Cybercrime-as-a-service at an all time high!

Register now

Beginning of the millennia, we could hardly go by one day without reading about a newly concocted offering based on the ‘as-a-service’ model. Today, we have Software-as-a-Service (SaaS), infrastructure-as-a-service (IaaS) and even Cybersecurity-as-a-Service (CaaS, which not-so-coincidentally happens to also be the slogan of ITrust).

The list goes on as the expression has expanded to refer to almost any type of service being made available over the Internet and within the reach of enterprises of all sizes and budgets.

While this is nothing new to you, dear reader, know that there is one more technology out there that the general public is not yet as familiar with. For the sake of aesthetics, we shall call it Cybercrime-as-a-Service (CaaS). Yes, indeed, in this day and age, in order to hack someone, one doesn’t necessarily need to be a hacker him or herself. A limitless array of tools, from mere exploit kits to more complex malware, are readily available to help amateurs launch their own cyber-attacks.

According to a DNS threat index released by Infoblox in 2016, the CaaS trend is expanding at an explosive pace. This particular index measures the number of existing malicious websites offering cybercriminal-wanna-be’s a hacking-made-easy toolkit. As it turns out, 2016 stood out with an impressive spur of growth as opposed to previous years, with an index 7 percent higher than the one recorded in 2015.

Here’s another interesting fact: until recently, the majority of domains created for cybercrime were registered in the U.S, but five other countries managed to wiggle their way to the top. These are Portugal, Russia, Netherlands, the U.K. and Iceland, and in the case of each of them, the CaaS presence is overwhelming. That being said, American-registered domains still account for almost half of all new malicious domains (41 percent).

On a different note, the same study showed that the hottest growth segment in the hacking-served-on-a-platter area is *drumroll please* ransomware! It’s estimated that last year alone, ransomware scams cost victims nearly $1 billion. The number of ransomware domains tracked in the DNS Threat Index has increased 35 times since 2014.

It’s become clear that ransomware has hit the proverbial jack pot — not just in the sheer number of malicious websites involved, but also in the scale of attacks and in the nature of their targets. It’s almost something natural nowadays to hear about a data hostage situation associated with a small-scale attack aimed at duping individual consumers. Slowly, but surely, ransomware attacks conceived as a service, will become just as commonplace.


When taken on its own, ransomware is already quite effective, typically infecting computers through spam email or infected web sites. We don’t need to run you through every step, we’ve done so it countless other articles (see here and here). Suffice to say just that ransomware encrypts files in the victim’s system and then asks the user for a certain amount of money in exchange for the decryption key.

Now, Ransomware-as-a-Service (RaaS), on the other hand, takes the cyber-villain bar and puts it at an all time high. We’ve already established that black hat hackers have their own business model, always on the lookout for new and ingenious ways to increase their revenues, all the while cutting costs (if you missed out on that one, click here). Well, RaaS does all that and more.

While its beginnings were modest, malicious service offerings as we know them today have proven to be… quite scary. But we’re getting ahead of ourselves. For starters, let’s take Stampado, which it encompasses the original, yet more mellow, RaaS offering. The creators of this particular ransomware offer access to it through means of a lifetime license, at the very attractive price of ‘just $39.99’.

This special offer instantly tapped the black market, by proposing incredibly low prices as opposed to other more well-known ransomware strains such as Locky. Indeed, Stampado tapped the RaaS on a budget market, but just as low-cost airlines, it doesn’t come with all the perks of the original Cryptolocker. Nevertheless, inexperienced evildoers won’t even notice the difference.

Then there’s Ranion, a RaaS discovered by security researcher Daniel Smith. This particular malicious actor guarantees access to a ransomware distribution network hosted on the Dark Web, only this time there’s a time limitation and two price offers given accordingly: 0.95 Bitcoin/year ($960/year) or 0.6 Bitcoin/6 months ($605/6 months). According to our source, Ranion seems to have been created for ‘educational purposes only’, but we find hard to believe seeing how there’s never sure telling with data hijackers.

Nonetheless, thanks to this easy buy-in, the RaaS business model has only continued to grow more refined. Which brings us to our final variant of the Ransomware-as-a-Service model – and the worst. The first of its kind was revealed in the beginning of 2017 and involves a devilish strategy. In this particular case, operators monetize their ransomware by enabling its download via a free signup. Once it’s available on an onion platform, less experienced hackers will jump at the occasion to test this DIY malicious kit.

From a ‘buyer’s’ perspective, this type of offering is particularly more attractive than Stampado or Ranion, for instance, since it unlocks the pay-as-you-go option. There is, however, a catch. Once this network of distributors starts infecting people, the creator puts aside for each new victim a share of the ransom. And as the distribution network grows, so does the profit of those having launched the operation to begin with.

(About the author: Cristina Ion is community manager for iTrust and Reveelium. This post originally appeared on her Reveelium blog, which can be viewed here).

For reprint and licensing requests for this article, click here.