A new report by Check Point software's researchers showed that Cerber's Ransomware-as-a-Service (RaaS) affiliate program is a success with more than 160 participants at current count, and that the combined direct sales plus affiliates was almost 200K in July, despite a victim payment rate of just 0.3%.
That puts it on track to make $2.3 million this year, said Maya Horowitz, group manager of threat intelligence Check Point.
Aspiring criminal affiliates create their own campaigns using the Cerber platform and keep 60 percent of the profits. They also have access to user-friendly management tools, Cerber's Bitcoin laundering architecture, and obviously the malcode itself. Every day eight fresh Cerber ransomware campaigns are launched, Horowitz said.
"My assumption is that this means that there will be more and more such services, more and more attacks, even more than today," she said. And she is right. Just this week Symantec reported on a new RaaS that competes with Cerber. The new ransomware -- dubbed Shark -- is currently available for free in underground forums. Novice hackers that use the tool to extort money from victims pay only a 20% cut to the Shark developers.
Check Point researchers identified the IP addresses that infected machines used for data traffic with their C&C servers. They were also able to easily identify that the bad guys are probably based in or near Russia.
"There are no infections in Russian-speaking countries," she said. "And in the configuration of the ransomware, the authors, as default, chose not to operate on machines or PCs that have Russian as their default language."
This is a tried-and-true strategy of not getting picked up by the FSB, today's equivalent of the KGB. As long as you do not hack inside Russia, the Putin kleptocracy leaves you alone.
Follow The Money
What is interesting is that Check Point was able to extract the exact Bitcoin wallets assigned to every victim so that they could track the percentage of people who actually paid the ransom. The next step was to "follow the money" to one ultimate final central wallet through a network of other wallets that are part of Cerber's Bitcoin obfuscation architecture.
"We followed these hundreds of thousands of different wallets," she said. "I think that this is the first time that security researchers can say for sure what percentage of victims pay the ransom."
The people that pay ransom was surprisingly low, compared to earlier estimates by other researchers, but it still pays off handsomely. A small team of four of five specialized cyber criminals can make 300 to 400 grand each per year, which is at least 10 times more than they could make in any legit enterprise where they live.
You wonder if you are in the right business now and then! :-D
Ransomware Hostage Rescue Manual
Get the most complete (updated spring 2016) Ransomware Manual packed with actionable info that you need to have to prevent infections, and what to do when you are hit with ransomware.
Don't like to click on redirected buttons? Cut & Paste this link in your browser: