In the past year, SophosLabs has tracked the steady proliferation of ransomware kits, which people are able to download and use to launch their own attacks, regardless of skill.
Our effort to document the phenomenon, known as ransomware as a service (RaaS), continues today with the publication of a SophosLabs investigation into the marketing and pricing methods used in five different kits.
It’s based on research from Dorka Palotay, a threat researcher in SophosLabs’ Budapest, Hungary, office who specializes in all things ransomware.
The RaaS kits covered are FileFrozr, Satan, RaaSBerry, Stampado and Philadelphia. They share many of the same characteristics, allowing customers to customize their attacks and adjust the pricing as they see fit (though pricing schemes do vary between kits). They are marketed in the same professional manner used by legitimate retailers, and even include such items as help guides.
Sophos also released a paper during the July 2017 Black Hat conference focusing on Philadelphia, a prolific RaaS strain with a particularly slick marketing campaign.
It’s worth noting that Intercept X customers have been consistently protected from attempted attacks that have resulted from the use of these kits.
Resources for fighting ransomware:
- To defend against ransomware in general, see our article How to stay protected against ransomware.
- To learn more about ransomware, listen to our Techknow podcast.
- To protect your friends and family against ransomware, try our free Sophos Home for Windows and Mac.