Ransomware attacks through the use of service providers grew from the second half of 2016, said Venugopal N, director of security engineering for India and Saarc at security solutions firm Check Point

by Shilpa Phadnis

BANGALORE: It's becoming easier and more affordable to turn into a cybercriminal. Ransomware is now being offered as a service — like many cloud services are. Not only can you subscribe to ransomware-as-a-service (RaaS) on what is known as the dark web, the providers will also give you step-by-step instructions on how to conduct an attack. So even a novice can launch sophisticated, and often profitable, attacks.

The dark web is a part of the world wide web that requires special software to access —like Tor or Freenet — and is not indexed by search engines. Once in the network, there are forums of hackers, drug peddlers, and others, who guide people to what they are looking for.

Ransomware attacks through the use of service providers grew from the second half of 2016, said Venugopal N, director of security engineering for India and Saarc at security solutions firm Check Point. "A particular ransomware called Cerber was being offered as a service by 170 people actively last year, and infected nearly 150,000 victims across 200 countries, including India. This number has definitely grown this year," he said.

Once a cybercriminal (service provider) generates the code to a ransomware, it is sold to a user who purchases the package with the intent to hack. The package comes with step-by-step instructions on how to launch the attack, along with a dashboard where the user can monitor the status of the attack.

Ransomware encrypts and locks a victim's device. The victim gets a decoder to unlock the device only if he pays a ransom. Those who urgently need the device are the most susceptible. The ransom is split, usually 50:50, between the developer and the attacker. The developer can make up to $2 million annually, Venugopal said. Cybercriminals are also paying 5% extra for referring their services to others.

While Cerber was the most rampant in the as-a-service programme, accounting for 25% of all attacks, malwares like Satan, Shark, and Hostmen were also prominent. The average ransom asked is about $500 per device, and is usually asked in bitcoins.

According to security solutions firm Symantec, India was one of the top countries to be affected by ransomware till the first half of 2017, accounting for 4% of all attacks. The US led the list with 29%. Check Point said India was also among those most affected by Cerber.

Kartik Shahani, IBM India's head for integrated security, said this method of attack started in 2008 with a malware called Zeus, which was designed to steal banking credentials from the machine it infected. "It was becoming an organised crime with cybercriminals providing support services for Zeus.

The only preventive action possible is for companies to install anti-ransomware solutions that regularly provide patches for gaps in the security system. IBM's Shahani says anti-ransomware-asa-service is a service being provided by white hackers to check vulnerabilities. "Never pay the ransom. Always create a backup, which will ensure that you can reset your systems when attacked," says Check Point's Venugopal.