New ransomware-as-a-service caters to cybercriminals with commercial expansion

Image credit: Pixabay (Image credit: Pixabay)

New evidence suggests that the popular Play ransomware is now being rented out to cybercriminals.

Known as ransomware-as-a-service (RaaS), cybercriminals can pay to use the malware itself alongside the infrastructure needed to pull off an attack.This is a relatively new phenomenon and can provide a steady stream of revenue for malicious cyber gangs.

Security firm Adlumin has been tracking various attacks across multiple industries all leveraging the Play ransomware and found striking similarities between the attacks, suggesting it is being offered in the RaaS format. The similarities between separate attacks included copied passwords in the creation of high-privilege accounts and the same folders used for malware delivery.


In a report, Adlumin stated, “The unusual lack of even small variations between attacks suggests that they are being carried out by affiliates who have purchased the ransomware-as-a-service (RaaS) and are following step-by-step instructions from playbooks delivered with it.

“When RaaS operators advertise ransomware kits that come with everything a hacker will need, including documentation, forums, technical support, and ransom negotiation support, script kiddies will be tempted to try their luck and put their skills to use.”

RaaS has been highlighted by multiple threat intelligence organisations as a growing sector within cybercriminal enterprise, as highly organized cyber gangs rent out their infrastructure, tactics, techniques and procedures to fledgling groups or individuals looking to make some money without the necessary investments in their own architecture.

In the wake of some ransomware attacks, cybercriminals have been known to leverage stolen data by threatening to sell/release it as a means of further extorting organizations and forcing them to pay. The US, alongside a number of other leading economies, recently signed a pledge to never pay a ransom to cybercriminals again.

Via The Hacker News

More from TechRadar Pro

Benedict Collins
Staff Writer (Security)

Benedict Collins is a Staff Writer at TechRadar Pro covering privacy and security. Before settling into journalism he worked as a Livestream Production Manager, covering games in the National Ice Hockey League for 5 years and contributing heavily to the advancement of livestreaming within the league. Benedict is mainly focused on security issues such as phishing, malware, and cyber criminal activity, but he also likes to draw on his knowledge of geopolitics and international relations to understand the motives and consequences of state-sponsored cyber attacks.

He has a MA in Security, Intelligence and Diplomacy, alongside a BA in Politics with Journalism, both from the University of Buckingham. His masters dissertation, titled 'Arms sales as a foreign policy tool,' argues that the export of weapon systems has been an integral part of the diplomatic toolkit used by the US, Russia and China since 1945. Benedict has also written about NATO's role in the era of hybrid warfare, the influence of interest groups on US foreign policy, and how reputational insecurity can contribute to the misuse of intelligence.

Outside of work Ben follows many sports; most notably ice hockey and rugby. When not running or climbing, Ben can most often be found deep in the shrubbery of a pub garden.