Satan ransomware was first detected to infect computer users in January this year. It is a known fact that the threat could be used as ransomware-as-a-service (RaaS) platform.
А new discovery on the case made by security researcher Xylitol shows that the creators of Satan ransomware have launched the malware on the Dark Web market. Releasing the malicious software on the public is yet another way for them to make money. The Satan ransomware-as-a-service platform allows the creation of a customized Satan ransomware version of anyone who wants to be criminal.
Image Source: Xylitol
How Could Cyber Criminals Get the Satan RaaS?
First, they need to access the Dark Web and find the offer. To start making their own viruses they need to register on the Satan malware site.
Once they get the platform, they need to connect a Bitcoin wallet to their account. The steps that follow allow cyber attackers to “create the malware”. The options allow customization of the ransom amount (in BTC) and setting particular period and times of ransom multiplying. The platform has additional features that allow the creation of droppers and notices related to the victims. The ransom note could be translated into different languages. Furthermore, the creators of Satan RaaS offer update services.
After passing the main settings, cyber attackers could download the malicious executable files and start infecting computer users.
Yet the deal has its price. The developers of the service gain 30% of each income that is generated through campaign made by their Satan RaaS platform.
The Satan sign-up page:
“Satan has initial fee of 30% over the victim’s payment, however, this fee will get lower as you get more infections and payments. All of the user transactions are covered by the server, you will always get what the victim paid, minus the fee of course.”
What Should Computer Users Expect?
Since Satan ransomware-as-a-service is available to Dark Web users, the risk of Satan ransomware infection is increased. The threat hides high as once its malicious payloads are running on the computer it could encrypt various target files and make them useless. Is there a way to decrypt compromised data? Have a closer look at Satan ransomware.
