed on the cyberundergound, known as Shark.

According to the company’s official blog, the malware’s authors use a Ransomware-as-a-Service business model, freely distributing the ransomware builder to aspiring attackers, but requiring a 20% cut of any ransom payments it generates.

Shark is distributed through a professional looking website that features information about the ransomware and instructions on how to download and configure it. Its authors boast that it is fully customisable, uses a fast encryption algorithm, supports multiple languages, and is “undetectable” by antivirus software.

Customizable threat According to Symantec, options for customisation include choosing which file formats the ransomware should encrypt and setting the ransom amount demanded of the victim. The attacker also enters an email address which is used to notify them when a payload they created has infected a system.

The developers say payment is fully automated and they will take a 2% cut from any ransoms paid. Payment is centralised, meaning any ransom payment is made directly to the developers, who then promise to pass on the attackers’ 80% cut.

Symantec says it does have products that can detect this threat.

Story image
Research: Younger cybersecurity pros more fearful of being replaced by AI
According to the findings, 53% of respondents under 45 years old either agreed or strongly agreed that AI and ML are a threat to their job security, despite 89% of this demographic believing that it would improve their jobs.More
Story image
Digital payments fuelling fraud surge during COVID crisis
Digital payments are fuelling a multibillion-dollar fraud surge worldwide.More
Story image
Entrust launches cloud-based ID issuance solution
The Sigma instant ID solution uses encryption, trusted HSM technology and secure boot to issue highly secure physical and mobile identities.More
Story image
Insider threat report reveals deception in the workforce
Insider threats come from people inside an enterprise, whether they divulge proprietary information with nefarious intentions, or are just careless employees that unwittingly share sensitive data, writes Bitglass product marketing manager Juan Lugo.More
Story image
New project development inhibited by cybersecurity, Kaspersky research states
"There are still some practical steps that can be taken to make sure that an emerging technology or a product reaches its launch. Cybersecurity doesn’t have to be another corporate barrier, but it should be on an integral part of the project all long."More
Story image
Creating private data regulations for employees
Whether employees are hired on a part-time or full-time basis, everyone must know about data privacy regulations. Everyone needs to be responsible for keeping the organisation’s data secure. More