Categories: Ransomware

“Ransomware as a Service” Provide SATAN Ransomware in Dark web to Make Money

Security researcher Xylitol Discovered a new Ransomware as a Service, or RaaS, called Satan.This administration permits any wannabe criminal to enroll a record and make their own one of a kind tweaked variant of the Satan Ransomware.
Once the ransomware is made, it is then up to the criminal to decide how they will disperse the ransomware, while the RaaS will handle the payoff installments and including new components.

Dark web Link :” http://satan6dll23napb5.onion “

For this administration, the RaaS designer takes a 30% cut of any installments that are made by casualties. As indicated by the ad for the Satan RaaS, the designer will diminish their cut contingent upon the volume of installments got by a partner.

It’s all very business as usual, apparently, with the Satan RaaS system going as far as to offer record-keeping functionality like fee payment records and transaction tracking.

Satan RaaS customers even have access to customer-relationship management (CRM) features like the ability to attach notes to victim records, and technical support in the way training and instructions.

Satan RaaS customers agree to pay its developers up to 30 percent of the “revenues” generated from ransom payments. According to the Satan sign-up page, “Now, the most important part: the bitcoin paid by the victim will be credited to your account. We will keep a 30 percent fee of the income,

so, if you specified a 1 BTC ransom, you will get 0.7 BTC and we will get 0.3 BTC. The fee will become lower depending on the number of infections and payments you have.”

The Satan RaaS

When a person first goes to the Satan RaaS they will be greeted with a home page that describes what the service is and how a criminal can make money with it.

Once a user registers an account and logs in, they will be greeted with an affiliate console that contains various pages that they can use to help distribute their ransomware.

These pages are the Malwares, Droppers, Translate, Account, Notices, and Messages pages.

The first page that is shown when someone logs in is the Malwares page, which allows a criminal to configure various settings of their very customized version of the Satan Ransomware. In terms of customization, there is not really many options.

A user can specify the ransom amount, how much it goes up after a certain amount of the days, and the amount of days that the ransom payment should increase.

The Satan platform contains a number of other features including fee payment records, transaction tracking, Satan version releases, and dropper creation.

Users can also create “notes” related to their victims, learn about how to set up gateway proxies, and are given instructions on how to test their malware on a physical machine.

Lastly, Satan’s creators warn users not to upload their malware to VirusTotal or other online scanners — as doing so will give white-hat researchers the code sample required to update and protect Windows machines from the threat.

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

View Comments

Recent Posts

Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks

Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting victims…

8 hours ago

Python NodeStealer: Targeting Facebook Business Accounts to Harvest Login Credentials

The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ advanced…

8 hours ago

XSS Vulnerability in Bing.com Let Attackers Send Crafted Malicious Requests

A significant XSS vulnerability was recently uncovered in Microsoft’s Bing.com, potentially allowing attackers to execute…

11 hours ago

Meta Removed 2 Million Account Linked to Malicious Activities

 Meta has announced the removal of over 2 million accounts connected to malicious activities, including…

14 hours ago

Veritas Enterprise Vault Vulnerabilities Lets Attackers Execute Arbitrary Code Remotely

Critical security vulnerability has been identified in Veritas Enterprise Vault, a widely-used archiving and content…

15 hours ago

7-Zip RCE Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability has been disclosed in the popular file archiving tool 7-Zip, allowing…

15 hours ago