Wednesday, April 5, 2017

Dangerous Platform: Encrypted C-based RaaS

Wapack Analysts are researching a C-based Ransomware-as-a-Service (RaaS), that uses AES256 encryption, remains undetected against any antivirus, and is a dangerous ransomware platform being distributed on several, high-profiled underground forums. Unlike other ransomware services that charge users a percentage of the ransom payment, this C-based RaaS charges an up-front fee to use the service. It provides three packages for RaaS services; all which provide access to a C-based Fully Undetectable (FUD) ransomware and a crypter with TOR based C&Cs and panel.

Wapack Labs has cataloged and reported extensively on ransomware in the past. An archive of related reporting can be found in the Red Sky Alliance portal.