Threat Research

SophosLabs: a look at 5 Ransomware as a Service (Raas) kits

A SophosLabs investigation into 5 RaaS kits

In the past year, SophosLabs has tracked the steady proliferation of ransomware kits, which people are able to download and use to launch their own attacks, regardless of skill.

Our effort to document the phenomenon, known as ransomware as a service (RaaS), continues today with the publication of a SophosLabs investigation into the marketing and pricing methods used in five different kits.

It’s based on research from Dorka Palotay, a threat researcher in SophosLabs’ Budapest, Hungary, office who specializes in all things ransomware.

The RaaS kits covered are FileFrozr, Satan, RaaSBerry, Stampado and Philadelphia. They share many of the same characteristics, allowing customers to customize their attacks and adjust the pricing as they see fit (though pricing schemes do vary between kits). They are marketed in the same professional manner used by legitimate retailers, and even include such items as help guides.

The article comes a month after the release of our 2018 Malware Forecast, which focuses heavily on the increase of RaaS, and of a graphic showing the top ransomware families of the past six months.

Sophos also released a paper during the July 2017 Black Hat conference focusing on Philadelphia, a prolific RaaS strain with a particularly slick marketing campaign.

It’s worth noting that Intercept X customers have been consistently protected from attempted attacks that have resulted from the use of these kits.

Resources for fighting ransomware: