Gone are the days when ransomware was developed and distributed by skilled cybercriminals. Today, anyone can easily build and launch ransomware as there are only two key requirements – bad intent and access to the dark web, a marketplace where malware kits are advertised the way a traditional online retailer promotes regular items like clothes and shoes.


Users on the dark web are annoymous and protected by a privacy feature baked directly into the Tor browser, which is the browser used to access it. This also means that law enforcement authorities are unable to identify where the websites are, who owns them, who uses them or who to arrest.
The easy access to the dark web is fuelling ransomware-as-a-service (RaaS) distribution models, which essentially enable novice cybercriminals to download and use ransomware. As ransomware is cheap to purchase and spread, it also provides a quicker payout than stealing credit card data or personal information.


One of the most recent, successful example is Philadelphia, a ransomware variant that is easy to customise and deploy, and uses common marketing strategies to reach potential customers. Cybercrooks only have to pay once to get an executable that can generate unlimited ransomware samples.


There is even a production-quality intro video on YouTube, explaining the nuts and bolts of the kit and ways to customise the ransomware with a range of feature options. Hence, with ransomware variants like Philadelphia, criminals with limited technical skills, can easily execute high-quality attack campaigns.


In fact, there are ransomware variants on the dark web delivered via cloud that offer a host of menu options to guide crooks on how much ransom to charge and the distribution spectrum of the attack.


For a ransomware campaign to succeed, attackers must overcome four main challenges:


  1. Setting up a command-and-control server to communicate with victims
  2. Creating ransomware samples
  3. Sending the samples to victims
  4. Managing the attacks by collating statistical information, checking payment etc


Chester Wisniewski, Principal Research Scientist, Sophos shares tips for enterprises to ensure attackers do not cross these challenges successfully:


  1. Understand underground trends and train employees on how the dark web works
  2. Increase the frequency of security monitoring and reporting in the organisation
  3. Patch early and patch often, even if you’re using an unsupported version of XP, Windows 8 or Windows Server 2003
  4. Be vigilant to recognise if employees or customers are being targeted
  5. Use Sophos Intercept X, which is highly effective in stopping ransomware in its tracks.





The Sophos ASEAN Team